Ukrainian military
February 2, 2024
•[ espionage, malware, government ]
Researchers from Securonix reveal the details of the STEADY#URSA campaign, an ongoing operation carried on by the russia-linked APT group Shuckworm (aka Gamaredon, and Primitive Bear, targeting the Ukrainian military with a new PowerShell backdoor called Subtle-Paws
Hewlett Packard Enterprise (HPE)
January 23, 2024
•[ hack, espionage, malware ]
Hewlett Packard Enterprise (HPE) discloses that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.
Indian Air Force
January 17, 2024
•[ espionage, malware, government ]
Researchers from Cyble uncover a new espionage campaign potentially targeting the Indian Air Force with the Go Stealer information-stealing malware.
Loïc Lawson and Anani Sossou
January 16, 2024
•[ espionage, malware, technology ]
Reporters Without Borders (RSF) announces to have found traces of spyware resembling NSO groups Pegasus surveillance tool on the phones of two journalists in Togo (Loc Lawson and Anani Sossou).
Telcos, media, internet service providers (ISPs), and Kurdish websites in the Netherlands
January 3, 2024
•[ espionage, technology ]
Researchers from Hunt & Hackett reveal that the Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites.
Prominent journalists in India including Siddharth Varadarajan, and Anand Mangnale
December 28, 2023
•[ espionage, malware, technology ]
Amnesty International reveals new details about the continued use of NSO Group's highly invasive spyware Pegasus to target prominent journalists in India, exploiting the CVE-2023-41064 vulnerability.
Albanian Parliament
December 22, 2023
•[ espionage, government ]
The Albanian parliament is targeted by a cyber attack, whose responsibility is claimed by an Iran-linked threat group known as Homeland Justice.
State-owned research company in Russia
December 19, 2023
•[ espionage, government ]
Researchers from F.A.C.C.T. discover a new campaign from the threat group known as Cloud Atlas, targeting a state-owned research company in a new espionage campaign.
Russian agro-industrial in Russia
December 19, 2023
•[ espionage, malware, manufacturing ]
Researchers from F.A.C.C.T. discover a new campaign from the threat group known as Cloud Atlas, targeting a Russian agro-industrial enterprise in a new espionage campaign.
Nepalese government officials
December 15, 2023
•[ espionage, malware, government ]
Researchers from Cyfirma discover a malicious campaign by the threat actor known as Sidewinder targeting Nepalese government officials via the Nim backdoor.
Government entities in Ukraine
December 15, 2023
•[ espionage, rce, government ]
Researchers from Deep Instinct reveal that an unknown threat actor targeted government entities in Ukraine toward the end of 2023 using an old Microsoft Office remote code execution (RCE) exploit from 2017 (CVE-2017-8570) as the initial vector and military vehicles as the lure.
Organizations in israel
December 14, 2023
•[ espionage, malware, government ]
Researchers from ESET discover a new campaign from the APT34 cyber-espionage group linked to the Iranian government against organizations in Israel and leveraging several new malware downloaders: ODAgent, OilCheck and OilBooster.
Organizations in Palestine
December 14, 2023
•[ espionage, malware ]
Researchers from SentinelOne discover a new campaign by the pro-Hamas threat actor known as Gaza Cybergang, targeting Palestinian entities using Pierogi++, an updated version of a backdoor dubbed Pierogi.
Telecommunications companies predominantly in Thailand
December 7, 2023
•[ espionage, malware, technology ]
Researchers from Group-IB discover a remote access trojan named Krasue, targeting Linux systems of telecommunications companies predominantly in Thailand, and managed to remain undetected since 2021.
Sellafield Nuclear Waste and Decommissioning Site
December 4, 2023
•[ hack, espionage, energy ]
Threat actors linked to Russia and China have allegedly hacked into the systems of the Sellafield nuclear waste and decommissioning site in the UK, according to an investigation conducted by The Guardian. However, the British government has dismissed the reports.
High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States
November 30, 2023
•[ espionage, malware, phishing ]
Researchers from Microsoft discover a new campaign from the Iranian-backed Mint Sandstom state hackers, targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing a new backdoor malware known as MediaPl.
Telecommunications companies in Sudan
November 30, 2023
•[ espionage, malware, technology ]
Researchers from Broadcom/Symantec discover a campaign carried on by the cyber-espionage group Seedworm, linked to Iran's intelligence service, targeting telecommunications companies in Egypt, Sudan and Tanzania via the MuddyC2Go framework and a custom keylogger.
Myanmar's Ministry of Defence and Foreign Affairs
November 30, 2023
•[ espionage, malware, government ]
Researchers from CSIRT-CTI reveal the details of two campaigns from the China-based threat actor known as Mustang Panda, targeting Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans.
NXP
November 24, 2023
•[ espionage, manufacturing ]
Threat actors from the Chimera Chinese group broke into NXP, Europe's largest chip manufacturer, stealing chip designs and other intellectual property
Russian military-industrial enterprises
November 23, 2023
•[ espionage, government ]
Researchers from F.A.C.C.T. discover a new campaign by the cyberespionage group known as XDSpy, targeting Russian military-industrial enterprises.
