home.social

#cyberespionage — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cyberespionage, aggregated by home.social.

  1. 📰 Iranian APT 'Screening Serpens' Intensifies Espionage with New RATs Targeting US, Israel, and UAE

    🇮🇷 Iranian APT 'Screening Serpens' escalates cyber-espionage against US, Israel & UAE. New RATs 'MiniUpdate' & 'MiniJunk V2' deployed. Group using advanced AppDomainManager hijacking for persistence. #APT #CyberEspionage #Iran #ThreatIntel

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/ir

  2. 📰 Iranian APT 'Screening Serpens' Intensifies Espionage with New RATs Targeting US, Israel, and UAE

    🇮🇷 Iranian APT 'Screening Serpens' escalates cyber-espionage against US, Israel & UAE. New RATs 'MiniUpdate' & 'MiniJunk V2' deployed. Group using advanced AppDomainManager hijacking for persistence. #APT #CyberEspionage #Iran #ThreatIntel

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/ir

  3. Fresh mischief and digital shenanigans

    FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.

    Pulse ID: 6a0e803c81c123ee6cf7066a
    Pulse Link: otx.alienvault.com/pulse/6a0e8
    Pulse Author: AlienVault
    Created: 2026-05-21 03:47:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault

  4. Fresh mischief and digital shenanigans

    FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.

    Pulse ID: 6a0e803c81c123ee6cf7066a
    Pulse Link: otx.alienvault.com/pulse/6a0e8
    Pulse Author: AlienVault
    Created: 2026-05-21 03:47:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault

  5. Fresh mischief and digital shenanigans

    FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.

    Pulse ID: 6a0e803c81c123ee6cf7066a
    Pulse Link: otx.alienvault.com/pulse/6a0e8
    Pulse Author: AlienVault
    Created: 2026-05-21 03:47:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault

  6. Fresh mischief and digital shenanigans

    FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.

    Pulse ID: 6a0e803c81c123ee6cf7066a
    Pulse Link: otx.alienvault.com/pulse/6a0e8
    Pulse Author: AlienVault
    Created: 2026-05-21 03:47:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault

  7. Fresh mischief and digital shenanigans

    FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.

    Pulse ID: 6a0e803c81c123ee6cf7066a
    Pulse Link: otx.alienvault.com/pulse/6a0e8
    Pulse Author: AlienVault
    Created: 2026-05-21 03:47:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault

  8. Belarus-aligned FrostyNeighbor continues targeting Ukrainian government, military sectors with updated attack techniques

    ESET researchers identified renewed activity from FrostyNeighbor, a long-running cyberespionage actor apparently aligned with Belarusian interests,…
    #Belarus #BY #Europe #Europa #EU #belarus #cyberattack #cyberthreats #cyberespionage #Cybersecurity #défense #electroniccommunications #ESET #FrostyNeighbor #JavaScript #military #PicassoLoader
    europesays.com/3002226/

  9. A 75-cent billing error. A hacker selling US secrets to the KGB. One astronomer who refused to look away. The Cuckoo's Egg is a true spy story like no other.
    #CuckoosEgg #CliffordStoll #CyberEspionage #books #bookreviews
    thisgrandpablogs.com/cuckoos-e

  10. A 75-cent billing error. A hacker selling US secrets to the KGB. One astronomer who refused to look away. The Cuckoo's Egg is a true spy story like no other.
    #CuckoosEgg #CliffordStoll #CyberEspionage #books #bookreviews
    thisgrandpablogs.com/cuckoos-e

  11. A 75-cent billing error. A hacker selling US secrets to the KGB. One astronomer who refused to look away. The Cuckoo's Egg is a true spy story like no other.
    #CuckoosEgg #CliffordStoll #CyberEspionage #books #bookreviews
    thisgrandpablogs.com/cuckoos-e

  12. A 75-cent billing error. A hacker selling US secrets to the KGB. One astronomer who refused to look away. The Cuckoo's Egg is a true spy story like no other.
    #CuckoosEgg #CliffordStoll #CyberEspionage #books #bookreviews
    thisgrandpablogs.com/cuckoos-e

  13. Trump Reveals US, China Discussed Cyberattacks, Espionage

    President Donald Trump revealed that he and Chinese President Xi Jinping had a candid conversation about cyberattacks and espionage, with Trump bluntly stating that the US spies on China just as China spies on the US. Trump hinted at a cat-and-mouse game between the two nations, saying the US does things to China that it doesn't know…

    osintsights.com/trump-reveals-

    #UschinaRelations #CyberEspionage #NationState #Geopolitics #EmergingThreats

  14. Mustang Panda Unveils Modular FDMTP Backdoor in Cyberespionage Push

    Cyberespionage groups like Mustang Panda are constantly evolving their tactics, and a recent campaign has seen the emergence of a modular backdoor that allows attackers to adapt and persist in compromised environments. This sophisticated tool enables hackers to blend in with legitimate processes, making it a major concern for security…

    osintsights.com/mustang-panda-

    #Cyberespionage #ModularBackdoor #Fdmtp #MustangPanda #EarthPreta

  15. 📰 Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign

    ⚠️ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel

    🔗 cyber.netsecops.io/articles/ir

  16. Iranian Hackers Target Electronics Maker in Global Espionage Push

    Iran-linked hackers, known as MuddyWater, infiltrated a major South Korean electronics manufacturer's network for a week in February 2026, as part of a massive global cyber-espionage campaign targeting nine high-profile organizations across multiple sectors and countries.

    osintsights.com/iranian-hacker

    #Muddywater #Seedworm #CyberEspionage #DllSideloading #Chromelevator

  17. 📰 Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign

    ⚠️ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel

    🔗 cyber.netsecops.io

  18. Operation HumanitarianBait: An Infostealer Campaign in Disguise

    Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.

