Cyber Espionage

North Korea Linked Actors Exploit React2Shell to Deliver New EtherRAT Malware

A threat group linked to North Korea has begun exploiting the critical React2Shell security flaw in React Server Components to distribute a previously undocumented remote access trojan named EtherRAT. According to a new report from Sysdig, this malware uses Ethereum smart contracts for command and control resolution, deploys five separate persistence methods on Linux systems, […]

North Korea Linked Actors Exploit React2Shell to Deliver New EtherRAT Malware Read More »

MuddyWater Uses UDPGangster Backdoor in Targeted Campaign Across Turkey, Israel, and Azerbaijan

In a newly identified cyber espionage operation, the Iranian aligned group MuddyWater has been found using a previously unknown backdoor named UDPGangster. The malware relies on the User Datagram Protocol (UDP) to manage command and control traffic, a choice that helps attackers avoid traditional network monitoring defenses. Security analysts at Fortinet FortiGuard Labs report that

MuddyWater Uses UDPGangster Backdoor in Targeted Campaign Across Turkey, Israel, and Azerbaijan Read More »

CISA Reports Chinese Hackers Leveraging BRICKSTORM for Persistent U.S. System Access

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the use of a sophisticated backdoor, BRICKSTORM, by state-sponsored Chinese threat actors to maintain long-term access to compromised systems across the United States. CISA described BRICKSTORM as a highly advanced implant designed for VMware vSphere and Windows environments. It allows attackers to gain stealthy access,

CISA Reports Chinese Hackers Leveraging BRICKSTORM for Persistent U.S. System Access Read More »

CISA Alerts on Active Spyware Campaigns Targeting High Value Signal and WhatsApp Users

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory warning that multiple threat groups are conducting active spyware operations aimed at users of secure messaging platforms, particularly Signal and WhatsApp. The agency said attackers are deploying commercial spyware and remote access trojans to breach mobile devices through targeted social engineering

CISA Alerts on Active Spyware Campaigns Targeting High Value Signal and WhatsApp Users Read More »

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services

A long running cyber espionage operation linked to the China based advanced persistent threat group APT31 has quietly infiltrated multiple Russian information technology companies between 2024 and 2025. According to researchers Daniil Grigoryan and Varvara Koloskova from Positive Technologies, the attackers focused on contractors and integrators that provide services to Russian government agencies, remaining unnoticed

China Linked APT31 Conducts Stealthy Cyberattacks on Russian IT via Cloud Services Read More »

APT24 Deploys BADAUDIO in Long Running Espionage Targeting Taiwan and Over 1,000 Domains

A suspected China-linked cyber threat group known as APT24 has been actively deploying a previously undocumented malware called BADAUDIO as part of a prolonged espionage campaign. The operation, ongoing for nearly three years, has targeted organizations in Taiwan and compromised over 1,000 domains. Google Threat Intelligence Group (GTIG) researchers Harsh Parashar, Tierra Duncan, and Dan

APT24 Deploys BADAUDIO in Long Running Espionage Targeting Taiwan and Over 1,000 Domains Read More »

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government

A state backed Iranian cyber espionage group, commonly known as APT42, has been observed conducting a new intelligence collection campaign aimed at individuals and organizations connected to national security. The Israel National Digital Agency (INDA) has named this ongoing operation SpearSpecter after identifying its activity in early September 2025. Highly Targeted Social Engineering Operations INDA

Iranian Hackers Launch SpearSpecter Spy Operation Targeting Defense and Government Read More »

Chinese Hackers Leveraged Anthropic AI Systems to Run Automated Cyber Espionage Operations

A state sponsored cyber group associated with China carried out an advanced espionage campaign in mid September 2025 by exploiting Anthropic’s artificial intelligence technology. According to Anthropic, the attackers used AI in a way never seen before, transforming it from a supportive tool into an automated engine that performed cyber attacks on its own. AI

Chinese Hackers Leveraged Anthropic AI Systems to Run Automated Cyber Espionage Operations Read More »

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions

A previously unknown hacking group, codenamed “SmudgedSerpent,” has been uncovered targeting American academics and foreign policy specialists. This cyber espionage campaign, which occurred between June and August 2025, aligns with a period of significantly heightened tensions between Iran and Israel, pointing to a clear intelligence-gathering motive. Deceptive Lures and Established Playbooks The threat actor, identified

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Rising Iran–Israel Tensions Read More »