163.com Users
February 4, 2025
•[ phishing, espionage ]
The Taiwanese-linked espionage group GreenSpot APT (aka PoisonVine / APT-Q-20) created spoofed 163.com domains and fake download pages to harvest email credentials from users in mainland China, Hong Kong, and Taiwan. Hunt.io attributed the campaigns infrastructure to Taiwan but no government department link has been identified.
Fanpage.it / Francesco Cancellato
January 31, 2025
•[ spyware, espionage, zero-click ]
Francesco Cancellato, editor-in-chief of Fanpage.it, was targeted with the Israeli-made Graphite spyware developed by Paragon Solutions, delivered via WhatsApp zero-click exploit. Citizen Lab and CPJ linked the campaign to a likely state client of Paragon, with political-espionage motives tied to Fanpages undercover investigation exposing neo-fascist youth elements within Italys ruling party. No confirmed infection or data exfiltration publicly reported.
ipany (VPN software developed by a South Korean company)
January 22, 2025
•[ espionage, technology ]
Researchers from ESET link a previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon to a supply chain attack targeting ipany a South Korean virtual private network (VPN) provider.
Embassies, lawyers, government-backed banks, and think tanks in Kyrgyzstan
January 21, 2025
•[ espionage, government ]
Researchers at Seqrite discover a previously undocumented threat actor dubbed Silent Lynx, linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
Multiple organizations in the Crypto Space
January 15, 2025
•[ espionage, financial, finance ]
Researchers at SecurityScorecard uncovered Operation 99, a campaign by the Lazarus Group, North Koreas state-sponsored hacking unit, targeting software developers looking for freelance Web3 and cryptocurrency work.
Government bodies in Kazakhstan
January 13, 2025
•[ espionage, government ]
Researchers at Sekoia attribute the Russia-linked threat actors from APT28 to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia.
Committee on Foreign Investment in the United States (CFIUS)
January 10, 2025
•[ espionage, government ]
Silk Typhoon Chinese state-backed threat actors reportedly breach the Committee on Foreign Investment in the United States (CFIUS), a Treasury Department office that reviews foreign investments for national security risks.
Organizations, businesses, and individuals in Japan
January 8, 2025
•[ espionage, government ]
Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accuse a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019.
Unnamed high-profile Ukrainian entities
January 2, 2025
•[ espionage, malware, government ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"ESET observed coordination where "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"Gamaredon tools (PteroGraphin/PteroOdd/PteroPaste)"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" deployed or restarted "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"Turlas Kazuar"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" on Ukrainian systems during "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"FebApr 2025"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":", marking the first documented collaboration between these FSB-linked groups; focus is "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"espionage access"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" rather than disruption."}]}
Undisclosed law firm in Canada
January 1, 2025
•[ espionage ]
EarthKapre, also known as RedCurl, is a highly sophisticated cyber espionage group known for its advanced operations, primarily targeting private-sector organizations with a focus on corporate espionage. The target of this attack is an organization within the Law Firms & Legal Services industry.
Thai Government Officials
December 13, 2024
•[ espionage, malware, government ]
Researchers at Netskope discover a campaign targeting Thai government officials through DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai.
Tibetans and Uyghurs Individuals
December 5, 2024
•[ espionage, malware ]
Researchers at Trend Micro discover a previously undocumented threat activity cluster dubbed Earth Minotaur, leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs.
Undisclosed Large U.S. Organization
December 5, 2024
•[ espionage ]
Researchers from Broadcom/Symantec reveal that a large U.S. organization was targeted by Chinese cyber-espionage actors.
Romania's Presidential Elections
December 4, 2024
•[ espionage, government ]
Romanias constitutional court annuls the first round of the countrys presidential election, citing Russian disinformation influence.
At least one undisclosed government or financial organization
December 1, 2024
•[ malware, espionage, data theft ]
Kaspersky tracks PassiveNeuron using bespoke Neursite and NeuralExecutor implants, often gaining RCE on exposed Windows servers (e.g., via MSSQL) and then staging modular plugins for stealthy collection through compromised internal servers. Campaign-level report without a single victim suitable for event coding.
Human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe
November 21, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future identify an ongoing Russia-linked cyber-espionage campaign targeting human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe using custom malware.
Manufacturing industry in Pakistan
November 16, 2024
•[ espionage, malware, manufacturing ]
Researchers at Cyble discover a campaign linked to the known APT group DONOT, targeting the manufacturing industry that supports the countrys maritime and defense sectors.
Nuclear scientist and senior Israeli officials
November 11, 2024
•[ espionage, government ]
Threat actors believed to be affiliated with Iranian intelligence expose the personal details of a nuclear scientist who worked at the Soreq Nuclear Research Center, and private photos and emails of senior Israeli officials, including a former Defense Ministry director general.
Mongolian Ministry of Defense
November 1, 2024
•[ espionage, malware, government ]
Researchers at Recorded Future observe the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor.
Organizations in Israel
October 31, 2024
•[ espionage, malware, technology ]
Researchers at Check Point reveal that the threat actor dubber WIRTE, affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks with the SameCoin malware that exclusively target Israeli entities.
