Latest Cyber-espionage news

Chinese LuoYu hackers deploy cyber-espionage malware via app updates

A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks.
- Sergiu Gatlan
- June 02, 2022
- 12:36 PM
- 0
Russian hackers perform reconnaissance against Austria, Estonia

In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College.
- Bill Toulas
- May 23, 2022
- 09:14 AM
- 0
Cyberspies use IP cameras to deploy backdoors, steal Exchange emails

A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.
- Sergiu Gatlan
- May 02, 2022
- 01:28 PM
- 0
Hackers target Ukrainian govt with IcedID malware, Zimbra exploits

Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware.
- Bill Toulas
- April 14, 2022
- 11:09 AM
- 0
Phishing campaign targets Russian govt dissidents with Cobalt Strike

A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine.
- Bill Toulas
- March 30, 2022
- 09:05 AM
- 0
Hackers use modified MFA tool against Indian govt employees

A new campaign from the hacking group tracked as APT36, aka 'Transparent Tribe' or' Mythic Leopard,' has been discovered using new custom malware and entry vectors in attacks against the Indian government.
- Bill Toulas
- March 29, 2022
- 12:29 PM
- 0
New Mustang Panda hacking campaign targets diplomats, ISPs

An ongoing Mustang Panda campaign that has started at least eight months ago has been uncovered by threat analysts who also managed to sample and analyze custom malware loaders and a new Korplug variant.
- Bill Toulas
- March 23, 2022
- 03:13 PM
- 0
Ukraine links Belarusian hackers to phishing targeting its military

The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.
- Sergiu Gatlan
- February 25, 2022
- 09:18 AM
- 0
Molerats hackers deploy new malware in highly evasive campaign

The Palestinian-aligned APT group tracked as TA402 (aka Molerats) was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites.
- Bill Toulas
- February 09, 2022
- 03:17 AM
- 0
Finnish diplomats’ phones infected with NSO Group Pegasus spyware

Finland's Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign.
- Sergiu Gatlan
- January 28, 2022
- 08:26 AM
- 0
German govt warns of APT27 hackers backdooring business networks

The BfV German domestic intelligence services (short for Bundesamt für Verfassungsschutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group.
- Sergiu Gatlan
- January 26, 2022
- 08:00 AM
- 0
Oops: Cyberspies infect themselves with their own malware

After infecting themselves with their own custom remote access trojan (RAT), an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers.
- Sergiu Gatlan
- January 10, 2022
- 01:43 PM
- 0
France warns of Nobelium cyberspies attacking French orgs

The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year's SolarWinds hack has been targeting French organizations since February 2021.
- Sergiu Gatlan
- December 06, 2021
- 01:46 PM
- 0
North Korean cyberspies target govt officials with custom malware

A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns.
- Bill Toulas
- November 18, 2021
- 09:47 AM
- 0
Iranian state hackers use upgraded malware in attacks on ISPs, telcos

The Iranian state-supported APT known as 'Lyceum' (Hexane, Spilrin) targeted ISPs and telecommunication service providers in the Middle East and Africa between July and October 2021.
- Bill Toulas
- November 09, 2021
- 12:33 PM
- 0
State hackers breach defense, energy, healthcare orgs worldwide

Cybersecurity firm Palo Alto Networks warned over the weekend of an ongoing hacking campaign that has already resulted in the compromise of at least nine organizations worldwide from critical sectors, including defense, healthcare, energy, technology, and education.
- Sergiu Gatlan
- November 08, 2021
- 03:34 AM
- 0
Hackers use stealthy ShellClient malware on aerospace, telco firms

Threat researchers investigating malware used to target companies in the aerospace and telecommunications sectors discovered a new threat actor that has been running cyber espionage campaigns since at least 2018.
- Ionut Ilascu
- October 06, 2021
- 03:42 PM
- 0
GhostEmperor hackers use new Windows 10 rootkit in attacks

Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit.
- Sergiu Gatlan
- September 30, 2021
- 01:34 PM
- 0
Russian state hackers use new TinyTurla malware as secondary backdoor

Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan.
- Ionut Ilascu
- September 21, 2021
- 11:54 AM
- 0
France warns of APT31 cyberspies targeting French organizations

The French national cyber-security agency today warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 cyberespionage group.
- Sergiu Gatlan
- July 21, 2021
- 10:13 AM
- 0