Unnamed Jordanian diplomat
May 11, 2022
•[ espionage, malware, government ]
Researchers from Fortinet discover a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, targeting a Jordanian diplomat with custom-crafted tools.
Government and defense officials, politicians, NGOs and think tanks, and journalists
May 3, 2022
•[ espionage, phishing, government ]
Google's Threat Analysis Group reveals that the Russian threat actor Calisto is targeting government and defense officials, politicians, NGOs and think tanks, and journalists via phishing links directly in the email, linking to PDFs and/or DOCs hosted on Google Drive and Microsoft One Drive.
Spain's Prime Minister Pedro Sanchez and Defense Minister Margarita Robles
May 2, 2022
•[ espionage, malware, government ]
Spanish government officials reveal that the mobile phones used by Spain's Prime Minister Pedro Sanchez and Defense Minister Margarita Robles were infected with Pegasus spyware, a well-known surveillance tool made by Israel's NSO Group.
Chemical and IT sector organizations in South Korea
April 14, 2022
•[ espionage, malware, manufacturing ]
Researchers from Symantec Broadcom reveal that the Operation Dream Job has now been expanded to target chemical and IT sector organizations in South Korea.
Members of the Ukrainian military
April 7, 2022
•[ espionage, government ]
Meta detects a spike in compromise attempts aimed at members of the Ukrainian military by Ghostwriter,
Defence ministry and other institutions in Ukraine
April 1, 2022
•[ espionage, government ]
According to the Ukrainian Security Service (SBU), China staged a huge cyberattack on Ukraine's military and nuclear facilities in the build-up to Russia's invasion.
ICTV
April 1, 2022
•[ espionage, malware, technology ]
Researchers from Malwarebytes reveal that the cyberespionage actor UAC-0056, also known as SaintBear, UNC2589 and TA471, is using a macro-embedded Excel document to target several entities in Ukraine, including ICTV, a private TV channel.
Russian state officers
March 31, 2022
•[ espionage, malware, government ]
Researchers from Secureworks discover a campaign carried out by the Mustang Panda group targeting Russian state officers with the PlugX remote access tool.
Rostec
March 23, 2022
•[ espionage, malware, manufacturing ]
Multiple Chinese APT groups leveraged the Russia and Ukraine war as a lure for cyberespionage operations. The APT groups have been using sanctions-related baits to attack Russian defense institutes, part of the Rostec Corporation. The hackers used new tools, which have not previously been described: a sophisticated multi-layered loader and a backdoor dubbed SPINNER. These tools use advanced evasion and anti-analysis techniques such as multi-layer in-memory loaders and compiler-level obfuscations. The operation targeted defense research institutes in Russia and possibly also in Belarus. The purpose of the backdoor and the operation is likely to collect information from targets inside the high-tech Russian defense industry to support China in its technological advancement.
Government Agencies of Ukraine
March 17, 2022
•[ espionage, malware, government ]
The Ukranian Ministry of Defense notified CERT-UA about the distribution of e-mails containing malicious files and targeting Ukrainian government and military entities. As a result of the attack, the victim's computer would be infected with SPECTR malware.
Undetermined
March 13, 2022
•[ espionage, finance ]
A suspected Russian nation state actor stole data from a nuclear safety organization. "EnergeticBear" compromised this entity in December 2021 and stole data from it from December through mid-March.
Undetermined
March 10, 2022
•[ espionage, finance ]
A suspected Russian threat actor compromised an institution in Ukraine that was featured in false Russian weapons conspiracies in the past.
European diplomatic entity
March 8, 2022
•[ espionage, phishing, government ]
Researchers from Mandiant detect an incident where APT29 successfully phished a European diplomatic entity and ultimately abused the Windows Credential Roaming feature.
Unnamed engineering company with energy and military customers
February 28, 2022
•[ espionage, malware, energy ]
Researchers from Symantec/Broadcom reveal that an unnamed engineering company with energy and military customers was recently the target of the North Korean group Stonefly.
Undetermined
February 24, 2022
•[ espionage, phishing, finance ]
A phishing campaign was observed using a possibly compromised Ukrainian armed service member's email account, to target European government personnel involved in managing the logistics of refugees fleeing Ukraine. Researchers indicate there was a clear preference for targeting individuals with responsibilities related to transportation, financial and budget allocation, administration, and population movement within Europe.
Undetermined
February 23, 2022
•[ espionage, finance, government ]
More than 600 websites belonging to the defence ministry in Kyiv and other institutions suffered attacks with the launch of thousands of exploits with attempts pointed to at least 20 distinct vulnerabilities. The campaign started mid-February and peaked on 23 February. The attacks sought to infiltrate targets ranging from border defence forces to the national bank and railway authority. They were designed to steal data and explore ways to shut down or disrupt vital defence and civilian infrastructure. The Times, allegedly quoting a source at the SBU, claimed the campaign was co-ordinated by the Chinese government. The SBU went on to deny The Times report.
Undetermined
February 1, 2022
•[ espionage, phishing, energy ]
Spear phishing email was sent to an employee of a Ukrainian energy organization containing malicious files that would download and install a payload known as SaintBot (a downloader) and OutSteel (a document stealer). The same threat actor group targeted a Western government entity in Ukraine, as well as several Ukrainian government organizations back in March 2021.
Polish Ministry of Defense
January 14, 2022
•[ espionage, government ]
Polish Ministry of National Defnse databases containing sensitive military information are compromised.
Senior officials at the European Commission
December 31, 2021
•[ espionage, malware, government ]
Reuters reveals that senior officials at the European Commission were targeted last year with the NSO spy software.
New Zealand's e Parliamentary Counsel Office and Parliamentary Service
December 31, 2021
•[ espionage, government ]
The government of New Zealand reveals that the Parliamentary Counsel Office and the Parliamentary Service in 2021, suffered a cyber attack from the PRC state-sponsored group known as APT40.
