Communist Party of Vietnam
August 1, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future observe the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor.
Taiwanese government-affiliated research institute
July 15, 2024
•[ espionage, malware, government ]
Researchers from Cisco Talos reveal that a Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by the nation-state threat actors APT41 with ties to China, through a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike.
Multiple U.S. defense contractors
July 1, 2024
•[ espionage, malware, government ]
Between July 2024 and July 2025, the Chinese state-linked group RedNovember, operating under the Ministry of State Security (MSS), conducted an espionage campaign exploiting internet-facing network devices and Outlook Web Access systems to infiltrate at least two U.S. defense contractors. Attackers deployed the Go-based backdoor Pantegana, Cobalt Strike, and SparkRAT for reconnaissance and persistence, exfiltrating sensitive defense-related data.
Large business-to-business IT service providers in Southern Europe
June 25, 2024
•[ espionage, technology ]
Researchers from Sentinel One and Tinext Cyber reveal the details of Operation Digital Eye, a suspected China-nexus cyber espionage group attributed to an attacks targeting large business-to-business IT service providers in Southern Europe.
Singapore Telecommunications
June 15, 2024
•[ espionage, technology ]
The Chinese threat actors from Volt Typhoon reportedly breached Singapore Telecommunications (SingTel) over the summer as part of their ongoing attacks against critical infrastructure operators.
Ukrainian civil service officials and military personnel
June 4, 2024
•[ espionage, malware, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a campaign targeting Ukrainian civil service officials and military personnel via the DarkCrystal RAT delivered through Signal.
Polish Press Agency
May 31, 2024
•[ espionage, government ]
Polish prosecutors investigate a suspected Russian cyberattack on the countrys state news agency Polish Press Agency (PAP) spreading disinformation with fake news claiming the countrys authorities had announced a partial mobilization of 200,000 men who were to be sent to fight in a war in Ukraine.
Tibet Post and Gyudmed Tantric University
May 31, 2024
•[ espionage, malware, education ]
Researchers at Recorded Future reveal that the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware
Daniel Freund
May 27, 2024
•[ espionage, malware, government ]
Daniel Freund, a German member of Europes Parliament says his mobile phone was targeted with the Candiru mobile spyware on May.
Polish government institutions
May 9, 2024
•[ espionage, malware, government ]
Polands computer emergency response team, CERT-PL, reveals that it had observed a large-scale malware campaign targeting Polish government institutions, likely carried out by the hacker group APT28, associated with Russias military intelligence agency, the GRU.
At least three Wyndham hotels
May 1, 2024
•[ espionage, malware, hospitality ]
pcTattletale, a consumer-grade spyware app is found running on the check-in systems of at least three Wyndham hotels across the United States.
Multiple Airlines
April 25, 2024
•[ espionage, ddos, technology ]
State officials from Lithuania and Estonia blame Russia for GPS jamming of commercial flights.
Volkswagen
April 20, 2024
•[ espionage, manufacturing ]
Threat actors associated with the Chinese government are believed to have hacked into Volkswagen systems in an effort to steal valuable data between 2011 and 2014.
Unnamed Philippines-based military company
April 3, 2024
•[ espionage, malware, government ]
China-linked APT used EggStreme (fileless, DLL-sideloaded) to persist on hosts at a Philippine military firm; EggStremeAgent backdoor + Keylogger enabled reconnaissance, lateral movement, and data theft; activity observed since early 2024; initial access unknown; attribution to a specific group not made.
Lithuania
March 8, 2024
•[ espionage, government ]
A report published by Lithuanian security services warne that China has escalated its espionage operations against Lithuania.
Russian Ministry of Defense (Minoborony)
March 4, 2024
•[ espionage, government ]
The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents.
British Home Office
March 1, 2024
•[ espionage, government ]
Threat actors from APT29 working for Russias foreign intelligence service accessed corporate emails and data on individuals from the British government, after they breached Microsoft in January 2024.
Chunghwa Telecom
February 29, 2024
•[ espionage, leak, government ]
The Taiwan ministry of national defense says that threat actors stole sensitive information including military and government documents from Chunghwa Telecom, Taiwans largest telecom company and sold it on the dark web.
Organizations in Japan
February 28, 2024
•[ espionage, malware, technology ]
Japan's Computer Security Incident Response Team (JPCERT/CC) warns that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.
Organization in the defense sector
February 19, 2024
•[ espionage, malware, technology ]
Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn that Lazarus group's "Operation Dream Job," was also used against the defense sector.
