Espionage Archives • Page 2 of 2 • Daily CyberSecurity

Russian APTs Exploit LotL Techniques in Ukraine Cyber Attacks, Deploying Sandworm-Linked Webshell and Credential Dumping Sandworm LotL, Ukraine Espionage

Russian APTs Exploit LotL Techniques in Ukraine Cyber Attacks, Deploying Sandworm-Linked Webshell and Credential Dumping

Do Son October 31, 2025

The Symantec Threat Hunter Team has uncovered two major cyber intrusions in Ukraine attributed to Russian-aligned threat...

SideWinder APT Shifts to PDF/ClickOnce Chain to Target South Asian Diplomacy with StealerBot Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

SideWinder APT Shifts to PDF/ClickOnce Chain to Target South Asian Diplomacy with StealerBot

Do Son October 28, 2025

Trellix Advanced Research Center (ARC) has exposed a sophisticated espionage campaign conducted by the SideWinder APT group,...

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage Chinese APT Overlap, Zingdoor ShadowPad

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage

Do Son October 23, 2025

Symantec’s investigation uncovered a complex web of interconnected Chinese espionage operations, with infrastructure and tooling overlapping multiple...

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

Do Son October 17, 2025

A new report from Cisco Talos has exposed a malware campaign linked to Famous Chollima, a North...

Operation Silk Lure: Chinese Espionage Targets FinTech with Malicious Resume LNK to Implant ValleyRAT Operation Silk Lure, ValleyRAT LNK

Operation Silk Lure: Chinese Espionage Targets FinTech with Malicious Resume LNK to Implant ValleyRAT

Do Son October 17, 2025

Researchers at Seqrite Labs have uncovered a highly targeted cyber-espionage campaign, dubbed Operation Silk Lure, that leverages...

Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware

Do Son October 7, 2025

A new report from StrikeReady Labs has revealed a sophisticated spear-phishing campaign targeting European governmental and aviation...

SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage

Do Son October 7, 2025

A new report from Hunt Intelligence reveals that APT SideWinder — one of South Asia’s most active...

Phantom Taurus: New Chinese APT Emerges with Fileless NET-STAR Backdoor Targeting Global Governments and Telecoms

Do Son October 1, 2025

Researchers from Unit 42 have uncovered a previously undocumented Chinese state-aligned threat actor, dubbed Phantom Taurus, whose...

RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms

Do Son September 29, 2025

A new report from Recorded Future’s Insikt Group reveals that the Chinese state-sponsored threat group RedNovember has...

Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign ThinkPHP Vulnerabilities

Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign

Do Son September 29, 2025

Zscaler ThreatLabz has uncovered a new multi-stage ClickFix campaign attributed with moderate confidence to the Russia-linked advanced...

BRICKSTORM Malware: China-Linked Hackers Stealthily Target US Tech and Legal Firms for 393 Days Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

BRICKSTORM Malware: China-Linked Hackers Stealthily Target US Tech and Legal Firms for 393 Days

Do Son September 26, 2025

Google Threat Intelligence Group (GTIG) and Mandiant Consulting have released new findings on BRICKSTORM, a backdoor malware...

The Silent Spy: How Chinese Hackers are Exploiting U.S.-China Policy Chinese espionage groups APT35 Phishing, Stormshield CTI

The Silent Spy: How Chinese Hackers are Exploiting U.S.-China Policy

Do Son September 18, 2025

State-aligned Chinese threat actor TA415 (also tracked as APT41, Brass Typhoon, Wicked Panda) has launched a series...

The Ultimate Insider Threat: How North Korean IT Workers Infiltrated the Global Remote Economy North Korea Espionage, Disguised IT Workers

The Ultimate Insider Threat: How North Korean IT Workers Infiltrated the Global Remote Economy

Do Son August 2, 2025

In an expose, DomainTools has peeled back the curtain on one of the most sophisticated and economically...

Arizona Woman Jailed 8.5 Years for Running $17M “Laptop Farm” Enabling North Korean IT Spies North Korea Espionage, Employment Fraud

Arizona Woman Jailed 8.5 Years for Running $17M “Laptop Farm” Enabling North Korean IT Spies

Do Son July 27, 2025

The U.S. Department of Justice has announced the sentencing of Christina Marie Chapman, a 50-year-old woman from...

Proofpoint Exposes TA829 & UNK_GreenSec’s Dual-Nature Campaigns TA829

Proofpoint Exposes TA829 & UNK_GreenSec’s Dual-Nature Campaigns

Do Son July 1, 2025

Proofpoint’s latest research exposes a pair of closely related threat actor clusters—TA829 and UNK_GreenSec. Described as “a...

Hackers Leak 7.4 Million Paraguayan Citizen Records, Demand $1 Per Person Ransom Paraguay Data Breach, Ransomware

Hackers Leak 7.4 Million Paraguayan Citizen Records, Demand $1 Per Person Ransom

Do Son June 17, 2025

In one of the most audacious cyberattacks to ever target a sovereign nation, threat actors have leaked...

SmartAttack: Turning Your Smartwatch into a Spy Tool for Air-Gapped Networks Smartwatch Hacking, Air-Gapped Data Exfiltration

SmartAttack: Turning Your Smartwatch into a Spy Tool for Air-Gapped Networks

Do Son June 16, 2025

A study by Mordechai Guri of Ben-Gurion University unveils a chilling new vector for data exfiltration: smartwatches....

Ransomware or Espionage? Fog Ransomware Attack in Asia Raises Suspicion with Rare Toolset Fog Ransomware, Espionage

Ransomware or Espionage? Fog Ransomware Attack in Asia Raises Suspicion with Rare Toolset

Do Son June 14, 2025

In May 2025, a financial institution in Asia was targeted in a highly anomalous ransomware attack that...

Cyberattacks Surge Against Energy Sector Amid Geopolitical Tensions Energy Sector, Cyberattacks

Cyberattacks Surge Against Energy Sector Amid Geopolitical Tensions

Do Son April 17, 2025

As geopolitical tensions escalate worldwide, the energy sector has become a primary battlefield in cyberspace. A new...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Espionage

Russian APTs Exploit LotL Techniques in Ukraine Cyber Attacks, Deploying Sandworm-Linked Webshell and Credential Dumping

SideWinder APT Shifts to PDF/ClickOnce Chain to Target South Asian Diplomacy with StealerBot

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

Operation Silk Lure: Chinese Espionage Targets FinTech with Malicious Resume LNK to Implant ValleyRAT

Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware

SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage

Phantom Taurus: New Chinese APT Emerges with Fileless NET-STAR Backdoor Targeting Global Governments and Telecoms

RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms

Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign

BRICKSTORM Malware: China-Linked Hackers Stealthily Target US Tech and Legal Firms for 393 Days

The Silent Spy: How Chinese Hackers are Exploiting U.S.-China Policy

The Ultimate Insider Threat: How North Korean IT Workers Infiltrated the Global Remote Economy

Arizona Woman Jailed 8.5 Years for Running $17M “Laptop Farm” Enabling North Korean IT Spies

Proofpoint Exposes TA829 & UNK_GreenSec’s Dual-Nature Campaigns

Hackers Leak 7.4 Million Paraguayan Citizen Records, Demand $1 Per Person Ransom

SmartAttack: Turning Your Smartwatch into a Spy Tool for Air-Gapped Networks

Ransomware or Espionage? Fog Ransomware Attack in Asia Raises Suspicion with Rare Toolset

Cyberattacks Surge Against Energy Sector Amid Geopolitical Tensions