Skip to main content

Tag: espionage

211 articles

Formal office setting with laptop, papers, and pen on a desk near a window overlooking a cityscape.

GoSerpent Malware Targets Southeast Asian Governments for Espionage

A stealthy cyber threat, known as GoSerpent, has been secretly targeting Southeast Asian governments and diplomats since late 2025, with the goal of gathering sensitive intelligence. This sophisticated malware has been evolving, with a new set of malicious tools deployed as recently as May 2026.

Analyst 207
Cluttered workspace with laptop and technical instruments in a modern research facility.

Microsoft Exposes GigaWiper Malware's Dual Espionage, Destructive Capabilities

Microsoft researchers have uncovered a highly sophisticated malware, GigaWiper, that masterfully combines espionage and destructive capabilities, allowing threat actors to operate efficiently and wreak havoc on infected systems. This multi-purpose backdoor enables attackers to quietly gather intel while packing a punch with its suite of destructive options.

Analyst 207
Living room with smart TV and streaming box, cityscape visible through window.

Google Disrupts Massive NetNut Residential Proxy Network

Google's Threat Intelligence Group has made a significant dent in the massive NetNut residential proxy network, estimated to comprise at least 2 million home devices worldwide, by partnering with the FBI, Lumen, and other allies to reduce its pool of usable devices by millions. This disruption targeted a network used by both cybercriminal and espionage groups.

Analyst 207
Government building stands under bright sunlight with a hint of unease.

Google Uncovers China Espionage Group UNC6508 Lurking Undetected Since 2023

Google's Threat Intelligence Group has uncovered a stealthy Chinese espionage group, UNC6508, that had been secretly lurking in networks since 2023, targeting key sectors in the US and Canada. The full extent of the damage is still unknown, leaving experts concerned about potential long-term security breaches.

Analyst 207
Brightly-lit hospital corridor with medical equipment, computers, and researchers in the distance.

Chinese hackers breach medical research servers with custom malware

Malicious hackers linked to China breached a North American medical research institution, hiding undetected for over a year and gaining access to sensitive research areas. The attackers used custom malware, known as Infinitered, with broad capabilities to siphon off valuable intel from September 2023 to November 2025.

Analyst 207
Hospital corridor with laptop in foreground, natural light through large windows.

Chinese Spies Exploit Medical, Military Networks for Over a Year

Google's Threat Intelligence Group uncovered a sneaky espionage campaign by Chinese spies that infiltrated medical and military networks in North America for over a year, making off with a treasure trove of sensitive data. The group, tracked as UNC6508, targeted top medical providers, academic centers, and military organizations, leaving no stone unturned in their quest for classified information.

Analyst 207
Person browsing on a laptop in a busy coffee shop with blurred background.

China Exploits Job Sites for Spying on Five Eyes Targets

Be cautious on job sites - Chinese spies are posing as recruiters on LinkedIn, Indeed, and Upwork to trick Five Eyes targets into divulging sensitive information. They're using clever social engineering tactics to make their scams seem all too believable.

Analyst 207
Researchers in lab coats work in a modern laboratory with a mix of old and new architecture.

US Research Security Landscape Evolves Amid Foreign Exploitation Fears

Join a live webinar on June 24, 2026, to explore how the Pentagon's new emphasis on research security is transforming the way universities, government agencies, and institutions protect against foreign exploitation. Earn 1 CPE credit while learning how to bolster defenses for basic and applied research in a rapidly evolving security landscape.

Analyst 207
Compromised web server in a data center with a focus on the targeted server on a rack.

China-Linked OP-512 Targets IIS Servers with Custom Web Shells

Meet OP-512, a China-linked threat cluster with a taste for espionage, recently caught targeting IIS servers with custom web shells in a stealthy bid for sensitive intel. This sneaky operation aligns with China's intelligence priorities, putting certain sectors and geographies firmly in its crosshairs.

Analyst 207
Person sitting at desk with laptop and smartphone, looking concerned amidst papers and notes.

China Exploits Job Platforms to Recruit State Secret Leakers

MI5 warns that China's military intelligence is using popular job platforms like LinkedIn, Indeed, and Upwork to recruit individuals with access to classified information, targeting those in foreign policy, defence, and other sensitive fields. The goal is to gather privileged military, political, and economic intelligence.

Analyst 207
Cramped network closet with equipment and cables, and a single laptop in the foreground.

Chinese hackers infiltrate telcos with Showboat, JFMBackdoor malware

Chinese-aligned hackers have been secretly infiltrating telecommunications providers across Asia Pacific and the Middle East since mid-2022, using sneaky malware like Showboat and JFMBackdoor to stay under the radar. They even used a clever "hide" command to conceal their digital footprints on infected machines.

Analyst 207
Office building lobby with blurred security camera and people walking, hint of network connection on screen.

Mustang Panda Deploys Updated FDMTP Backdoor in Asia-Pacific Espionage

A sophisticated espionage campaign has been targeting organizations across Asia-Pacific and Japan for months, with researchers linking the activity to the notorious China-aligned group Mustang Panda with moderate confidence. The group's tactics may evolve, but their execution model remains eerily consistent.

