ICTV
April 1, 2022
•[ espionage, malware, technology ]
Researchers from Malwarebytes reveal that the cyberespionage actor UAC-0056, also known as SaintBear, UNC2589 and TA471, is using a macro-embedded Excel document to target several entities in Ukraine, including ICTV, a private TV channel.
Russian state officers
March 31, 2022
•[ espionage, malware, government ]
Researchers from Secureworks discover a campaign carried out by the Mustang Panda group targeting Russian state officers with the PlugX remote access tool.
Rostec
March 23, 2022
•[ espionage, malware, manufacturing ]
Multiple Chinese APT groups leveraged the Russia and Ukraine war as a lure for cyberespionage operations. The APT groups have been using sanctions-related baits to attack Russian defense institutes, part of the Rostec Corporation. The hackers used new tools, which have not previously been described: a sophisticated multi-layered loader and a backdoor dubbed SPINNER. These tools use advanced evasion and anti-analysis techniques such as multi-layer in-memory loaders and compiler-level obfuscations. The operation targeted defense research institutes in Russia and possibly also in Belarus. The purpose of the backdoor and the operation is likely to collect information from targets inside the high-tech Russian defense industry to support China in its technological advancement.
Government Agencies of Ukraine
March 17, 2022
•[ espionage, malware, government ]
The Ukranian Ministry of Defense notified CERT-UA about the distribution of e-mails containing malicious files and targeting Ukrainian government and military entities. As a result of the attack, the victim's computer would be infected with SPECTR malware.
Undetermined
March 13, 2022
•[ espionage, finance ]
A suspected Russian nation state actor stole data from a nuclear safety organization. "EnergeticBear" compromised this entity in December 2021 and stole data from it from December through mid-March.
Undetermined
March 10, 2022
•[ espionage, finance ]
A suspected Russian threat actor compromised an institution in Ukraine that was featured in false Russian weapons conspiracies in the past.
European diplomatic entity
March 8, 2022
•[ espionage, phishing, government ]
Researchers from Mandiant detect an incident where APT29 successfully phished a European diplomatic entity and ultimately abused the Windows Credential Roaming feature.
Unnamed engineering company with energy and military customers
February 28, 2022
•[ espionage, malware, energy ]
Researchers from Symantec/Broadcom reveal that an unnamed engineering company with energy and military customers was recently the target of the North Korean group Stonefly.
Undetermined
February 24, 2022
•[ espionage, phishing, finance ]
A phishing campaign was observed using a possibly compromised Ukrainian armed service member's email account, to target European government personnel involved in managing the logistics of refugees fleeing Ukraine. Researchers indicate there was a clear preference for targeting individuals with responsibilities related to transportation, financial and budget allocation, administration, and population movement within Europe.
Undetermined
February 23, 2022
•[ espionage, finance, government ]
More than 600 websites belonging to the defence ministry in Kyiv and other institutions suffered attacks with the launch of thousands of exploits with attempts pointed to at least 20 distinct vulnerabilities. The campaign started mid-February and peaked on 23 February. The attacks sought to infiltrate targets ranging from border defence forces to the national bank and railway authority. They were designed to steal data and explore ways to shut down or disrupt vital defence and civilian infrastructure. The Times, allegedly quoting a source at the SBU, claimed the campaign was co-ordinated by the Chinese government. The SBU went on to deny The Times report.
Undetermined
February 1, 2022
•[ espionage, phishing, energy ]
Spear phishing email was sent to an employee of a Ukrainian energy organization containing malicious files that would download and install a payload known as SaintBot (a downloader) and OutSteel (a document stealer). The same threat actor group targeted a Western government entity in Ukraine, as well as several Ukrainian government organizations back in March 2021.
Polish Ministry of Defense
January 14, 2022
•[ espionage, government ]
Polish Ministry of National Defnse databases containing sensitive military information are compromised.
Senior officials at the European Commission
December 31, 2021
•[ espionage, malware, government ]
Reuters reveals that senior officials at the European Commission were targeted last year with the NSO spy software.
New Zealand's e Parliamentary Counsel Office and Parliamentary Service
December 31, 2021
•[ espionage, government ]
The government of New Zealand reveals that the Parliamentary Counsel Office and the Parliamentary Service in 2021, suffered a cyber attack from the PRC state-sponsored group known as APT40.
Four Jordanian human rights defenders
December 5, 2021
•[ espionage, malware, government ]
An investigation by Front Line Defenders and Citizen Lab reveals that the iPhone of Jordanian journalist Suhair Jaradat was hacked with Pegasus, the spyware of the NSO group.
German Federal Agency for Cartography and Geodesy (BKG)
December 1, 2021
•[ espionage, government ]
German authorities say that a Beijing-backed threat actor was behind a cyberattack three years ago on the countrys state cartography agency, and summon the Chinese ambassador to Berlin for further discussions.
At least 7 Indian electricity grid centers
September 30, 2021
•[ espionage, energy ]
Researchers from Recorded Future reveal to have observed network intrusions targeting at least 7 Indian electricity grid centers by a Chinese state-sponsored actor dubbed TAG-38.
Port of Houston
September 23, 2021
•[ espionage, government ]
A suspected state-sponsored hacking group unsuccessfully attempts to breach the network of the Port of Houston.
JSC Makeyev Design Bureau
September 22, 2021
•[ espionage, phishing, government ]
Researchers discover spearphishing campaign targeting a developer of fuel for Russia's ballistic missiles via a Microsoft vulnerability.
Unknown Bahrain IT company
September 1, 2021
•[ espionage, hack, technology ]
Iranian group compromised email accounts at Bahrain-based IT company that works with government clients, who were likely the group's ultimate target.
