Digital Espionage & Intelligence
Coverage of cyber espionage, intelligence operations, surveillance technologies, information theft, counterintelligence trends, and geopolitical motivations driving covert digital campaigns between nation-states and advanced threat groups.
-
Cisco Talos links UAT-9244 to TernDoor, PeerTime, and BruteEntry attacks on South American telecoms
Cisco Talos says China-nexus actor UAT-9244 has targeted South American telecommunications providers since 2024, using the TernDoor and PeerTime backdoors alongside the BruteEntry scanner to maintain access across Windows, Linux, and edge devices.
-
APT28 used BEARDSHELL and COVENANT to spy on Ukrainian military personnel
ESET says the Russian state-sponsored group APT28 has used two implants called BEARDSHELL and COVENANT since April 2024 to conduct long-term surveillance of Ukrainian military personnel.
-
Iran-linked MuddyWater targets U.S. networks with new Dindoor backdoor
Broadcom’s Symantec and Carbon Black Threat Hunter Team say the Iran-linked MuddyWater group embedded itself inside several U.S. organizations, including banks, airports, a non-profit, and the Israeli arm of a software company, using a newly identified backdoor named Dindoor.
-
China-linked UAT-9244 used TernDoor, PeerTime, and BruteEntry in South American telecom attacks
Cisco Talos says China-linked threat actor UAT-9244 has targeted telecommunications providers in South America since 2024, using the TernDoor, PeerTime, and BruteEntry implants across Windows, Linux, and edge devices in a campaign it says is closely associated with FamousSparrow.
-
CyberStrikeAI: Chinese-Linked AI Attack Platform Compromises 600+ FortiGate Devices Across 55 Countries
An open-source AI-native offensive security tool called CyberStrikeAI, developed by a Chinese coder with ties to the Ministry of State Security, has been deployed by a Russian-speaking threat actor to compromise over 600 FortiGate appliances across 55 countries. Team Cymru tracked 21 unique servers running the platform, revealing a sharp acceleration in AI-augmented offensive cyber…
-
Iranian Revolution 2026: Complete Intelligence Briefing — Protests, War, Cyber Operations, and the Fall of Khamenei
Comprehensive intelligence briefing on the Iranian Revolution of 2026 — from the December 2025 protest eruption and regime massacres, through Operation Epic Fury and Operation Roaring Lion, the assassination of Khamenei, the Strait of Hormuz crisis, five Iranian cyber threat clusters, AWS data center strikes, and the global fallout. Continuously updated. Last updated March 3,…
-
Amnesty finds Predator spyware on Angolan journalist’s iPhone
Predator spyware: Amnesty’s Security Lab confirms a 2024 infection of an Angolan journalist’s iPhone, documenting data access and repeated re-infection attempts. The report links the incident to known exploitation chains and highlights the human-rights risks of unregulated surveillance technology.
-
AI Weaponization: State Hackers Using Google Gemini for Espionage and Malware Generation
What Happened Google’s Threat Intelligence Group (GTIG) has confirmed that multiple state-sponsored hacking groups are actively using its Gemini large language model (LLM) to enhance their cyber espionage and attack capabilities. The activity spans reconnaissance, social engineering, vulnerability analysis, and the dynamic generation of malicious code. North Korean (UNC2970/Lazarus Group), Chinese (Mustang Panda, APT31, APT41),…
-
D-Knife Spyware: China-Linked APT Hijacks Routers for Cyber Espionage
Unveiling the D-Knife spyware campaign, a sophisticated China-linked APT operation hijacking internet routers for persistent surveillance and data exfiltration. Discover its techni
-
China-Linked UNC3886 Cyber Espionage Targets Singapore Telecom
China-linked APT UNC3886’s sophisticated cyber espionage against Singapore’s telecom sector highlights evolving nation-state threats to critical infrastructure, demanding executive