Analyst 207
Network device in a brightly-lit tech environment with blurred background infrastructure.

Palo Alto Networks Discloses Active Exploitation of PAN-OS Flaw Enabling Espionage

Palo Alto Networks has uncovered active exploitation of a high-severity flaw in PAN-OS software, allowing attackers to execute arbitrary code with root privileges and inject shellcode into vulnerable systems. This critical vulnerability, tracked as CVE-2026-0300, enables unauthenticated remote code execution, putting affected appliances at risk of espionage.

Analyst 207
Brightly-lit office interior with subtle Middle Eastern architectural influence, laptop screen in foreground.

Iran-Linked APT Exploits Ransomware Disguise for Espionage

MuddyWater, an Iran-linked APT group, has been caught exploiting a ransomware disguise to secretly infiltrate systems, using interactive tactics to harvest credentials and gain internal access. By masquerading as a Chaos ransomware affiliate, the group aimed to throw off detectives and cover its espionage tracks.

Analyst 207
Computer workstation in a brightly-lit Korean game center with patrons and traditional games.

ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering

Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.

Analyst 207
Busy airport terminal in Central or South America with laptop on luggage cart.

TGR-STA-1030 Intensifies Espionage Push in Central, South America

The threat group TGR-STA-1030 is ramping up its espionage efforts in Central and South America, with sustained and widespread activity observed across multiple countries since February. This persistent campaign has recently intensified, with a heavy focus on regions within Central and South America.

Analyst 207
Security analyst's workstation with multiple screens displaying code and threat analysis tools in a neutral office setting.

Harvester Expands Linux Arsenal with GoGra Backdoor in South Asia

Harvester's Linux arsenal just got a boost with the deployment of the GoGra backdoor in South Asia, enabling the threat actor to sneak past traditional network defenses by hijacking legitimate Microsoft Graph API and Outlook mailboxes. This latest move is linked to Harvester's earlier espionage campaigns targeting key sectors in the region.

Analyst 207
Cluttered workspace with Linux terminal and laptop, cityscape outside, surrounded by notes and coffee cups.

Harvester Malware Exploits Microsoft Graph API for Stealthy Linux Attacks

Meet Harvester, a stealthy espionage group believed to be state-backed, that's been secretly targeting telecommunications, government, and IT organizations in South Asia since 2021. Their latest trick? A Linux-capable GoGra backdoor that uses Microsoft Graph API for covert communications.

Analyst 207
Laptop screen displays code with cityscape visible through window in background.

Mustang Panda Expands LOTUSLITE Malware to Target India, Korea

Meet the evolved LOTUSLITE backdoor, now wielding dynamic DNS-based command-and-control over HTTPS, enabling its operators to remotely access and manipulate targeted systems for espionage purposes. This sophisticated malware supports remote shell access, file operations, and session management, a potent toolkit for data collection and access persistence.

Analyst 207
Former Defense Contractor Boss: Exclusive Harsh 7-Year Term

Former Defense Contractor Boss: Exclusive Harsh 7-Year Term

A former defense‑contractor boss was sentenced to seven years after allegedly selling zero‑day vulnerabilities to a Russian buyer, a case that lays bare how quickly trusted tools can become weapons. It’s an unsettling reminder that when defenders traffic in the tools of attack, public trust—and national security—are the real casualties.

Analyst 207
Poland Bans Chinese Camera Cars from Bases: Exclusive Risk

Poland Bans Chinese Camera Cars from Bases: Exclusive Risk

Poland has banned Chinese camera cars from military bases, forcing a simple question: when does convenient tech become a security risk? By inviting trusted Western firms like Dell to help build a local LLM, Warsaw is signaling it’ll pick partners it trusts over blanket openness.

Analyst 207
China-Linked UAT-7290 Exclusive: Severe Telecom Threat

China-Linked UAT-7290 Exclusive: Severe Telecom Threat

Exclusive alert: China-Linked UAT-7290 is emerging as a severe telecom threat—here’s what network teams and users need to know to shore up defenses fast.

Analyst 207
Mustang Panda Exclusive: Signed Rootkit Threatens Systems

Mustang Panda Exclusive: Signed Rootkit Threatens Systems

Think a signed driver means its safe? Kaspersky uncovered Mustang Panda using a legitimately signed rootkit to load the TONESHELL backdoor and bypass defenses—proof that a signed rootkit can be weaponized to gain kernel‑level control.

Analyst 207
State-Sponsored Actors: Stunning Dangerous Backdoor Malware

State-Sponsored Actors: Stunning Dangerous Backdoor Malware

Think of it as digital housekeeping: state-backed groups are slipping backdoor malware through everyday misconfigurations and tiny telemetry leaks, turning simple routers and appliances into long-term spy gear. The hard question for defenders is whether to lock every open door now—or risk attackers turning small oversights into lasting access.

Analyst 207