Tag: state sponsored

8 articles

Laptop screen on cluttered office desk with subtle hint of fake installation page.

Kimsuky Expands Malware Arsenal with HTTPSpy, HelloDoor

Kimsuky, a notorious North Korean hacking group, has upgraded its malware arsenal with HTTPSpy and HelloDoor, using clever tactics like fake installation pages and a spoofed Webex meeting to infiltrate targets. The group's latest attacks involve highly tailored social engineering and real-time infection verification to maximize success.

Analyst 207
Rows of rack-mounted computer equipment and cables in a neutral-colored server room.

Turla Upgrades Kazuar Backdoor to Modular P2P Botnet

Microsoft's Threat Intelligence team has uncovered a significant upgrade to the Kazuar backdoor by the notorious Russian state-sponsored group Turla, now a modular P2P botnet designed for long-term intelligence collection. This move enables Turla to maintain a persistent grip on compromised systems.

Analyst 207
Network security device on a rack in a brightly-lit data center server room.

State-sponsored hackers exploit Palo Alto Networks firewall zero-day

Palo Alto Networks has issued a warning about a critical zero-day vulnerability, CVE-2026-0300, that allows state-sponsored hackers to exploit its firewalls and execute arbitrary code with root privileges. The company is tracking limited exploitation attempts, linked to a cluster of likely state-sponsored threat activity.

Analyst 207
Modern office interior with subtle hints of cyber activity in the background.

MuddyWater hackers exploit Chaos ransomware as cyber-espionage decoy

MuddyWater hackers have cleverly used Chaos ransomware as a decoy to mask their true intentions - and it's not about making a quick buck. Instead, their tactics suggest a more sinister goal, blurring the lines between state-sponsored espionage and cybercrime.

Analyst 207
Brightly lit computer workstation with generic gaming peripherals and cables against a neutral background.

ScarCruft Expands Malware Arsenal with Multi-Platform BirdCall Backdoor

ScarCruft hackers have launched a sneaky attack on a popular video game platform, infecting both Windows and Android users with a new backdoor called BirdCall. The multi-platform threat has been targeting ethnic Koreans in China since late 2024, allowing hackers to gain unauthorized access.

Analyst 207
Cluttered workspace with Linux terminal and laptop, cityscape outside, surrounded by notes and coffee cups.

Harvester Malware Exploits Microsoft Graph API for Stealthy Linux Attacks

Meet Harvester, a stealthy espionage group believed to be state-backed, that's been secretly targeting telecommunications, government, and IT organizations in South Asia since 2021. Their latest trick? A Linux-capable GoGra backdoor that uses Microsoft Graph API for covert communications.

Analyst 207
Shadowy figure in hoodie surrounded by cryptic symbols and a dead plant, with a laptop glow, set against a dusk cityscape.

Lazarus Hackers Orchestrate $290 Million KelpDAO Heist

In a shocking turn of events, the Lazarus hackers struck again, making off with a staggering $290 million from the KelpDAO decentralized finance project in a single weekend heist. But who benefits from this massive theft, and who's left to deal with the devastating aftermath?

Analyst 207
Torn and shredded PDF document scattered on cracked concrete floor under flickering fluorescent light.

Zero-Day Exploits Target PDF Files Amid State-Sponsored Infrastructure Meddling

A critical zero-day flaw has been hiding in plain sight within everyday PDF files, and at the same time, state-sponsored actors have been aggressively probing vital infrastructure, creating a perfect storm that demands immediate attention. This dual threat of quietly persistent PDFs and long-simmering meddling has escalated into a situation that requires rapid action.

Analyst 207