Tag

Cyberespionage

All articles tagged with #cyberespionage

technology22 days ago•3 min saved

Asia-based cyberespionage campaign breaches governments worldwide and expands reconnaissance

Palo Alto Networks Unit 42 reports an Asia-based cyberespionage group compromised at least 70 institutions across 37 governments and conducted reconnaissance in 155 countries. The attackers used phishing to drop a Cobalt Strike payload and a mix of exploits to gain footholds, with some victims accessed for months (including a parliament and key ministries). The operation is described as potentially the most widespread state-sponsored government breach since SolarWinds, with the group adapting to different targets and events and attribution to a specific country not determined.

via The Record from Recorded Future News|

#cyberespionage #governments #nation-state

security23 days ago•4 min saved

Russian Hackers Exploit Fresh Office Flaw Hours After Patch

Within 48 hours of Microsoft issuing an urgent Office patch for CVE-2026-21509, the Russian-state group APT28 launched a fast, in-memory, fileless campaign that installed new backdoors (BeardShell and NotDoor) via staged spear-phishing across nine countries, targeting defense ministries, transportation operators, and diplomatic entities, with command-and-control hosted on legitimate cloud services to evade detection.

via Ars Technica|

#apt28 #cve-2026-21509 #cyberespionage

cybersecurity2 months ago•3 min saved

Chinese Hackers Employ Rootkit to Conceal ToneShell Malware

Chinese state hackers, attributed to Mustang Panda, have used a sophisticated kernel-mode rootkit to hide the ToneShell malware activity in attacks against Asian government organizations, employing advanced evasion techniques and malware variants to enhance stealth and resilience.

via BleepingComputer|

#chinesehackers #cyberespionage #cybersecurity

cybersecurity5 months ago•4 min saved

Chinese Hackers Deploy BRICKSTORM Malware to Target U.S. Legal and Tech Sectors

A suspected China-linked cyber espionage group, UNC5221, is using the sophisticated BRICKSTORM backdoor to infiltrate U.S. legal, tech, and SaaS sectors, maintaining long-term stealthy access to steal sensitive information and potentially exploit zero-day vulnerabilities, with ongoing development and active deployment across multiple systems.

via The Hacker News|

#backdoor #brickstorm #china-nexus

technology6 months ago•2 min saved

APT36 exploits Linux .desktop files to deploy malware in new attacks

Pakistani APT36 hackers are exploiting Linux .desktop files to deliver malware and conduct espionage against Indian government and defense targets, using phishing emails with disguised malicious files that execute hidden commands, establishing persistent access and exfiltrating data, indicating evolving and sophisticated tactics.

via BleepingComputer|

#apt36 #cyberespionage #desktop-files

technology8 months ago•3 min saved

Microsoft Patches 67 Vulnerabilities, Including Exploited WebDav Zero-Day

Hackers from the Stealth Falcon group exploited a zero-day vulnerability in Windows WebDav (CVE-2025-33053) to conduct stealthy cyberespionage against Middle Eastern defense and government organizations since March 2025, using remote code execution to drop malware and maintain operational stealth. Microsoft patched the flaw, but the attack techniques involved manipulating WebDAV paths to execute malicious code remotely, leading to the deployment of advanced malware tools like Horus Loader and Horus Agent. Organizations are advised to update Windows promptly and monitor WebDAV traffic for suspicious activity.

via BleepingComputer|

#apt #cyberespionage #stealth-falcon

cybersecurity1 year ago•2 min saved

FBI and White House Alert on Cybersecurity Threats from China and Messaging Apps

Chinese cyberspies, as part of the Salt Typhoon campaign, have recorded calls of high-level US political figures, according to Anne Neuberger, the White House's deputy national security advisor for cyber and emerging technology. The espionage operation targeted senior political individuals and compromised eight US telecom providers, along with organizations in numerous countries. The campaign also accessed wiretapping systems, although this was not its primary focus. The US Senate Commerce subcommittee is set to investigate these cybersecurity threats in an upcoming hearing.

via The Register|

#china #cyberespionage #cybersecurity

cybersecurity1 year ago•18 min saved

Chinese APT Gelsemium Unleashes WolfsBane Malware on Linux Systems

ESET researchers have discovered a new Linux backdoor named WolfsBane, attributed to the Gelsemium APT group, marking the first known use of Linux malware by this China-aligned threat actor. WolfsBane is the Linux counterpart to the Windows-based Gelsevirine backdoor, used for cyberespionage. Another backdoor, FireWood, was also found but is only tentatively linked to Gelsemium. This shift towards Linux malware by APT groups is attributed to enhanced security measures on Windows systems, prompting attackers to target vulnerabilities in Linux-based internet-facing systems.

via We Live Security|

#apt #cyberespionage #cybersecurity

cybersecurity1 year ago•6 min saved

"Microsoft's Security Failures Exposed: Unraveling the 2023 Exchange Attack"

