Tag: espionage
211 articles

GoSerpent Malware Targets Southeast Asian Governments for Espionage
A stealthy cyber threat, known as GoSerpent, has been secretly targeting Southeast Asian governments and diplomats since late 2025, with the goal of gathering sensitive intelligence. This sophisticated malware has been evolving, with a new set of malicious tools deployed as recently as May 2026.

Microsoft Exposes GigaWiper Malware's Dual Espionage, Destructive Capabilities
Microsoft researchers have uncovered a highly sophisticated malware, GigaWiper, that masterfully combines espionage and destructive capabilities, allowing threat actors to operate efficiently and wreak havoc on infected systems. This multi-purpose backdoor enables attackers to quietly gather intel while packing a punch with its suite of destructive options.

Google Disrupts Massive NetNut Residential Proxy Network
Google's Threat Intelligence Group has made a significant dent in the massive NetNut residential proxy network, estimated to comprise at least 2 million home devices worldwide, by partnering with the FBI, Lumen, and other allies to reduce its pool of usable devices by millions. This disruption targeted a network used by both cybercriminal and espionage groups.

Google Uncovers China Espionage Group UNC6508 Lurking Undetected Since 2023
Google's Threat Intelligence Group has uncovered a stealthy Chinese espionage group, UNC6508, that had been secretly lurking in networks since 2023, targeting key sectors in the US and Canada. The full extent of the damage is still unknown, leaving experts concerned about potential long-term security breaches.

Chinese hackers breach medical research servers with custom malware
Malicious hackers linked to China breached a North American medical research institution, hiding undetected for over a year and gaining access to sensitive research areas. The attackers used custom malware, known as Infinitered, with broad capabilities to siphon off valuable intel from September 2023 to November 2025.

Chinese Spies Exploit Medical, Military Networks for Over a Year
Google's Threat Intelligence Group uncovered a sneaky espionage campaign by Chinese spies that infiltrated medical and military networks in North America for over a year, making off with a treasure trove of sensitive data. The group, tracked as UNC6508, targeted top medical providers, academic centers, and military organizations, leaving no stone unturned in their quest for classified information.

China Exploits Job Sites for Spying on Five Eyes Targets
Be cautious on job sites - Chinese spies are posing as recruiters on LinkedIn, Indeed, and Upwork to trick Five Eyes targets into divulging sensitive information. They're using clever social engineering tactics to make their scams seem all too believable.

US Research Security Landscape Evolves Amid Foreign Exploitation Fears
Join a live webinar on June 24, 2026, to explore how the Pentagon's new emphasis on research security is transforming the way universities, government agencies, and institutions protect against foreign exploitation. Earn 1 CPE credit while learning how to bolster defenses for basic and applied research in a rapidly evolving security landscape.

China-Linked OP-512 Targets IIS Servers with Custom Web Shells
Meet OP-512, a China-linked threat cluster with a taste for espionage, recently caught targeting IIS servers with custom web shells in a stealthy bid for sensitive intel. This sneaky operation aligns with China's intelligence priorities, putting certain sectors and geographies firmly in its crosshairs.

China Exploits Job Platforms to Recruit State Secret Leakers
MI5 warns that China's military intelligence is using popular job platforms like LinkedIn, Indeed, and Upwork to recruit individuals with access to classified information, targeting those in foreign policy, defence, and other sensitive fields. The goal is to gather privileged military, political, and economic intelligence.

Chinese hackers infiltrate telcos with Showboat, JFMBackdoor malware
Chinese-aligned hackers have been secretly infiltrating telecommunications providers across Asia Pacific and the Middle East since mid-2022, using sneaky malware like Showboat and JFMBackdoor to stay under the radar. They even used a clever "hide" command to conceal their digital footprints on infected machines.

