cyber-espionage Archives • Page 8 of 13 • Daily CyberSecurity

Pakistan-Linked TransparentTribe APT Deploys AI-Assisted DeskRAT Malware Against India’s BOSS Linux Systems APT

Pakistan-Linked TransparentTribe APT Deploys AI-Assisted DeskRAT Malware Against India’s BOSS Linux Systems

Do Son October 24, 2025

The Sekoia Threat Detection & Research (TDR) Team has identified a new wave of cyber espionage activity...

Iran-Linked MuddyWater Deploys Phoenix v4 Backdoor via Compromised Emails and NordVPN Exit Node

Do Son October 23, 2025

Researchers at Group-IB Threat Intelligence have uncovered a new global phishing and espionage campaign conducted by the...

Google Exposes Russian Disinformation Blitz Over Poland Airspace Incursion Using Portal Kombat Network Russia Drone Disinformation, Portal Kombat

Russia Drone Disinformation, Portal Kombat

Google Exposes Russian Disinformation Blitz Over Poland Airspace Incursion Using Portal Kombat Network

Do Son October 22, 2025

Google’s Threat Intelligence Group (GTIG) has uncovered multiple coordinated pro-Russia information operations (IO) exploiting the September 9–10,...

Bitter APT Attacks China/Pakistan with WinRAR Zero-Day and New C# Backdoor via Office Macro Bitter APT C# Backdoor, WinRAR Path Traversal

Bitter APT Attacks China/Pakistan with WinRAR Zero-Day and New C# Backdoor via Office Macro

Do Son October 22, 2025

China-based cybersecurity firm Qianxin Threat Intelligence Center has uncovered a new wave of attacks linked to the...

COLDRIVER APT Bounces Back: Deploys ‘ROBOT’ Malware Family Days After LOSTKEYS Exposure Malware development overview

COLDRIVER APT Bounces Back: Deploys ‘ROBOT’ Malware Family Days After LOSTKEYS Exposure

Do Son October 22, 2025

Google’s Threat Intelligence Group (GTIG) has uncovered a major post-exposure evolution in the operations of COLDRIVER—a Russian...

China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2 Jewelbug Russian Intrusion, Graph API C2

China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2

Do Son October 16, 2025

A new investigation by The Symantec Threat Hunter Team has revealed that the Chinese APT group “Jewelbug”...

Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor Mysterious Elephant APT, WhatsApp Data Theft

Mysterious Elephant APT, WhatsApp Data Theft

Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor

Do Son October 16, 2025

Researchers at Kaspersky’s Global Research and Analysis Team (GReAT) have published a detailed report on a newly...

Pegasus Spyware Creator NSO Group Acquired by US Firm for “Tens of Millions” NSO Group Acquisition, Pegasus Spyware

Pegasus Spyware Creator NSO Group Acquired by US Firm for “Tens of Millions”

Do Son October 11, 2025

The notorious Israeli commercial spyware developer NSO Group has confirmed that it has been acquired by a...

Mustang Panda APT Uses Hidden DLL and EnumFontsW to Launch Stealthy Tibet-Themed Campaign axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Mustang Panda APT Uses Hidden DLL and EnumFontsW to Launch Stealthy Tibet-Themed Campaign

Do Son October 8, 2025

A new phishing campaign analyzed by malware researcher 0x0d4y has uncovered fresh insights into Mustang Panda’s evolving...

Cavalry Werewolf APT Targets Russian Agencies with FoalShell and Telegram C2 FBI email system hack

Cavalry Werewolf APT Targets Russian Agencies with FoalShell and Telegram C2

Do Son October 3, 2025

The threat actor known as Cavalry Werewolf has been observed ramping up its operations between May and...

Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor

Do Son October 3, 2025

The Confucius group, a long-running cyber-espionage actor first identified in 2013, has resurfaced with a new wave...

Patchwork APT Resurfaces: Stealthy Espionage Campaign Exploits DLL Sideloading and Layered Obfuscation Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Patchwork APT Resurfaces: Stealthy Espionage Campaign Exploits DLL Sideloading and Layered Obfuscation

Do Son October 1, 2025

The Patchwork APT group—also known as Dropping Elephant, Monsoon, and Hangover Group—has resurfaced with a new campaign...

Salt Typhoon: China’s State-Sponsored Espionage Group Infiltrates Global Telecoms for Long-Term Cyber Warfare AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Salt Typhoon: China’s State-Sponsored Espionage Group Infiltrates Global Telecoms for Long-Term Cyber Warfare

Do Son September 27, 2025

A new report from DomainTools exposes the operations of Salt Typhoon, a Chinese state-sponsored cyber threat group...

Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs CVE-2024-41988 & CVE-2024-41987

Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs

Do Son September 24, 2025

Researchers at Cisco Talos have uncovered a long-running espionage campaign active since 2022, targeting the telecommunications and...

Iranian APT “Nimbus Manticore” Intensifies Cyber Espionage in Europe Zyxel security - Mitel MiCollab Vulnerability

Iranian APT “Nimbus Manticore” Intensifies Cyber Espionage in Europe

Do Son September 24, 2025

Check Point Research (CPR) has published new findings on Nimbus Manticore, an Iranian state-aligned APT group overlapping...

Subtle Snail: Iran-Linked Espionage Campaign Targets European Telecom, Aerospace, and Defense Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Subtle Snail: Iran-Linked Espionage Campaign Targets European Telecom, Aerospace, and Defense

Do Son September 23, 2025

A new study from Catalyst has exposed a sophisticated cyber espionage campaign conducted by Subtle Snail (UNC1549),...

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage

Do Son September 17, 2025

The Russian-linked threat actor APT28, also known as Sofacy, Fancy Bear, Forest Blizzard, and TAG-110, has unveiled...

Kimsuky Group Weaponizes AI Deepfakes in New Spear-Phishing Campaign North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Kimsuky Group Weaponizes AI Deepfakes in New Spear-Phishing Campaign

Do Son September 16, 2025

The Genians Security Center (GSC) has uncovered a new spear-phishing campaign by the North Korean threat group...

EggStreme: New Fileless Malware from a Chinese APT Targets Philippine Military Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT