Espionage Archives • Daily CyberSecurity

Stealth & Automation: Seedworm’s 2026 Global Campaign Hijacks Security Software to Deploy ChromElevator Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Stealth & Automation: Seedworm’s 2026 Global Campaign Hijacks Security Software to Deploy ChromElevator

Do Son May 15, 2026

A sprawling espionage campaign linked to the Iranian state has been uncovered, revealing a significant evolution in...

DAEMON Tools Supply Chain Attack QUIC RAT Malware

Trojanized Tools: DAEMON Tools Supply Chain Attack Compromises Global Systems

Do Son May 6, 2026

Kaspersky has uncovered a sophisticated supply chain attack targeting DAEMON Tools, the widely used disk imaging software....

Tropic Trooper Weaponizes GitHub and VS Code for East Asian Espionage Tropic Trooper Espionage VS Code Tunnels

Tropic Trooper Weaponizes GitHub and VS Code for East Asian Espionage

Do Son April 24, 2026

A sophisticated cyber espionage campaign has been uncovered targeting individuals across East Asia, leveraging a deceptive mix...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

TrueChaos: The TrueConf Zero-Day That Turned Secure Updates Into a Government Espionage Backdoor

Do Son April 1, 2026

A trusted communication tool has been turned into a weapon of mass malware distribution. Check Point Research...

Tax Audits and WhatsApp Clones: How “Silver Fox” is Redefining Cyber-Espionage in South Asia WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Tax Audits and WhatsApp Clones: How “Silver Fox” is Redefining Cyber-Espionage in South Asia

Do Son March 29, 2026

A new report from Sekoia’s Threat Detection & Research (TDR) team has detailed the curtain on Silver...

Live from Your Webcam: Remcos RAT Evolves into a Real-Time Surveillance Nightmare WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Live from Your Webcam: Remcos RAT Evolves into a Real-Time Surveillance Nightmare

Do Son February 19, 2026

Remcos, once a commercial remote management tool turned notorious Remote Access Trojan (RAT), has received an upgrade....

New “LOTUSLITE” Backdoor Targets U.S. Government in Suspected Mustang Panda Campaign Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

New “LOTUSLITE” Backdoor Targets U.S. Government in Suspected Mustang Panda Campaign

Do Son January 19, 2026

A new espionage campaign targeting U.S. government entities has been uncovered, utilizing a custom backdoor dubbed LOTUSLITE....

New NANOREMOTE Backdoor Uses Google Drive API for Covert C2 and Links to FINALDRAFT Espionage Group NANOREMOTE Google Drive C2, FINALDRAFT Link

NANOREMOTE Google Drive C2, FINALDRAFT Link

New NANOREMOTE Backdoor Uses Google Drive API for Covert C2 and Links to FINALDRAFT Espionage Group

Do Son December 15, 2025

Elastic Security Labs has uncovered a sophisticated new Windows backdoor that leverages the trusted infrastructure of Google...

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners React2Shell RCE, Widespread Exploitation

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners

Do Son December 13, 2025

The cybersecurity landscape was jolted this month by the disclosure of a catastrophic vulnerability in one of...

Iran-Linked MuddyWater Deploys UDPGangster Backdoor, Using UDP Protocol for Covert C2 UDPGangster Backdoor, MuddyWater UDP C2

Iran-Linked MuddyWater Deploys UDPGangster Backdoor, Using UDP Protocol for Covert C2

Do Son December 8, 2025

A sophisticated new malware campaign attributed to the Iranian-linked threat group MuddyWater has been discovered targeting government...

Russian Calisto APT Targets Reporters Without Borders with Custom AiTM Phishing and “Missing File” Lure Calisto RSF Espionage, AiTM Phishing Lure

Calisto RSF Espionage, AiTM Phishing Lure

Russian Calisto APT Targets Reporters Without Borders with Custom AiTM Phishing and “Missing File” Lure

Do Son December 5, 2025

A fresh wave of cyber-espionage attacks has struck the international non-profit sector, with Russian state-sponsored hackers zeroing...

Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing

Do Son December 1, 2025

A shapeshifting advanced persistent threat (APT) group known as Bloody Wolf has expanded its hunting grounds. Following...

Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts PromptMink Campaign AI Agent Deception LIMINAL PANDA UNC1549 DLL Hijacking, VDI Breakout

PromptMink Campaign AI Agent Deception LIMINAL PANDA UNC1549 DLL Hijacking, VDI Breakout

Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts

Do Son November 19, 2025

The threat group UNC1549, suspected to be linked to Iran, has significantly expanded its cyber-espionage operations across...

China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading China APT Espionage, DLL Sideloading

China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading

Do Son November 10, 2025

A new investigation by the Broadcom Threat Hunter Team has uncovered a China-linked cyber espionage campaign that...

Kimsuky APT Uses JavaScript Loader and Certutil to Achieve Minute-by-Minute Persistence via Windows Scheduled Task

Do Son November 10, 2025

The North Korean advanced persistent threat (APT) group Kimsuky has once again emerged with a new, JavaScript-driven...

New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Do Son November 6, 2025

Researchers at Proofpoint Threat Research have identified a previously unknown cyber-espionage group, dubbed UNK_SmudgedSerpent, which has been...

SesameOp Backdoor Hijacks OpenAI Assistants API for Covert C2 and Espionage SesameOp OpenAI C2

SesameOp Backdoor Hijacks OpenAI Assistants API for Covert C2 and Espionage

Do Son November 4, 2025

In an example of how threat actors are adapting to modern AI ecosystems, Microsoft’s Incident Response –...

Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy CVE-2024-36072 Water Gamayun, MSC EvilTwin

CVE-2024-36072 Water Gamayun, MSC EvilTwin

Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy

Do Son November 4, 2025

Seqrite Labs’ APT Team has released a detailed report exposing the latest espionage operations conducted by the...

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading UNC6384 PlugX, LNK Exploit

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading

Do Son November 3, 2025

Researchers at Arctic Wolf Labs have uncovered an extensive cyber espionage campaign by UNC6384, a Chinese-affiliated threat...

Nation-State Espionage: Airstalk Malware Hijacks VMware AirWatch (MDM) API for Covert C2 Channel

Do Son October 31, 2025

Palo Alto Networks’ Unit 42 Threat Intelligence team has uncovered a sophisticated new malware family dubbed Airstalk,...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Espionage

Stealth & Automation: Seedworm’s 2026 Global Campaign Hijacks Security Software to Deploy ChromElevator

Trojanized Tools: DAEMON Tools Supply Chain Attack Compromises Global Systems

Tropic Trooper Weaponizes GitHub and VS Code for East Asian Espionage

TrueChaos: The TrueConf Zero-Day That Turned Secure Updates Into a Government Espionage Backdoor

Tax Audits and WhatsApp Clones: How “Silver Fox” is Redefining Cyber-Espionage in South Asia

Live from Your Webcam: Remcos RAT Evolves into a Real-Time Surveillance Nightmare

New “LOTUSLITE” Backdoor Targets U.S. Government in Suspected Mustang Panda Campaign

New NANOREMOTE Backdoor Uses Google Drive API for Covert C2 and Links to FINALDRAFT Espionage Group

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners

Iran-Linked MuddyWater Deploys UDPGangster Backdoor, Using UDP Protocol for Covert C2

Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing

Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts

China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading

Kimsuky APT Uses JavaScript Loader and Certutil to Achieve Minute-by-Minute Persistence via Windows Scheduled Task

SesameOp Backdoor Hijacks OpenAI Assistants API for Covert C2 and Espionage

Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading

Nation-State Espionage: Airstalk Malware Hijacks VMware AirWatch (MDM) API for Covert C2 Channel