Cyber Espionage

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned threat group has been identified for a phishing campaign targeting Microsoft 365 users by exploiting device code authentication flows to steal credentials and conduct account takeovers. The campaign, active since September 2025, is tracked by Proofpoint under the designation UNK_AcademicFlare. Attackers have primarily targeted email accounts associated with government and military organizations, […]

Russia Linked Hackers Abuse Microsoft 365 Device Code Phishing for Account Takeovers Read More »

China Aligned Threat Group Abuses Windows Group Policy to Deploy Espionage Malware

A previously undocumented China-aligned threat cluster, tracked as LongNosedGoblin, has been linked to a series of cyber espionage operations targeting government organizations in Southeast Asia and Japan. The activity, uncovered by Slovak cybersecurity firm ESET, has been assessed to be active since at least September 2023, with intelligence collection identified as the primary objective. According

China Aligned Threat Group Abuses Windows Group Policy to Deploy Espionage Malware Read More »

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign

The Russian state sponsored cyber threat actor widely known as APT28 has been linked to a long running credential harvesting campaign aimed at users of UKR[.]net, a popular Ukrainian webmail and news service. The activity was uncovered by the Insikt Group, the threat intelligence division of Recorded Future, and was observed between June 2024 and

APT28 Targets Ukrainian UKR net Users in Long Running Credential Phishing Campaign Read More »

New ForumTroll Phishing Attacks Target Russian Scholars via Fake eLibrary Emails

A new wave of phishing attacks linked to Operation ForumTroll has been observed targeting academic professionals in Russia, according to cybersecurity researchers at Kaspersky. The activity was detected in October 2025, marking a shift in the threat actor’s focus from organizations to individual scholars. Security analysts noted that the campaign primarily targets experts in political

New ForumTroll Phishing Attacks Target Russian Scholars via Fake eLibrary Emails Read More »

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

A China aligned cyber espionage group tracked as Ink Dragon has intensified its operations against government organizations, with a noticeable focus on European targets since July 2025. The campaign remains active and continues to impact entities across Southeast Asia and South America. Security researchers at Check Point Research are monitoring the activity cluster, which is

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware Read More »

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon has released new threat intelligence findings detailing a years long cyber campaign linked to a Russian state sponsored actor that targeted Western critical infrastructure between 2021 and 2025. The activity primarily affected energy sector organizations, critical infrastructure providers in North America and Europe, and companies operating cloud hosted network environments. According to Amazon, the

Amazon Exposes Years Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure Read More »

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor

An advanced persistent threat (APT) group known as WIRTE has been linked to cyberattacks targeting government and diplomatic entities across the Middle East since 2020. The group deploys a previously undocumented malware suite called AshTag, designed for espionage and intelligence collection. Palo Alto Networks Unit 42 is tracking this cluster under the codename Ashen Lepus.

WIRTE Uses AshenLoader Sideloading to Deploy the AshTag Espionage Backdoor Read More »

North Korea Linked Actors Exploit React2Shell to Deliver New EtherRAT Malware

A threat group linked to North Korea has begun exploiting the critical React2Shell security flaw in React Server Components to distribute a previously undocumented remote access trojan named EtherRAT. According to a new report from Sysdig, this malware uses Ethereum smart contracts for command and control resolution, deploys five separate persistence methods on Linux systems,

North Korea Linked Actors Exploit React2Shell to Deliver New EtherRAT Malware Read More »

MuddyWater Uses UDPGangster Backdoor in Targeted Campaign Across Turkey, Israel, and Azerbaijan

In a newly identified cyber espionage operation, the Iranian aligned group MuddyWater has been found using a previously unknown backdoor named UDPGangster. The malware relies on the User Datagram Protocol (UDP) to manage command and control traffic, a choice that helps attackers avoid traditional network monitoring defenses. Security analysts at Fortinet FortiGuard Labs report that

MuddyWater Uses UDPGangster Backdoor in Targeted Campaign Across Turkey, Israel, and Azerbaijan Read More »

CISA Reports Chinese Hackers Leveraging BRICKSTORM for Persistent U.S. System Access

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the use of a sophisticated backdoor, BRICKSTORM, by state-sponsored Chinese threat actors to maintain long-term access to compromised systems across the United States. CISA described BRICKSTORM as a highly advanced implant designed for VMware vSphere and Windows environments. It allows attackers to gain stealthy access,

CISA Reports Chinese Hackers Leveraging BRICKSTORM for Persistent U.S. System Access Read More »