Cyber Espionage
Articles related to cyber espionage campaigns and tactics.
-
North Korean Hackers Deploy StoatWaffle Malware via VS Code Projects
A North Korean threat actor, tracked as WaterPlum, is using malicious Visual Studio Code projects to distribute a new malware family called StoatWaffle. The campaign leverages a feature in VS Code to automatically execute code when a project is opened.
-
APT28 used BEARDSHELL and COVENANT to spy on Ukrainian military personnel
ESET says the Russian state-sponsored group APT28 has used two implants called BEARDSHELL and COVENANT since April 2024 to conduct long-term surveillance of Ukrainian military personnel.
-
Iran-linked MuddyWater targets U.S. networks with new Dindoor backdoor
Broadcom’s Symantec and Carbon Black Threat Hunter Team say the Iran-linked MuddyWater group embedded itself inside several U.S. organizations, including banks, airports, a non-profit, and the Israeli arm of a software company, using a newly identified backdoor named Dindoor.
-
China-linked UAT-9244 used TernDoor, PeerTime, and BruteEntry in South American telecom attacks
Cisco Talos says China-linked threat actor UAT-9244 has targeted telecommunications providers in South America since 2024, using the TernDoor, PeerTime, and BruteEntry implants across Windows, Linux, and edge devices in a campaign it says is closely associated with FamousSparrow.
-
Volt Typhoon: China’s Critical Infrastructure Pre-Positioning Campaign
Volt Typhoon is a China-linked intrusion campaign that U.S. agencies say targeted communications, energy, transportation, and water systems while using stealthy living-off-the-land tradecraft and compromised routers to hide its activity.
-
Stuxnet: The Cyber Weapon That Changed Warfare
Stuxnet was the first publicly known cyber weapon to cause physical damage inside critical infrastructure, reshaping how governments, defenders, and analysts understand cyber warfare, industrial sabotage, and state power in cyberspace.
-
D-Knife Spyware: China-Linked APT Hijacks Routers for Cyber Espionage
Unveiling the D-Knife spyware campaign, a sophisticated China-linked APT operation hijacking internet routers for persistent surveillance and data exfiltration. Discover its techni
-
China-Linked UNC3886 Cyber Espionage Targets Singapore Telecom
China-linked APT UNC3886’s sophisticated cyber espionage against Singapore’s telecom sector highlights evolving nation-state threats to critical infrastructure, demanding executive
-
German Security Agencies Warn of State-Sponsored Phishing Attacks via Messenger Services
German security agencies issue a joint warning about state-sponsored phishing attacks targeting high-profile individuals via Signal and other messenger services, posing significant
-
North Korean Konni Group Leverages Google’s Find Hub to Wipe Android Devices in Latest Campaigns
North Korea’s Konni Group has escalated its cyber espionage tactics by leveraging Google’s legitimate Find Hub service to remotely wipe Android devices. This sophisticated campaign targets Android and Windows users with data theft and remote control objectives, initiating with spear-phishing emails and deploying the Lilith Remote Access Trojan (RAT).