Middle Eastern Individuals
April 16, 2018
•[ espionage, malware, government ]
Researchers from Lookout reveal the details of an espionage campaign using two malware strains called Desert Scorpion and FrozenCell, to spy on targets in Palestine. The attackers are thought to be linked to Hamas.
Unnamed European government
March 15, 2018
•[ espionage, malware, government ]
Researchers from Palo Alto Networks reveal a new campaign carried on by the infamous APT28 (AKA Fancy Bear AKA Sofacy) targeting an unnamed European Government, exploiting an updated version of DealersChoice, a platform that exploits a Flash vulnerability.
Queensland Transport Department
March 13, 2018
•[ espionage, government ]
ABC News reveals that overseas hackers breached the Queensland Transport Department's security network last year, before attempting to steal information from staff members from other sections of government.
UK government contractor
March 9, 2018
•[ espionage, malware, government ]
Researchers at NCC Group reveal to have discovered multiple backdoors on a UK government contractor's computer systems designed to steal sensitive government and military data. The hack is tied to China-linked cyber espionage group APT15.
SVR (COZYBEAR)
January 25, 2018
•[ espionage, government ]
A threat actor successfully compromised the networks of the Dukes (Cozy Bear), gaining visibility into the Dukes' targeting methods and operations. This compromise allegedly helped the U.S. intelligence community to attribute the 2016 compromise of the Democratic National Committee and other entities to Russian state-sponsored actors.
Tv3.lt
January 18, 2018
•[ espionage, hack, technology ]
Ghostwriter, a suspected Belarus-backed hacking group, has compromised websites and email accounts in Latvia, Lithuania, and Poland'to publish fabricated documents pushing anti-North Atlantic Treaty Organization (NATO) narratives consistent with Kremlin talking points. The influence campaign started in 2017.
International Luge Federation
January 12, 2018
•[ espionage ]
A threat actor targeted international sports organizations in Western Europe in the run-up to the International Olympic Committee's banning Russian athletes from participating in the 2018 Winter Olympics in South Korea.
US Senate
January 12, 2018
•[ espionage, government ]
Researchers from Trend Micro reveal that the state sponsored hackers behind APT28 (AKA Pawn Storm AKA Fancy Bear) targeted the US Senate in mid-2017).
United States Olympic Committee
January 10, 2018
•[ espionage, malware, government ]
APT28 AKA Pawn Storm AKA Fancy Bear publish a set of apparently stolen emails purportedly belong to officials from the International Olympic Committee, the United States Olympic Committee, and third-party groups associated with the organizations.
Oromia Media Network
December 6, 2017
•[ espionage, malware, technology ]
A threat actor targeted Ethiopian dissidents for the purpose of espionage, using commercially available spyware sold by Cyberbit, an Israel-based company. Most notably, the actor targeted the Oromia Media Network and some individuals associated with it.
Siemens
November 27, 2017
•[ espionage, hack, manufacturing ]
The U.S. Department of Justice indicted three members of Boyusec, a China-based internet security firm, on charges including conspiring to commit computer fraud and abuse and conspiring to commit trade-secret theft. The victims included Moody's Analytics, Siemens, and Trimble. Though not mentioned in the indictment, Boyusec is believed to work on behalf of China's Ministry of State Security and be a front for APT3.
Daewoo Shipbuilding & Marine Engineering Co Ltd
October 31, 2017
•[ espionage, manufacturing ]
North Korea is suspected to have stolen South Korean warship blueprints after hacking into Daewoo Shipbuilding & Marine Engineering Co Ltd's database in April last year.
John Kelly's personal cellphone
October 5, 2017
•[ hack, espionage, government ]
White House officials believe that chief of staff John Kelly's personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials.
Minsk Operational Administration of the Armed Forces
September 28, 2017
•[ espionage, malware, government ]
A threat actor targeted the government of Belarus for espionage purposes, using a tool known as Travle or PYLOT, which is believed to be an update of malware used by NetTraveler. Between June and August the threat actor sent a total of 20 unique emails to various government entities. The emails contained a series of subject lines revolving around Zapad-2017, a joint exercise between the Russian and Belarusian militaries.
UAE government
September 17, 2017
•[ leak, espionage, government ]
A trove of leaking emails belonging to the UAE government reveals an alleged plot to "conquer" Qatar.
Swiss Federal Department of Defense, Civil Protection and Sports
September 15, 2017
•[ espionage, malware, government ]
Switzerland's Federal Department of Defense, Civil Protection and Sports reveals to have detected a cyber attack carried on by the infamous Turla APT.
Unnamed Bitcoin exchange in South Korea
August 24, 2017
•[ hack, espionage, finance ]
The CWIC Cyber Warfare Research Center in South Korea reveals that a domestic exchange for bitcoin has been the target of an attempted hacking. Suspects are directed to North Korea.
Macron Campaign
July 27, 2017
•[ espionage, social, government ]
Reuters reveals that Russian intelligence agents attempted to spy on President Emmanuel Macron's election campaign earlier this year by creating phony Facebook personas.
Ireland's Electricity Supply Board
July 15, 2017
•[ espionage, phishing, energy ]
The Times reveals that hackers backed by the Russian government have targeted the Republic of Ireland's energy sector, and aimed to infiltrate control systems. This would have given them the power to knock out parts of the grid in Northern Ireland. The attackers sent phishing emails to senior engineers at Ireland's Electricity Supply Board.
Col. Richard Downie
June 20, 2017
•[ espionage, malware, government ]
A threat actor targeted individuals who were political critics and business rivals of Ricardo Martinelli, president of Panama between 2009 and 2014, for espionage purposes. The threat actor uses the Pegasus tool, created by the NSO Group. One of the victims is Col. Richard Downie (ret.), the former director of the Center for Hemispheric Studies at the National Defense University. He worked on the 2014 presidential campaign of Juan Carlos Navarro.
