Undisclosed South Korean electronics manufacturer
February 20, 2026
•[ espionage, DLL side-loading, reconnaissance ]
Ministry of Intelligence and Security (MOIS) (MuddyWater), also tracked as Seedworm, breached a major South Korean electronics manufacturer in February 2026 as part of a broader espionage campaign. The actor spent about one week inside the victim network, abused signed Fortemedia and SentinelOne binaries for DLL side-loading, conducted reconnaissance and credential-access activity, and exfiltrated data through a public file-transfer service.
At least one Telecom company in South Asia
January 8, 2026
•[ espionage, malware, threat intelligence ]
The Hacker News summarized Cisco Talos research attributing espionage-focused intrusions to a China-nexus actor tracked as UAT-7290. The campaign reportedly targets telecom entities in South Asia and Southeastern Europe, performing extensive reconnaissance followed by compromise activity that can lead to deployment of malware families including RushDrop, DriveSwitch, and SilentRaid. The article is threat-intelligence reporting focused on actor behavior, tooling, and geographic targeting, and it does not provide a bounded, single victim incident record with confirmed impact metrics (e.g., downtime or specific data stolen) for one named organization.
Undisclosed online casino operator
October 20, 2024
•[ Data exfiltration, State-sponsored attack, Reconnaissance ]
Recorded Future analysis identified reconnaissance and FTP exfiltration traffic from a Costa Rican online casino targeted in the Contagious Interview campaign (OctNov 2024), attributed to the NGB 3rd Technical Surveillance Bureau (North Korea).
