APT

China Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy Through Telecom Networks

A highly sophisticated cyber espionage campaign linked to a China-associated threat group has been uncovered, targeting telecommunications infrastructure to infiltrate sensitive government networks. The operation reflects a long-term strategy focused on stealth, persistence, and deep network access, raising serious concerns for global cybersecurity. Silent Infiltration of Telecom Networks The threat group known as Red Menshen, […]

China Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy Through Telecom Networks Read More »

North Korean Hackers Exploit VS Code Auto Run Tasks to Deploy StoatWaffle Malware

Cybersecurity experts have identified a sophisticated campaign by North Korean threat actors, tracked as WaterPlum, deploying a modular malware family known as StoatWaffle through malicious Microsoft Visual Studio Code (VS Code) projects. The campaign, dubbed Contagious Interview, targets developers and cryptocurrency professionals with social engineering tactics. Auto-Execution via VS Code Tasks The attackers leverage the tasks.json file

North Korean Hackers Exploit VS Code Auto Run Tasks to Deploy StoatWaffle Malware Read More »

Konni Spreads EndRAT via Phishing and Uses KakaoTalk to Distribute Malware

Cybersecurity researchers have identified a new cyber espionage campaign carried out by the North Korean threat group Konni. The attackers are using phishing emails to compromise victims and then leveraging the popular messaging platform KakaoTalk to distribute malware to additional targets. The activity was analyzed by South Korean cybersecurity company Genians, whose researchers observed a multi stage attack designed

Konni Spreads EndRAT via Phishing and Uses KakaoTalk to Distribute Malware Read More »

DRILLAPP Backdoor Targets Ukraine Using Microsoft Edge Debugging for Stealth Espionage

Cybersecurity researchers have uncovered a new cyber espionage campaign targeting organizations in Ukraine. The activity is believed to be linked to threat actors associated with Russia, according to a report from the LAB52 threat intelligence team at the Spanish security firm S2 Grupo. The operation was detected in February 2026 and appears to share similarities

DRILLAPP Backdoor Targets Ukraine Using Microsoft Edge Debugging for Stealth Espionage Read More »

Chinese Hackers Attack Southeast Asian Militaries Using AppleChris and MemFun Malware

A suspected China-based cyber espionage campaign has been targeting Southeast Asian military organizations since at least 2020, according to Palo Alto Networks Unit 42. The operation, tracked under the codename CL-STA-1087, appears to be state-backed and highly strategic. Targeted Intelligence Gathering Security researchers Lior Rochberger and Yoav Zemah report that the threat actors focused on highly specific military files rather than bulk data theft.

Chinese Hackers Attack Southeast Asian Militaries Using AppleChris and MemFun Malware Read More »

Found this article interesting? Follow us on  X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.

APT28 Deploys BEARDSHELL and COVENANT Malware in Espionage Campaign Against Ukrainian Military

The Russia linked threat group APT28 has been observed deploying two malware implants, BEARDSHELL and COVENANT, in cyber espionage operations targeting Ukrainian military personnel. According to a new investigation by ESET, the malware tools have been actively used since April 2024 to maintain persistent access and conduct long term surveillance. APT28, also widely known by aliases such as Fancy Bear, Sednit, Pawn Storm, and TA422,

APT28 Deploys BEARDSHELL and COVENANT Malware in Espionage Campaign Against Ukrainian Military Read More »

UNC4899 Breached

UNC4899 Breaches Crypto Firm After Trojanized File Is AirDropped to Developer Work Device

A sophisticated cyberattack attributed to the North Korean threat group UNC4899 has reportedly compromised a cryptocurrency organization in 2025, resulting in the theft of millions of dollars worth of digital assets. The attack demonstrates how modern cyber operations combine social engineering, cloud exploitation, and supply chain style infiltration. Security researchers have linked the activity with moderate confidence

UNC4899 Breaches Crypto Firm After Trojanized File Is AirDropped to Developer Work Device Read More »

Transparent Tribe Leverages AI to Mass Produce Malware Implants in Campaign Targeting India

The Pakistan-linked threat actor Transparent Tribe has adopted AI-powered coding tools to mass-produce malware implants aimed at Indian targets, including government entities and embassies abroad. According to Bitdefender, the campaign emphasizes quantity over sophistication, generating large volumes of disposable implants using niche programming languages like Nim, Zig, and Crystal while exploiting trusted services such as Slack, Discord, Supabase, and Google Sheets to

Transparent Tribe Leverages AI to Mass Produce Malware Implants in Campaign Targeting India Read More »

Iran Linked MuddyWater Hackers Target U.S. Networks with New Dindoor Backdoor

New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team reveals that an Iranian state-sponsored hacking group has infiltrated multiple U.S. organizations, including banks, airports, a non-profit, and the Israeli division of a software company. The group, known as MuddyWater (also Seedworm), operates under the Iranian Ministry of Intelligence and Security (MOIS). Analysts believe

Iran Linked MuddyWater Hackers Target U.S. Networks with New Dindoor Backdoor Read More »

Word

China Linked Hackers Deploy TernDoor, PeerTime, and BruteEntry in Attacks on South American Telecom Networks

A cyber espionage campaign linked to China has been targeting telecommunications infrastructure across South America since 2024. The attackers are focusing on Windows servers, Linux systems, and network edge devices, deploying multiple sophisticated malware implants to maintain long term access. Security researchers from Cisco Talos are monitoring this activity under the name UAT-9244, a threat cluster

China Linked Hackers Deploy TernDoor, PeerTime, and BruteEntry in Attacks on South American Telecom Networks Read More »