Cyber Espionage

Cybersecurity researchers have uncovered a new cyber espionage campaign targeting organizations in Ukraine. The activity is believed to be linked to threat actors associated with Russia, according to a report from the LAB52 threat intelligence team at the Spanish security firm S2 Grupo. The operation was detected in February 2026 and appears to share similarities

A suspected China-based cyber espionage campaign has been targeting Southeast Asian military organizations since at least 2020, according to Palo Alto Networks Unit 42. The operation, tracked under the codename CL-STA-1087, appears to be state-backed and highly strategic. Targeted Intelligence Gathering Security researchers Lior Rochberger and Yoav Zemah report that the threat actors focused on highly specific military files rather than bulk data theft.

The Russia linked threat group APT28 has been observed deploying two malware implants, BEARDSHELL and COVENANT, in cyber espionage operations targeting Ukrainian military personnel. According to a new investigation by ESET, the malware tools have been actively used since April 2024 to maintain persistent access and conduct long term surveillance. APT28, also widely known by aliases such as Fancy Bear, Sednit, Pawn Storm, and TA422,

New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team reveals that an Iranian state-sponsored hacking group has infiltrated multiple U.S. organizations, including banks, airports, a non-profit, and the Israeli division of a software company. The group, known as MuddyWater (also Seedworm), operates under the Iranian Ministry of Intelligence and Security (MOIS). Analysts believe

A cyber espionage campaign linked to China has been targeting telecommunications infrastructure across South America since 2024. The attackers are focusing on Windows servers, Linux systems, and network edge devices, deploying multiple sophisticated malware implants to maintain long term access. Security researchers from Cisco Talos are monitoring this activity under the name UAT-9244, a threat cluster

Cybersecurity researchers have disclosed a campaign attributed to a suspected Iran-linked threat actor targeting Iraqi government officials. The attackers impersonated Iraq’s Ministry of Foreign Affairs to deliver previously unknown malware families, including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Observed by Zscaler ThreatLabz in January 2026, the campaign employs two distinct infection chains that ultimately deploy these malicious tools. A

Cybersecurity researchers have revealed a new Russian cyber campaign targeting Ukrainian organizations using two previously unknown malware families, BadPaw and MeowMeow. According to a report by ClearSky, the attack begins with a phishing email containing a link to a ZIP archive. Once extracted, an HTA file opens a decoy document in Ukrainian concerning border crossing appeals, designed to

Cybersecurity researchers have uncovered fresh details about an advanced persistent threat group known as Silver Dragon, which has been targeting government entities across Europe and Southeast Asia since at least mid 2024. According to a technical analysis published by Check Point, the group employs a mix of server exploitation and phishing attacks to gain initial access,