At least one US government official
January 19, 2026
•[ spearphishing, espionage, DLL sideloading ]
HackRead summarized Acronis research describing an espionage-oriented spearphishing campaign targeting U.S. government entities using Venezuela-related news as bait. The described chain used a lure archive and DLL sideloading to load a backdoor dubbed LOTUSLITE, enabling remote access actions such as file collection and command execution on compromised systems. The article stated the researchers attributed the activity with moderate confidence to the China-backed group Mustang Panda (aka HoneyMyte).
Undisclosed strategic advisory firm in the US
January 8, 2026
•[ spearphishing, QR codes, credential theft ]
An FBI flash alert described North Korea-linked Kimsuky (APT43) using spearphishing emails that contain QR codes to lure recipients to fake questionnaires, secure-drive links, or login pages, with the goal of stealing credentials or session tokens and hijacking cloud identities. The warning said the observed targeting includes U.S. organizations involved in North Korea policy/research/analysis such as NGOs, think tanks, academic institutions, strategic advisory firms, and government entities. The alert included examples (e.g., a June 2025 conference-invite lure) and explained that QR-driven flows can bypass traditional email controls by shifting the interaction to unmanaged mobile devices.
Meat processing facility in Los Angeles
December 12, 2025
•[ spearphishing, vulnerability exploitation, critical infrastructure ]
This article reports on a DOJ/CISA warning and related indictments about Russia-linked cyber actors targeting U.S. critical infrastructure, including techniques like spearphishing and exploiting known vulnerabilities.
