Undisclosed US-based media organization
July 14, 2022
•[ espionage, technology ]
Researchers from Proofpoint reveal the details of a campaign carried out by the North Korean threat group Lazarus Group (AKA TA404) targeting an undisclosed US-based media organization.
Students at various educational institutions in India
July 13, 2022
•[ espionage, education ]
Researchers from Cisco Talos reveal the details of a new campaign carried out by the Pakistani APT group known as Transparent Tribe, targeting students at various educational institutions in India at least since December 2021.
Ukranian state entities
July 11, 2022
•[ espionage, malware, government ]
A distribution of emails entitled "Joint Official Report on the Humanitarian Situation. Ukraine" and attachment in the form of a XLS document "The humanitarian catastrophy in Ukraine 24 February 2022" compromised Ukrainian state organs and affected systems with the Cobalt Strike Beacon program.
Multiple organizations in Japan
July 5, 2022
•[ espionage, malware, technology ]
The Japan CERT (JPCERT) discover a new version of the VSingle malware, used by the Lazarus Group, able to retrieve the C2 servers information from GitHub.
Military entities in Bangladesh
July 5, 2022
•[ espionage, malware, government ]
Researchers from Secuinfra reveal that an advanced persistent threat (APT) operating under the name of 'Bitter' continues to conduct cyber-attacks against military entities in Bangladesh.
High profile victims
July 2, 2022
•[ espionage, government ]
The cyber-espionage group Cloud Atlas has ramped up activities targeting Russia, Belarus and disputed parts of Ukraine and Moldova since Russia's invasion this year, according to a new report.
High profile victims
July 1, 2022
•[ espionage, government ]
The cyber-espionage group Cloud Atlas has ramped up activities targeting Russia, Belarus and disputed parts of Ukraine and Moldova since Russia's invasion this year, according to a new report.
High profile victims
June 30, 2022
•[ espionage, government ]
The cyber-espionage group Cloud Atlas has ramped up activities targeting Russia, Belarus and disputed parts of Ukraine and Moldova since Russia's invasion this year, according to a new report.
Unidentified Telecommunications company
June 7, 2022
•[ espionage, technology ]
The NSA, CISA, and the FBI reveal that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data.
Unnamed Jordanian diplomat
May 11, 2022
•[ espionage, malware, government ]
Researchers from Fortinet discover a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, targeting a Jordanian diplomat with custom-crafted tools.
Government and defense officials, politicians, NGOs and think tanks, and journalists
May 3, 2022
•[ espionage, phishing, government ]
Google's Threat Analysis Group reveals that the Russian threat actor Calisto is targeting government and defense officials, politicians, NGOs and think tanks, and journalists via phishing links directly in the email, linking to PDFs and/or DOCs hosted on Google Drive and Microsoft One Drive.
Spain's Prime Minister Pedro Sanchez and Defense Minister Margarita Robles
May 2, 2022
•[ espionage, malware, government ]
Spanish government officials reveal that the mobile phones used by Spain's Prime Minister Pedro Sanchez and Defense Minister Margarita Robles were infected with Pegasus spyware, a well-known surveillance tool made by Israel's NSO Group.
Chemical and IT sector organizations in South Korea
April 14, 2022
•[ espionage, malware, manufacturing ]
Researchers from Symantec Broadcom reveal that the Operation Dream Job has now been expanded to target chemical and IT sector organizations in South Korea.
Members of the Ukrainian military
April 7, 2022
•[ espionage, government ]
Meta detects a spike in compromise attempts aimed at members of the Ukrainian military by Ghostwriter,
Defence ministry and other institutions in Ukraine
April 1, 2022
•[ espionage, government ]
According to the Ukrainian Security Service (SBU), China staged a huge cyberattack on Ukraine's military and nuclear facilities in the build-up to Russia's invasion.
ICTV
April 1, 2022
•[ espionage, malware, technology ]
Researchers from Malwarebytes reveal that the cyberespionage actor UAC-0056, also known as SaintBear, UNC2589 and TA471, is using a macro-embedded Excel document to target several entities in Ukraine, including ICTV, a private TV channel.
Russian state officers
March 31, 2022
•[ espionage, malware, government ]
Researchers from Secureworks discover a campaign carried out by the Mustang Panda group targeting Russian state officers with the PlugX remote access tool.
Rostec
March 23, 2022
•[ espionage, malware, manufacturing ]
Multiple Chinese APT groups leveraged the Russia and Ukraine war as a lure for cyberespionage operations. The APT groups have been using sanctions-related baits to attack Russian defense institutes, part of the Rostec Corporation. The hackers used new tools, which have not previously been described: a sophisticated multi-layered loader and a backdoor dubbed SPINNER. These tools use advanced evasion and anti-analysis techniques such as multi-layer in-memory loaders and compiler-level obfuscations. The operation targeted defense research institutes in Russia and possibly also in Belarus. The purpose of the backdoor and the operation is likely to collect information from targets inside the high-tech Russian defense industry to support China in its technological advancement.
Government Agencies of Ukraine
March 17, 2022
•[ espionage, malware, government ]
The Ukranian Ministry of Defense notified CERT-UA about the distribution of e-mails containing malicious files and targeting Ukrainian government and military entities. As a result of the attack, the victim's computer would be infected with SPECTR malware.
Undetermined
March 13, 2022
•[ espionage, finance ]
A suspected Russian nation state actor stole data from a nuclear safety organization. "EnergeticBear" compromised this entity in December 2021 and stole data from it from December through mid-March.
