Cyber-espionage
Windows zero-day actively exploited to spy on European diplomats
A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. According to Arctic Wolf Labs, the attack chain begins with spearphishing emails that lead to the delivery of malicious LNK files themed around NATO defense procurement workshops, European Commission border facilitation meetings, and various […]
Dutch teens arrested for trying to spy on Europol for Russia
Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday. According to De Telegraaf, the two used a WiFi sniffer device near Europol and Eurojust offices, as well as the Canadian embassy in The Hague. GeekFeed has contacted Europol to confirm the reports, and a […]
Google: Brickstorm malware used to steal U.S. orgs’ data for over a year
Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the technology and legal sectors. Brickstorm is a Go-based backdoor documented by Google in April 2024 following China-related intrusions that spawned from various edge devices and remained undetected in the victim environment for more than a year, on average. The […]
XenoRAT malware campaign hits multiple embassies in South Korea
A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. According to Trellix researchers, the campaign has been running since March and is ongoing, having launched at least 19 spearphishing attacks against high-value targets. Although infrastructure and techniques match the pllaybook of North Korean actor Kimsuky (APT43), there are signs that better […]
Curly COMrades cyberspies hit govt orgs with custom malware
A new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task. The threat actor’s operations appear to support Russian interests by targeting government and judicial bodies in Georgia, and energy firms in Moldova. The attacker is currently tracked as Curly COMrades and has been active since […]
Canada says Salt Typhoon hacked telecom firm via Cisco flaw
The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. During the February 2025 incident, Salt Typhoon exploited the CVE-2023-20198 flaw, a critical Cisco IOS XE vulnerability allowing remote, unauthenticated attackers to create arbitrary accounts and gain admin-level privileges. The flaw […]
Telecom giant Viasat breached by China’s Salt Typhoon hackers
Satellite communications company Viasat is the latest victim of China’s Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide. Viasat provides satellite broadband services to governments worldwide and aviation, military, energy, maritime, and enterprise customers. Last month, the telecom giant told shareholders that it […]
Russian Laundry Bear cyberspies linked to Dutch Police hack
A previously unknown Russian-backed cyberespionage group tracked as Laundry Bear has been linked to a September 2024 Dutch police security breach. As the Dutch national police (Politie) revealed last year, the attackers stole work-related contact information of multiple officers, including names, email addresses, phone numbers, and, in some cases, private details. The Netherlands General Intelligence and […]
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. The hackers targeted entities in the defense, transportation, IT services, air traffic, and maritime sectors in 12 European countries and the United States. Additionally, the hackers have been […]
Government webmail hacked via XSS bugs in global spy campaign
Hackers are running a worldwide cyberespionage campaign dubbed ‘RoundPress,’ leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. ESET researchers who uncovered the operation attribute it with medium confidence to the Russian state-sponsored hackers APT28 (aka “Fancy Bear” or “Sednit”). The campaign started in 2023 and continued with the adoption of new exploits […]