Espionage
North Korea ramps up cyberspying in Ukraine to assess war risk
The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. The attackers use phishing emails that impersonate think tanks, referencing important political events or military developments to lure their targets. Proofpoint researchers who discovered the activity in February 2025 suggest that it’s likely an effort […]
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. Midnight Blizzard, aka ‘Cozy Bear’ or ‘APT29,’ is a state-sponsored cyberespionage group linked to Russia’s Foreign Intelligence Service (SVR). According to Check Point Research, the new campaign introduces a previously unseen malware loader called ‘GrapeLoader,’ and a […]
RedCurl cyberspies create ransomware to encrypt Hyper-V servers
A threat actor named ‘RedCurl,’ known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. Previously, RedCurl was spotted by Group-IB targeting corporate entities worldwide, later expanding its operations and increasing the victim count. However, as Bitdefender Labs researchers report, the threat actors have started deploying ransomware […]
Chinese Weaver Ant hackers spied on telco network for 4 years
A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. Researchers investigating the intrusion found multiple variants of the China Chopper backdoor and a previously undocumented custom web-shell called ‘INMemory’ that executes payloads […]
Silk Typhoon hackers now target IT supply chains to breach networks
Microsoft warns that Chinese cyber-espionage threat group ‘Silk Typhoon’ has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. The tech giant has confirmed breaches across multiple industries, including government, IT services, healthcare, defense, education, NGOs, and energy. “They [Silk Typhoon] exploit […]
Chinese hackers use custom malware to spy on US telecom networks
The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. Salt Typhoon (aka Earth Estries, GhostEmperor, and UNC2286) is a sophisticated hacking group active since at least 2019, primarily focusing on breaching government entities and telecommunications companies. […]
New FinalDraft malware abuses Outlook mail service for stealthy comms
A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. The attacks were discovered by Elastic Security Labs and rely on a complete toolset that includes a custom malware loader named PathLoader, the FinalDraft backdoor, and multiple post-exploitation utilities. The abuse of Outlook, […]
Chinese espionage tools deployed in RA World ransomware attack
A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. The hackers deployed the RA World ransomware against an Asian software and services company and demanded an initial ransom payment of $2 million. Researchers from Symantec’s Threat Hunter Team observed […]
Star Blizzard hackers abuse WhatsApp to target high-value diplomats
Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. According to a Microsoft Threat Intelligence report, the campaign was observed in mid-November 2024 and represents a tactical shift for Star Blizzard as a response to the recent exposure […]
MirrorFace hackers targeting Japanese govt, politicians since 2019
The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed “MirrorFace” hacking group. The campaign has been underway since 2019 and is still ongoing, while the Japanese investigators have observed distinct phases with differentiation of targets and attack methods. In […]