Espionage
State actor targets 155 countries in ‘Shadow Campaigns’ espionage op
A state-sponsored threat group has compromised dozens of networks of government and critical infrastructure entities in 37 countries in global-scale operations dubbed ‘Shadow Campaigns’. Between November and December last year, the actor also engaged in reconnaissance activity targeting government entities connected to 155 countries. According to Palo Alto Networks’ Unit 42 division, the group has […]
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. The hackers combined legitimate tools with the custom Amaranth Loader to deliver encrypted payloads from command-and-control (C2) servers behind Cloudflare infrastructure, for more accurate targeting and increased stealth. According […]
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. According to Kaspersky researchers, the malware has also been used to deploy a previously unseen rootkit. However, a technical analysis will be provided in a future report. CoolClient has […]
New China-linked hackers breach telcos using edge device exploits
A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. Tracked internally by Cisco Talos as UAT-7290, the actor shows strong China nexus indicators and typically focuses on telcos in South Asia in cyber-espionage operations. Active since at least 2022, the UAT-7290 group also serves […]
Zoom Stealer browser extensions harvest corporate meeting intelligence
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. Zoom Stealer is one of three browser extension campaigns that reached more than 7.8 million users over seven years and […]
Anthropic claims of Claude AI-automated cyberattacks met with doubt
Anthropic reports that a Chinese state-sponsored threat group, tracked as GTG-1002, carried out a cyber-espionage operation that was largely automated through the abuse of the company’s Claude Code AI model. However, Anthropic’s claims immediately sparked widespread skepticism, with security researchers and AI practitioners calling the report “made up” or the company of overstating the incident. “I […]
China-linked hackers exploited Lanscope flaw as a zero-day in attacks
China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. The discovery of this activity comes from Sophos researchers, who observed the threat actors exploiting the vulnerability in mid-2025 before it was patched to steal confidential information. The flaw […]
North Korean Lazarus hackers targeted European defense companies
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. The threat group’s activity was detected in late March and targeted organizations involved in the development of unmanned aerial vehicle (UAV) technology. ‘Operation DreamJob’ is a long-running Lazarus campaign where the adversary, posing as […]
Russian hackers evolve malware pushed in “I am not a robot” captchas
The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. Also known as ColdRiver, UNC4057, and Callisto, the Star Blizzard threat group abandoned the LostKeys malware less than a week after researchers published their analysis and leveraged the […]
Google: Brickstorm malware used to steal U.S. orgs’ data for over a year
Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the technology and legal sectors. Brickstorm is a Go-based backdoor documented by Google in April 2024 following China-related intrusions that spawned from various edge devices and remained undetected in the victim environment for more than a year, on average. The […]