National Center of Incident Readiness and Strategy for Cybersecurity (NISC)
August 29, 2023
•[ hack, espionage, government ]
Suspected Chinese hackers breach Japan's cybersecurity agency and potentially access sensitive data stored on its networks for nine months.
Ulchi Freedom Shield
August 20, 2023
•[ espionage, government ]
Suspected North Korean hackers from Kimsuky have attempted an attack targeting the annual Ulchi Freedom Shield drills, a major joint military exercise between Seoul and Washington.
U.S. military procurement system and Taiwan-based organization
August 17, 2023
•[ espionage, malware, government ]
Researchers from Lumen discover a new HiatusRAT campaign performing reconnaissance against a U.S. military procurement system, and targeting of Taiwan-based organizations.
Southeast Asian gambling industry
August 17, 2023
•[ espionage, malware, technology ]
Researchers from SentinelOne discover a second phase of the Operation ChattyGoblin carried out by a China-aligned APT group known as 'Bronze Starlight', targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider.
Two members of civil society from Belgrade
August 16, 2023
•[ espionage, malware ]
The SHARE Foundation reveals that two members of civil society from Belgrade were hit by the Pegasus spyware, exploiting the 'PWNYOURHOME' vulnerability.
Iranian opposition and exiles based in Germany
August 10, 2023
•[ espionage, government ]
Germany's domestic intelligence service (Federal Office for the Protection of the Constitution - BfV) publishes a warning that Iranian dissident organizations and individuals in the country are being targeted by Charming Kitten, a suspected Iranian state-sponsored threat group.
Foreign ministries of NATO-aligned governments
August 10, 2023
•[ espionage, malware, government ]
Researchers from EclecticIQ discover a recent campaign targeting the foreign ministries of NATO-aligned governments with two malicious PDF files camouflaged as diplomatic invitations from a German embassy.
Foreign embassies in Belarus
August 9, 2023
•[ espionage, government ]
Researchers from ESET discover a cyberespionage group named 'MoustachedBouncer', observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus.
Ukraine Military
August 8, 2023
•[ espionage, hack, government ]
Ukrainian security services say they prevented an attempt by Russian state-controlled hackers from the Sandworm group to break into the battlefield management system used by the Ukrainian military.
Classified military networks
August 7, 2023
•[ espionage, government ]
Classified military networks run by Japan reportedly suffered a massive breach in 2020 at the hands of a Chinese cyberespionage group. Attackers accessed Ministry of Defense plans as well as information about military capabilities and shortcomings.
NPO Mashinostroyeniya
August 7, 2023
•[ espionage, malware, manufacturing ]
Researchers from Sentinel One reveal that the North Korean threat group ScarCruft hacked the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer and intercontinental ballistic missile engineering organization using a Windows backdoor named 'OpenCarrot'.
Offtec
July 31, 2023
•[ espionage, malware, technology ]
Researchers from Deep Instinct discover a new campaign from the "MuddyWater" group targeting Offtec, a Jordanian conglomerate using MuddyC2Go, a new C2 Framework.
Targets including members of the U.S. Congress and European officials.
June 30, 2023
•[ espionage, malware, government ]
Amnesty International discover a campaign allegedly carried out by the Vietnamese government with the Predator spyware against targets including members of the U.S. Congress and European officials.
JumpCloud
June 27, 2023
•[ espionage, technology ]
JumpCloud, a US-based enterprise software firm notifies several customers of an "ongoing incident" and as a caution, the company invalidates existing admin API keys to protect its customer organizations. Few days later, the breach is traced back to North Korean state-sponsored actors from Lazarus Group.
Unknown cryptocurrency exchange located in Japan
June 21, 2023
•[ espionage, malware, finance ]
Researchers from Elastic reveal that an unknown cryptocurrency exchange located in Japan was the target of an attack to deploy the Apple macOS backdoor called JokerSpy.
Service members of the U.S. Military
June 15, 2023
•[ espionage, malware, government ]
Service members across the military report receiving smartwatches unsolicited in the mail. The smartwatches, when used, auto-connect to Wi-Fi and begin connecting to cell phones unprompted, gaining access to a myriad of user data, and could also connect malware.
Non-profit organization(s) in Saudi Arabia
May 31, 2023
•[ espionage, malware, healthcare ]
Researchers from Cisco Talos disclose a stealthy cyberespionage campaign that targeted a non-profit organization in Saudi Arabia with a backdoor named Zardoor, and remained undetected for two years.
Eurasia Group
May 3, 2023
•[ espionage, phishing, government ]
Eurasia Group discovers suspicious activity within its email system by a sophisticated threat actor in two different circumstances.
3CX
April 20, 2023
•[ espionage, malware, technology ]
Researchers from Mandiant reveal that the 3CX supply chain attack was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
Cisco
April 18, 2023
•[ espionage, malware, technology ]
The UK National Cyber Security Centre (NCSC), US Cybersecurity and Infrastructure Security Agency (CISA), NSA, FBI, and Cisco warn of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, exploiting CVE-2017-6742, allowing unauthenticated access to the device.
