Undisclosed nuclear-related organization
October 1, 2024
•[ espionage, malware, energy ]
Researchers at Kaspersky reveal that the Lazarus Group, the threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization. The attacks, part of Operation Dream Job, culminated in the deployment of a new modular backdoor referred to as CookiePlus,
National Dutch police (Politie)
September 27, 2024
•[ espionage, government ]
The National Dutch police (Politie) says that a state actor was likely behind a data breach detected the previous week.
Diehl Defence
September 27, 2024
•[ espionage, malware, manufacturing ]
The North Korea-linked APT Kimsuky is linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems.
Senator Ben Cardin
September 26, 2024
•[ espionage, phishing, government ]
An advanced deepfake operation targets Sen. Ben Cardin, the Democratic chair of the Senate Foreign Relations Committee, who is involved in a Zoom conversation with a fake Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs.
Ukrainian government and critical infrastructure organizations
September 25, 2024
•[ phishing, malware, espionage ]
Russian nation-state operators exploited a zero-day vulnerability in 7-Zip (CVE-2025-0411) beginning in September 2024 to deliver SmokeLoader malware through spearphishing campaigns targeting Ukrainian government and critical infrastructure entities. The campaign bypassed Windows Mark-of-the-Web protections to execute payloads and conduct espionage activities. No specific victims or data volumes have been disclosed.
Pacific Islands Forum Secretariat
September 12, 2024
•[ espionage, hack, government ]
Chinese state-sponsored hackers are reportedly suspected of compromising the networks of the Pacific Islands Forum (PIF) Secretariat, a regional diplomatic body based in Fiji.
Local and central government institutions in Poland
September 9, 2024
•[ espionage, government ]
Polish security services reveal to have neutralized a sabotage operation orchestrated by Russia and Belarus that aimed to destabilise Poland, penetrating local and central government institutions with the goal to extort information, to blackmail individuals and institutions and to wage a de facto cyberwar.
Biden-Harris campaign
August 1, 2024
•[ hack, espionage, government ]
The FBI is also investigating the alleged hack of the Biden-Harris campaign by threat actors from Iran
Senior American Political Figures
August 1, 2024
•[ espionage, government ]
The U.S. believes that the Chinese cyber espionage campaign Salt Typhoon targeted and recorded telephone calls of "very senior" American political figures.
Communist Party of Vietnam
August 1, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future observe the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor.
Taiwanese government-affiliated research institute
July 15, 2024
•[ espionage, malware, government ]
Researchers from Cisco Talos reveal that a Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by the nation-state threat actors APT41 with ties to China, through a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike.
Multiple U.S. defense contractors
July 1, 2024
•[ espionage, malware, government ]
Between July 2024 and July 2025, the Chinese state-linked group RedNovember, operating under the Ministry of State Security (MSS), conducted an espionage campaign exploiting internet-facing network devices and Outlook Web Access systems to infiltrate at least two U.S. defense contractors. Attackers deployed the Go-based backdoor Pantegana, Cobalt Strike, and SparkRAT for reconnaissance and persistence, exfiltrating sensitive defense-related data.
Large business-to-business IT service providers in Southern Europe
June 25, 2024
•[ espionage, technology ]
Researchers from Sentinel One and Tinext Cyber reveal the details of Operation Digital Eye, a suspected China-nexus cyber espionage group attributed to an attacks targeting large business-to-business IT service providers in Southern Europe.
Singapore Telecommunications
June 15, 2024
•[ espionage, technology ]
The Chinese threat actors from Volt Typhoon reportedly breached Singapore Telecommunications (SingTel) over the summer as part of their ongoing attacks against critical infrastructure operators.
Ukrainian civil service officials and military personnel
June 4, 2024
•[ espionage, malware, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a campaign targeting Ukrainian civil service officials and military personnel via the DarkCrystal RAT delivered through Signal.
Polish Press Agency
May 31, 2024
•[ espionage, government ]
Polish prosecutors investigate a suspected Russian cyberattack on the countrys state news agency Polish Press Agency (PAP) spreading disinformation with fake news claiming the countrys authorities had announced a partial mobilization of 200,000 men who were to be sent to fight in a war in Ukraine.
Tibet Post and Gyudmed Tantric University
May 31, 2024
•[ espionage, malware, education ]
Researchers at Recorded Future reveal that the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware
Daniel Freund
May 27, 2024
•[ espionage, malware, government ]
Daniel Freund, a German member of Europes Parliament says his mobile phone was targeted with the Candiru mobile spyware on May.
Polish government institutions
May 9, 2024
•[ espionage, malware, government ]
Polands computer emergency response team, CERT-PL, reveals that it had observed a large-scale malware campaign targeting Polish government institutions, likely carried out by the hacker group APT28, associated with Russias military intelligence agency, the GRU.
At least three Wyndham hotels
May 1, 2024
•[ espionage, malware, hospitality ]
pcTattletale, a consumer-grade spyware app is found running on the check-in systems of at least three Wyndham hotels across the United States.
