Nuclear scientist and senior Israeli officials
November 11, 2024
•[ espionage, government ]
Threat actors believed to be affiliated with Iranian intelligence expose the personal details of a nuclear scientist who worked at the Soreq Nuclear Research Center, and private photos and emails of senior Israeli officials, including a former Defense Ministry director general.
Mongolian Ministry of Defense
November 1, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future observe the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor.
Organizations in Israel
October 31, 2024
•[ espionage, malware, technology ]
Researchers at Check Point reveal that the threat actor dubber WIRTE, affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks with the SameCoin malware that exclusively target Israeli entities.
Sensitive government and police databases in Italy
October 25, 2024
•[ hack, espionage, government ]
Four people are arrested in Italy after a business intelligence company called Equalize is accused of hacking sensitive government and police databases to create dossiers for its clients.
North Caucasus Federal University
October 11, 2024
•[ hack, espionage, education ]
Ukraines military intelligence announced that they hacked the systems of North Caucasus Federal University, the Russian university that trains drone operators, digital communication specialists, engineers, and physicists for its army.
Governments and armed forces, think tanks, academic researchers, and Ukrainian entities
October 1, 2024
•[ espionage, malware, government ]
Researchers at Trend Micro reveal the details of a campaign carried out by the Russia-linked APT29 threat actor, leveraging malicious Remote Desktop Protocol (RDP) configuration files.
Undisclosed nuclear-related organization
October 1, 2024
•[ espionage, malware, energy ]
Researchers at Kaspersky reveal that the Lazarus Group, the threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization. The attacks, part of Operation Dream Job, culminated in the deployment of a new modular backdoor referred to as CookiePlus,
National Dutch police (Politie)
September 27, 2024
•[ espionage, government ]
The National Dutch police (Politie) says that a state actor was likely behind a data breach detected the previous week.
Diehl Defence
September 27, 2024
•[ espionage, malware, manufacturing ]
The North Korea-linked APT Kimsuky is linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems.
Senator Ben Cardin
September 26, 2024
•[ espionage, phishing, government ]
An advanced deepfake operation targets Sen. Ben Cardin, the Democratic chair of the Senate Foreign Relations Committee, who is involved in a Zoom conversation with a fake Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs.
Ukrainian government and critical infrastructure organizations
September 25, 2024
•[ phishing, malware, espionage ]
Russian nation-state operators exploited a zero-day vulnerability in 7-Zip (CVE-2025-0411) beginning in September 2024 to deliver SmokeLoader malware through spearphishing campaigns targeting Ukrainian government and critical infrastructure entities. The campaign bypassed Windows Mark-of-the-Web protections to execute payloads and conduct espionage activities. No specific victims or data volumes have been disclosed.
Pacific Islands Forum Secretariat
September 12, 2024
•[ espionage, hack, government ]
Chinese state-sponsored hackers are reportedly suspected of compromising the networks of the Pacific Islands Forum (PIF) Secretariat, a regional diplomatic body based in Fiji.
Local and central government institutions in Poland
September 9, 2024
•[ espionage, government ]
Polish security services reveal to have neutralized a sabotage operation orchestrated by Russia and Belarus that aimed to destabilise Poland, penetrating local and central government institutions with the goal to extort information, to blackmail individuals and institutions and to wage a de facto cyberwar.
Biden-Harris campaign
August 1, 2024
•[ hack, espionage, government ]
The FBI is also investigating the alleged hack of the Biden-Harris campaign by threat actors from Iran
Senior American Political Figures
August 1, 2024
•[ espionage, government ]
The U.S. believes that the Chinese cyber espionage campaign Salt Typhoon targeted and recorded telephone calls of "very senior" American political figures.
Communist Party of Vietnam
August 1, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future observe the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor.
Taiwanese government-affiliated research institute
July 15, 2024
•[ espionage, malware, government ]
Researchers from Cisco Talos reveal that a Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by the nation-state threat actors APT41 with ties to China, through a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike.
Multiple U.S. defense contractors
July 1, 2024
•[ espionage, malware, government ]
Between July 2024 and July 2025, the Chinese state-linked group RedNovember, operating under the Ministry of State Security (MSS), conducted an espionage campaign exploiting internet-facing network devices and Outlook Web Access systems to infiltrate at least two U.S. defense contractors. Attackers deployed the Go-based backdoor Pantegana, Cobalt Strike, and SparkRAT for reconnaissance and persistence, exfiltrating sensitive defense-related data.
Large business-to-business IT service providers in Southern Europe
June 25, 2024
•[ espionage, technology ]
Researchers from Sentinel One and Tinext Cyber reveal the details of Operation Digital Eye, a suspected China-nexus cyber espionage group attributed to an attacks targeting large business-to-business IT service providers in Southern Europe.
Singapore Telecommunications
June 15, 2024
•[ espionage, technology ]
The Chinese threat actors from Volt Typhoon reportedly breached Singapore Telecommunications (SingTel) over the summer as part of their ongoing attacks against critical infrastructure operators.
