Latest Espionage news

Evasive Gelsemium hackers spotted in attack against Asian govt

A stealthy advanced persistent threat (APT) tracked as Gelsemium was observed in attacks targeting a Southeast Asian government that spanned six months between 2022 and 2023.
- Bill Toulas
- September 23, 2023
- 11:09 AM
- 0
‘Sandman’ hackers backdoor telcos with new LuaDream malware

A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream.'
- Bill Toulas
- September 21, 2023
- 03:50 PM
- 0
New SprySOCKS Linux malware used in cyber espionage attacks

A Chinese espionage-focused hacker tracked as 'Earth Lusca' was observed targeting government agencies in multiple countries, using a new Linux backdoor dubbed 'SprySOCKS.'
- Bill Toulas
- September 18, 2023
- 10:05 AM
- 2
'Redfly' hackers infiltrated power supplier's network for 6 months

An espionage threat group tracked as 'Redfly' hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months.
- Bill Toulas
- September 12, 2023
- 06:00 AM
- 0
Microsoft: Stealthy Flax Typhoon hackers use LOLBins to evade detection

Microsoft has identified a new hacking group it now tracks as Flax Typhoon that argets government agencies and education, critical manufacturing, and information technology organizations likely for espionage purposes.
- Bill Toulas
- August 25, 2023
- 11:56 AM
- 0
North Korean hackers 'ScarCruft' breached Russian missile maker

The North Korean state-sponsored hacking group ScarCruft has been linked to a cyberattack on the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer and intercontinental ballistic missile engineering organization.
- Bill Toulas
- August 07, 2023
- 10:57 AM
- 0
Hackers target European government entities in SmugX campaign

A phishing campaign that security researchers named SmugX and attributed to a Chinese threat actor has been targeting embassies and foreign affairs ministries in the UK, France, Sweden, Ukraine, Czech, Hungary, and Slovakia, since December 2022.
- Bill Toulas
- July 03, 2023
- 12:44 PM
- 0
Chinese APT15 hackers resurface with new Graphican malware

The Chinese state-sponsored hacking group tracked as APT15 has been observed using a novel backdoor named 'Graphican' in a new campaign between late 2022 and early 2023.
- Bill Toulas
- June 21, 2023
- 06:00 AM
- 0
Russian hackers use PowerShell USB malware to drop backdoors

The Russian state-sponsored hacking group Gamaredon (aka Armageddon, or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics.
- Bill Toulas
- June 15, 2023
- 06:00 AM
- 0
Asylum Ambuscade hackers mix cybercrime with espionage

A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime.
- Bill Toulas
- June 08, 2023
- 03:21 PM
- 0
Dark Pink hackers continue to target govt and military organizations

The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam.
- Bill Toulas
- May 31, 2023
- 04:00 AM
- 0
GoldenJackal state hackers silently attacking govts since 2019

A relatively unknown advanced persistent threat (APT) group named 'GoldenJackal' has been targeting government and diplomatic entities in Asia since 2019 for espionage.
- Bill Toulas
- May 23, 2023
- 06:53 PM
- 0
Stealthy MerDoor malware uncovered after five years of attacks

A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.
- Bill Toulas
- May 15, 2023
- 01:28 PM
- 0
Tencent QQ users hacked in mysterious malware attack, says ESET

The Chinese APT hacking group known as 'Evasive Panda' are behind a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app.
- Bill Toulas
- April 26, 2023
- 02:16 PM
- 0
Chinese hackers use new Linux malware variants for espionage

Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.'
- Bill Toulas
- April 26, 2023
- 06:00 AM
- 1
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails

A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats.
- Bill Toulas
- March 30, 2023
- 05:56 PM
- 0
Newly exposed APT43 hacking group targeting US orgs since 2018

A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years.
- Bill Toulas
- March 28, 2023
- 11:00 AM
- 0
'Bitter' espionage hackers target Chinese nuclear energy orgs

A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.
- Bill Toulas
- March 24, 2023
- 10:47 AM
- 0
Winter Vivern APT hackers use fake antivirus scans to install malware

An advanced hacking group named 'Winter Vivern' targets European government organizations and telecommunication service providers to conduct espionage.
- Bill Toulas
- March 16, 2023
- 06:00 AM
- 0
YoroTrooper cyberspies target CIS energy orgs, EU embassies

A new threat actor named 'YoroTrooper' has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States (CIS) countries.
- Bill Toulas
- March 14, 2023
- 10:56 AM
- 0