Shadow Campaigns expands global espionage reach to 37 countries

February 8, 2026 at 07:56 AM

•

1 min read

Shadow Campaigns expands global espionage reach to 37 countries — Photo: BleepingComputer

TL;DR Summary

A state-sponsored actor tracked as TGR-STA-1030/UNC6619, dubbed Shadow Campaigns, has compromised government and critical-infrastructure networks in 37 countries since early 2024, with reconnaissance activity touching 155 nations. The operation uses tailored phishing with a Diaoyu loader, exploits across multiple platforms, and a toolkit including Cobalt Strike, VShell, web shells, and a Linux kernel rootkit named ShadowGuard. It relies on legitimate VPS and proxy infrastructure and targets ministries, energy, finance, and diplomatic agencies, with activity intensifying around political events like elections. Unit 42 provides IoCs to help defenders detect and block these attacks.

Topics:world #cybersecurity #espionage #phishing #shadow-campaigns #technology #unc6619

Share this article

State actor targets 155 countries in 'Shadow Campaigns' espionage op BleepingComputer
The Shadow Campaigns: Uncovering Global Espionage Unit 42
Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide The Record from Recorded Future News
Hackers breach 37 countries in ongoing espionage campaign Axios
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities The Hacker News

Reading Insights

Total Reads

Unique Readers

Time Saved

6 min

vs 7 min read

Condensed

93%

1,294 → 92 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights