Latest Cyber-espionage news

Barracuda ESG zero-day attacks linked to suspected Chinese hackers

A suspected pro-China hacker group tracked by Mandiant as UNC4841 has been linked to data-theft attacks on Barracuda ESG (Email Security Gateway) appliances using a now-patched zero-day vulnerability.
- Bill Toulas
- June 15, 2023
- 09:25 AM
- 0
Chinese hackers used VMware ESXi zero-day to backdoor VMs

VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data.
- Sergiu Gatlan
- June 13, 2023
- 12:48 PM
- 0
Asylum Ambuscade hackers mix cybercrime with espionage

A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime.
- Bill Toulas
- June 08, 2023
- 03:21 PM
- 0
GoldenJackal state hackers silently attacking govts since 2019

A relatively unknown advanced persistent threat (APT) group named 'GoldenJackal' has been targeting government and diplomatic entities in Asia since 2019 for espionage.
- Bill Toulas
- May 23, 2023
- 06:53 PM
- 0
Stealthy MerDoor malware uncovered after five years of attacks

A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.
- Bill Toulas
- May 15, 2023
- 01:28 PM
- 0
FBI nukes Russian Snake data theft malware with self-destruct command

Cybersecurity and intelligence agencies from all Five Eyes member nations took down the infrastructure used by the Snake cyber-espionage malware operated by Russia's Federal Security Service (FSB).
- Sergiu Gatlan
- May 09, 2023
- 12:29 PM
- 7
Chinese hackers use new Linux malware variants for espionage

Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.'
- Bill Toulas
- April 26, 2023
- 06:00 AM
- 1
Newly exposed APT43 hacking group targeting US orgs since 2018

A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years.
- Bill Toulas
- March 28, 2023
- 11:00 AM
- 0
'Bitter' espionage hackers target Chinese nuclear energy orgs

A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.
- Bill Toulas
- March 24, 2023
- 10:47 AM
- 0
Hackers use new PowerMagic and CommonMagic malware to steal data

Security researchers have discovered attacks from an advanced threat actor that used "a previously unseen malicious framework" called CommonMagic and a new backdoor called PowerMagic.
- Ionut Ilascu
- March 21, 2023
- 04:33 PM
- 0
Fortinet zero-day attacks linked to suspected Chinese hackers

A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability (CVE-2022-41328) to deploy malware.
- Sergiu Gatlan
- March 16, 2023
- 03:13 PM
- 1
Winter Vivern APT hackers use fake antivirus scans to install malware

An advanced hacking group named 'Winter Vivern' targets European government organizations and telecommunication service providers to conduct espionage.
- Bill Toulas
- March 16, 2023
- 06:00 AM
- 0
YoroTrooper cyberspies target CIS energy orgs, EU embassies

A new threat actor named 'YoroTrooper' has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States (CIS) countries.
- Bill Toulas
- March 14, 2023
- 10:56 AM
- 0
SonicWall devices infected by malware that survives firmware upgrades

A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establish long-term persistence for cyber espionage campaigns.
- Bill Toulas
- March 09, 2023
- 12:40 PM
- 0
Iron Tiger hackers create Linux version of their custom malware

The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, allowing the Chinese cyberespionage group to target more services used in the enterprise.
- Bill Toulas
- March 01, 2023
- 01:44 PM
- 0
PureCrypter malware hits govt orgs with ransomware, info-stealers

A threat actor has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains.
- Bill Toulas
- February 25, 2023
- 10:16 AM
- 0
News Corp says state hackers were on its network for two years

Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020.
- Sergiu Gatlan
- February 24, 2023
- 01:44 PM
- 4
Clasiopa hackers use new Atharvan malware in targeted attacks

Security researchers have observed a hacking group targeting companies in the materials research sector with a unique toolset that includes a custom remote access trojan (RAT) called Atharvan.
- Bill Toulas
- February 23, 2023
- 06:00 AM
- 0
Russian hackers using new Graphiron information stealer in Ukraine

The Russian hacking group known as 'Nodaria' (UAC-0056) is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations.
- Bill Toulas
- February 08, 2023
- 06:00 AM
- 3
New Dark Pink APT group targets govt and military with custom malware

Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information.
- Bill Toulas
- January 11, 2023
- 02:00 AM
- 0