The U.S. Department of Homeland Security's Cyber Safety Review Board (CSRB) has criticized Microsoft's handling of the 2023 Exchange Online attack, stating that the company needs to improve data security and transparency regarding the theft of an Azure signing key by cyberespionage actor 'Storm-0558.' Microsoft has been unable to provide conclusive evidence on how the threat actor obtained the signing key, despite attributing the hack to Storm-0558 stealing the key from an engineer's compromised laptop. The hackers accessed email accounts using a 2016 Microsoft Services Account (MSA) key that should have been revoked in 2021, leading to the compromise of over 500 individuals at 22 organizations. The CSRB report highlights the need for enhanced logging features and improved key management, while Microsoft continues to investigate the incident.

via BleepingComputer|

#cyberespionage #cybersecurity #exchange-online-hack

cybersecurity1 year ago•8 min saved

"UNAPIMON: Earth Freybug's Key Tool for Unhooking Critical APIs"

Earth Freybug, a cyberthreat group, has been found using dynamic-link library (DLL) hijacking and application programming interface (API) unhooking techniques to prevent child processes from being monitored via a new malware called UNAPIMON. This malware employs defense evasion techniques to prevent child processes from being monitored, allowing malicious activities to go undetected. The attack demonstrates the group's evolving methods and the effectiveness of simple yet creative techniques, highlighting the need for vigilance against both advanced and overlooked tactics in cybersecurity.

via Trend Micro|

#api-unhooking #cyberespionage #cybersecurity

politics1 year ago•1 min saved

"U.S. and Britain Sanction Chinese Hackers for 14-Year Cyberespionage Campaign"

The United States and Britain have imposed sanctions on China's elite hacking units, accusing Beijing's top spy agency of a yearslong effort to place malware in critical infrastructure and stealing the voting rolls for 40 million British citizens. The actions underscore the escalation of cyberconflict between Western allies and Beijing, with American intelligence agencies warning that the malware found in U.S. infrastructure appeared to be intended for use if the United States were coming to the aid of Taiwan. Separately, the Justice Department indicted individual Chinese hackers for targeting and intimidating Beijing's critics around the world.

via The New York Times|

#britain #china #cyberespionage

cybersecurity1 year ago•3 min saved

"US and UK Impose Sanctions on China for Election-Related Hacking"

The US and UK have accused China of conducting a widespread cyberespionage campaign, targeting millions of individuals including lawmakers, journalists, and government officials. The hacking group "APT31" is alleged to be an arm of China's Ministry of State Security, with the aim of repressing critics, compromising government institutions, and stealing trade secrets. Both countries have filed charges and imposed sanctions, while Chinese diplomats have dismissed the allegations. Tensions between Beijing and Washington over cyberespionage have been rising, with Western intelligence agencies increasingly sounding the alarm on alleged Chinese state-backed hacking activity.

via Reuters|

#china #cyberespionage #cybersecurity

cybersecurity2 years ago•15 min saved

"Rising Threat: Malicious Spyware Apps Targeting Android Users"

ESET researchers have uncovered a cyberespionage campaign conducted by the Patchwork APT group, involving twelve Android apps bundled with VajraSpy malware. The apps, disguised as messaging tools and a news app, were distributed on Google Play and other platforms, with over 1,400 downloads. The malware can steal contacts, files, call logs, and SMS messages, and some versions can even extract WhatsApp and Signal messages, record phone calls, and take pictures. The campaign primarily targeted users in Pakistan, likely through targeted romance scams, and has been attributed to the Patchwork APT group.

via We Live Security|

#android-apps #cyberespionage #cybersecurity

technology-cybersecurity2 years ago•0 min saved

"Revealed: Advanced Zero-Day Exploits and Hidden Hardware Features in Global iPhone Hacking Campaign"

Russian cybersecurity experts have uncovered one of the most sophisticated hacking campaigns, believed to be orchestrated by U.S. intelligence agencies. This campaign utilized a series of 12 steps and four zero-day vulnerabilities to execute a zero-click hack on iPhones, enabling espionage activities against targets in several countries, including Russia, China, Syria, Israel, and NATO members. The revelation was made at a hacker conference and has raised significant concerns about the extent of U.S. cyber surveillance capabilities.

via Haaretz|

##cyberespionage #internationalspying

national-security-and-cybersecurity2 years ago•0 min saved

"Operation Triangulation: The Most Advanced iPhone Hack Exploiting Hidden Hardware Vulnerabilities"

At a hacker conference, Russian cybersecurity experts disclosed an intricate iPhone hack, believed to be orchestrated by U.S. intelligence agencies, to conduct espionage on high-profile targets across Russia, China, Syria, Israel, and NATO countries. This sophisticated cyber operation involved 12 steps and utilized four zero-day vulnerabilities, allowing for a zero-click intrusion into devices. The revelation comes amid heightened scrutiny over cybersecurity practices and international espionage, with India's Prime Minister Narendra Modi criticizing Apple for exposing new targets of the infamous Pegasus spyware.

via Haaretz|

##cyberespionage #iphonehack