Home/Tag/Espionage

Espionage

27 articles tagged with "Espionage"

Malware4 min read

APT28 Deploys PRISMEX Malware Against Ukraine and NATO Allies

Russian GRU's APT28 uses new PRISMEX malware suite with steganography and COM hijacking to target Ukraine defense and NATO logistics. Includes wiper capability.

James RiveraApr 10, 2026

Threat Intelligence3 min read

Phantom Taurus Deploys Net-Star Backdoors Across Africa

Unit 42 exposes Phantom Taurus, a Chinese APT targeting embassies and foreign ministries with fileless NET-STAR malware. The group resurfaces within hours after discovery.

Alex KowalskiApr 4, 2026

Malware4 min read

Speagle Malware Hijacks Cobra DocGuard to Hunt Missile Data

New infostealer parasitizes legitimate document security software, exfiltrating data through trusted server infrastructure. Targets include Dongfeng-27 ballistic missile documents.

James RiveraMar 21, 2026

Threat Intelligence4 min read

Russia-Linked DRILLAPP Backdoor Weaponizes Edge Browser Debugging

New JavaScript backdoor targets Ukrainian entities using Microsoft Edge's debugging features for stealth. S2 Grupo links campaign to Laundry Bear threat group.

Alex KowalskiMar 17, 2026

Threat Intelligence5 min read

Chinese APT Targets Qatar Within Hours of Middle East Escalation

Camaro Dragon weaponized missile strike lure documents to deploy PlugX backdoor against Qatari targets, exploiting Operation Epic Fury tensions for access.

Alex KowalskiMar 15, 2026

Threat Intelligence5 min read

APT37 Deploys Five New Tools to Breach Air-Gapped Networks

North Korean APT37's Ruby Jumper campaign uses RESTLEAF, THUMBSBD, and FOOTWINE malware to exfiltrate data from isolated systems via USB drives.

Alex KowalskiMar 15, 2026

Threat Intelligence4 min read

Salt Typhoon Affiliate Hits Telecoms in 30+ Countries With TernDoor

China-linked UAT-9244 deploys TernDoor backdoor and peer-to-peer implants against telecom infrastructure across South America, North America, and Europe.

Alex KowalskiMar 13, 2026

Threat Intelligence4 min read

APT28 Uses BEARDSHELL and COVENANT to Spy on Ukraine

Russian GRU-linked APT28 deploys BEARDSHELL and COVENANT implants for long-term surveillance of Ukrainian military personnel. ESET research reveals cloud storage abuse for C2.

Alex KowalskiMar 10, 2026

Threat Intelligence4 min read

SloppyLemming Espionage Campaign Targets South Asian Governments

India-linked APT deploys BurrowShell backdoor and Rust-based RAT against Pakistan nuclear agencies, Bangladesh banks, and Sri Lankan government. 112 C2 domains identified.

Alex KowalskiMar 8, 2026

Threat Intelligence4 min read

CRESCENTHARVEST RAT Targets Iranian Protest Supporters

New espionage campaign uses protest-themed lures and Chrome DLL side-loading to deploy RAT malware against Iranian diaspora, activists, and journalists.

Alex KowalskiFeb 22, 2026

Threat Intelligence4 min read

Germany Warns of Signal Phishing Targeting Officials

Germany's BfV and BSI issued a joint advisory warning of state-sponsored phishing campaigns targeting politicians, military officials, and journalists through Signal's device linking feature.

Alex KowalskiFeb 12, 2026

Threat Intelligence4 min read

Iran's Infy APT Drops Tornado v51 After Internet Blackout

SafeBreach tracks Infy APT deploying Tornado v51 malware with blockchain-based C2 after Iran's internet blackout, confirming state sponsorship ties.

Alex KowalskiFeb 8, 2026

Threat Intelligence5 min read

Shadow Campaigns: Spies Breach 70 Orgs in 37 Nations

Asia-based APT TGR-STA-1030 compromised 70+ government and critical infrastructure targets across 37 countries using eBPF rootkits and Cobalt Strike.

