At least one Telecom company in South Asia
January 8, 2026
•[ espionage, malware, threat intelligence ]
The Hacker News summarized Cisco Talos research attributing espionage-focused intrusions to a China-nexus actor tracked as UAT-7290. The campaign reportedly targets telecom entities in South Asia and Southeastern Europe, performing extensive reconnaissance followed by compromise activity that can lead to deployment of malware families including RushDrop, DriveSwitch, and SilentRaid. The article is threat-intelligence reporting focused on actor behavior, tooling, and geographic targeting, and it does not provide a bounded, single victim incident record with confirmed impact metrics (e.g., downtime or specific data stolen) for one named organization.
Resecurity honeypot
November 21, 2025
•[ honeypot, data leak, threat intelligence ]
Threat actors identifying as 'Scattered Lapsus$ Hunters' claimed they had gained full access to Resecurity systems and stolen employee data, internal chats/logs, threat intelligence reports, and client lists, posting screenshots on Telegram. Resecurity denied that its production environment was breached and said the actor interacted with an isolated honeypot account and systems populated with synthetic (fabricated) customer, employee, and payment data. Resecurity reported it first detected suspicious probing activity on November 21, 2025 and monitored subsequent automated extraction attempts against the decoy environment, treating the incident as an intrusion attempt rather than a confirmed compromise of real systems/data.