Mustang Panda Deploys Updated FDMTP Backdoor in Asia-Pacific Espionage
A sophisticated espionage campaign has been targeting organizations across Asia-Pacific and Japan for months, with researchers linking the activity to the notorious China-aligned group Mustang Panda with moderate confidence. The group's tactics may evolve, but their execution model remains eerily consistent.

Palo Alto Networks Discloses Active Exploitation of PAN-OS Flaw Enabling Espionage
Palo Alto Networks has uncovered active exploitation of a high-severity flaw in PAN-OS software, allowing attackers to execute arbitrary code with root privileges and inject shellcode into vulnerable systems. This critical vulnerability, tracked as CVE-2026-0300, enables unauthenticated remote code execution, putting affected appliances at risk of espionage.

Iran-Linked APT Exploits Ransomware Disguise for Espionage
MuddyWater, an Iran-linked APT group, has been caught exploiting a ransomware disguise to secretly infiltrate systems, using interactive tactics to harvest credentials and gain internal access. By masquerading as a Chaos ransomware affiliate, the group aimed to throw off detectives and cover its espionage tracks.

ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering
Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.

TGR-STA-1030 Intensifies Espionage Push in Central, South America
The threat group TGR-STA-1030 is ramping up its espionage efforts in Central and South America, with sustained and widespread activity observed across multiple countries since February. This persistent campaign has recently intensified, with a heavy focus on regions within Central and South America.

Harvester Expands Linux Arsenal with GoGra Backdoor in South Asia
Harvester's Linux arsenal just got a boost with the deployment of the GoGra backdoor in South Asia, enabling the threat actor to sneak past traditional network defenses by hijacking legitimate Microsoft Graph API and Outlook mailboxes. This latest move is linked to Harvester's earlier espionage campaigns targeting key sectors in the region.

Harvester Malware Exploits Microsoft Graph API for Stealthy Linux Attacks
Meet Harvester, a stealthy espionage group believed to be state-backed, that's been secretly targeting telecommunications, government, and IT organizations in South Asia since 2021. Their latest trick? A Linux-capable GoGra backdoor that uses Microsoft Graph API for covert communications.

Mustang Panda Expands LOTUSLITE Malware to Target India, Korea
Meet the evolved LOTUSLITE backdoor, now wielding dynamic DNS-based command-and-control over HTTPS, enabling its operators to remotely access and manipulate targeted systems for espionage purposes. This sophisticated malware supports remote shell access, file operations, and session management, a potent toolkit for data collection and access persistence.

Former Defense Contractor Boss: Exclusive Harsh 7-Year Term
A former defense‑contractor boss was sentenced to seven years after allegedly selling zero‑day vulnerabilities to a Russian buyer, a case that lays bare how quickly trusted tools can become weapons. It’s an unsettling reminder that when defenders traffic in the tools of attack, public trust—and national security—are the real casualties.

Poland Bans Chinese Camera Cars from Bases: Exclusive Risk
Poland has banned Chinese camera cars from military bases, forcing a simple question: when does convenient tech become a security risk? By inviting trusted Western firms like Dell to help build a local LLM, Warsaw is signaling it’ll pick partners it trusts over blanket openness.

China-Linked UAT-7290 Exclusive: Severe Telecom Threat
Exclusive alert: China-Linked UAT-7290 is emerging as a severe telecom threat—here’s what network teams and users need to know to shore up defenses fast.

Mustang Panda Exclusive: Signed Rootkit Threatens Systems
Think a signed driver means its safe? Kaspersky uncovered Mustang Panda using a legitimately signed rootkit to load the TONESHELL backdoor and bypass defenses—proof that a signed rootkit can be weaponized to gain kernel‑level control.

State-Sponsored Actors: Stunning Dangerous Backdoor Malware
Think of it as digital housekeeping: state-backed groups are slipping backdoor malware through everyday misconfigurations and tiny telemetry leaks, turning simple routers and appliances into long-term spy gear. The hard question for defenders is whether to lock every open door now—or risk attackers turning small oversights into lasting access.