Alex KowalskiFeb 7, 2026

Threat Intelligence3 min read

APT28 Weaponized Office Zero-Day in Three Days Flat

Operation Neusploit saw Russia's APT28 exploit CVE-2026-21509 against 60+ Ukrainian targets within 72 hours of Microsoft's disclosure, delivering MiniDoor and BEARDSHELL backdoors.

Alex KowalskiFeb 5, 2026

Threat Intelligence3 min read

RedKitten Malware Targets Iranian Protest Documenters

French researchers uncover SloppyMIO, an AI-assisted malware campaign using fabricated victim lists to target individuals documenting human rights abuses during Iranian protests.

Alex KowalskiJan 31, 2026

Data Breaches5 min read

Ex-Google Engineer Convicted in First US AI Espionage Case

Federal jury convicts Linwei Ding on 14 counts of economic espionage and trade secret theft for stealing Google's AI infrastructure secrets for China.

Sarah MitchellJan 31, 2026

Threat Intelligence4 min read

Mustang Panda Upgrades COOLCLIENT With Browser Credential Theft

Chinese APT adds clipboard monitoring, browser stealing, and enhanced plugins to its long-running backdoor. Government entities in Asia remain primary targets.

Alex KowalskiJan 29, 2026

Threat Intelligence4 min read

Russia's Fancy Bear Running Low-Cost Credential Theft Across Three Continents

Recorded Future tracks APT28 harvesting credentials from energy, defense, and government targets in the Balkans, Middle East, and Central Asia using free hosting infrastructure.

Alex KowalskiJan 22, 2026

Threat Intelligence4 min read

Iran-Linked Hackers Target Middle East Officials via WhatsApp

APT42 campaign compromises government ministers, activists, and journalists through fake login pages and real-time surveillance capabilities.

Alex KowalskiJan 18, 2026

Threat Intelligence4 min read

Russian Hackers Target Ukraine Military With Fake Charities

Void Blizzard deploys PLUGGYAPE backdoor through Signal and WhatsApp, impersonating charitable organizations to compromise Ukrainian defense forces.

Alex KowalskiJan 15, 2026

Threat Intelligence5 min read

Salt Typhoon Breaches Congressional Committee Staff Emails

Chinese state hackers accessed email accounts of House staffers working on China, foreign affairs, and defense. The intrusion was discovered in December.

Alex KowalskiJan 12, 2026

Threat Intelligence4 min read

Cisco Talos Exposes UAT-7290: China APT Targeting Telecoms

Newly disclosed threat actor compromises telecom providers in South Asia and Southeastern Europe, establishing relay infrastructure for other Chinese APT groups.

Alex KowalskiJan 8, 2026

Nation State4 min read

Silk Typhoon: Chinese APT Escalates Attacks on US Government and IT Supply Chain

Microsoft and CrowdStrike warn of intensified Silk Typhoon operations targeting US government agencies and IT supply chains, with 150% increase in China-linked intrusions.

Alex KowalskiJan 6, 2026

Threat Intelligence4 min read

Silver Fox APT Impersonates Indian Tax Officials in Espionage Campaign

CloudSEK identifies Chinese threat group Silver Fox targeting Indian organizations with phishing emails disguised as income tax department communications.

Alex KowalskiDec 31, 2025

Threat Intelligence5 min read

Iranian Infy APT Resurfaces After Five Years with Telegram-Based C2

SafeBreach uncovers new Prince of Persia campaign using updated Foudre and Tonnerre malware, now leveraging Telegram for command and control.

Alex KowalskiDec 23, 2025

Threat Intelligence5 min read

LongNosedGoblin: New China-Aligned APT Abuses Group Policy for Espionage

ESET researchers discover sophisticated threat actor targeting Southeast Asian and Japanese governments using Windows Group Policy for lateral movement.

Alex KowalskiDec 19, 2025

Threat Intelligence4 min read

China-Linked Ink Dragon APT Targets European Governments with ShadowPad

Sophisticated threat group escalates operations against European government entities using relay networks that route attacks through multiple victim organizations.

Alex KowalskiDec 17, 2025