    Pulse ID: 6a01c14d4138e8c33a19b4d7
    Pulse Link: otx.alienvault.com/pulse/6a01c
    Pulse Author: CyberHunter_NL
    Created: 2026-05-11 11:45:17

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL

  19. Operation HumanitarianBait: An Infostealer Campaign in Disguise

    Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.

    Pulse ID: 6a01c14d4138e8c33a19b4d7
    Pulse Link: otx.alienvault.com/pulse/6a01c
    Pulse Author: CyberHunter_NL
    Created: 2026-05-11 11:45:17

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL

  20. Operation HumanitarianBait: An Infostealer Campaign in Disguise

    Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.

    Pulse ID: 6a01c14d4138e8c33a19b4d7
    Pulse Link: otx.alienvault.com/pulse/6a01c
    Pulse Author: CyberHunter_NL
    Created: 2026-05-11 11:45:17

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL

  21. Operation HumanitarianBait: An Infostealer Campaign in Disguise

    Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.

    Pulse ID: 6a01c14d4138e8c33a19b4d7
    Pulse Link: otx.alienvault.com/pulse/6a01c
    Pulse Author: CyberHunter_NL
    Created: 2026-05-11 11:45:17

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL

  22. Operation HumanitarianBait: An Infostealer Campaign in Disguise

    Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.

    Pulse ID: 6a01c14d4138e8c33a19b4d7
    Pulse Link: otx.alienvault.com/pulse/6a01c
    Pulse Author: CyberHunter_NL
    Created: 2026-05-11 11:45:17

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL

  23. 🧑‍🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

    "For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."

    thehackernews.com/2026/04/nasa

    #china #cyberespionage #cybersecurity

  24. 🧑‍🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

    "For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."

    thehackernews.com/2026/04/nasa

    #china #cyberespionage #cybersecurity

  25. 🧑‍🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

    "For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."

    thehackernews.com/2026/04/nasa

    #china #cyberespionage #cybersecurity

  26. 🧑‍🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

    "For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."

    thehackernews.com/2026/04/nasa

    #china #cyberespionage #cybersecurity

  27. 🧑‍🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

    "For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."

    thehackernews.com/2026/04/nasa

    #china #cyberespionage #cybersecurity

  28. 📰 Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign

    ⚠️ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel

    🔗 cyber.netsecops.io

  29. MuddyWater hackers exploit Chaos ransomware as cyber-espionage decoy

    MuddyWater hackers have cleverly used Chaos ransomware as a decoy to mask their true intentions - and it's not about making a quick buck. Instead, their tactics suggest a more sinister goal, blurring the lines between state-sponsored espionage and cybercrime.

    osintsights.com/muddywater-hac

    #Muddywater #Iran #Cyberespionage #Statesponsored #Ransomware

  30. MuddyWater hackers exploit Chaos ransomware as cyber-espionage decoy

    MuddyWater hackers have cleverly used Chaos ransomware as a decoy to mask their true intentions - and it's not about making a quick buck. Instead, their tactics suggest a more sinister goal, blurring the lines between state-sponsored espionage and cybercrime.

    osintsights.com/muddywater-hac

    #Muddywater #Iran #Cyberespionage #Statesponsored #Ransomware

  31. 📰 China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits

    🇨🇳 China-based APT 'Silver Fox' expands its campaign across Asia, using fake tax audit emails to target medical and financial firms. The group has evolved into a dual-purpose espionage & financial threat. 🦊 #APT #SilverFox #CyberEspionage

    🔗 cyber.netsecops.io

  32. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    Pulse ID: 69f97a64033cedf372cf42a0
    Pulse Link: otx.alienvault.com/pulse/69f97
    Pulse Author: Tr1sa111
    Created: 2026-05-05 05:04:36

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

  33. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    Pulse ID: 69f97a64033cedf372cf42a0
    Pulse Link: otx.alienvault.com/pulse/69f97
    Pulse Author: Tr1sa111
    Created: 2026-05-05 05:04:36

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

  34. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    Pulse ID: 69f97a64033cedf372cf42a0
    Pulse Link: otx.alienvault.com/pulse/69f97
    Pulse Author: Tr1sa111
    Created: 2026-05-05 05:04:36

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

  35. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    Pulse ID: 69f97a64033cedf372cf42a0
    Pulse Link: otx.alienvault.com/pulse/69f97
    Pulse Author: Tr1sa111
    Created: 2026-05-05 05:04:36

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

  36. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    Pulse ID: 69f97a64033cedf372cf42a0
    Pulse Link: otx.alienvault.com/pulse/69f97
    Pulse Author: Tr1sa111
    Created: 2026-05-05 05:04:36

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

  37. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

    Pulse ID: 69f3a95eda9a5492f5d1b6f4
    Pulse Link: otx.alienvault.com/pulse/69f3a
    Pulse Author: AlienVault
    Created: 2026-04-30 19:11:26

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

  38. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

    Pulse ID: 69f3a95eda9a5492f5d1b6f4
    Pulse Link: otx.alienvault.com/pulse/69f3a
    Pulse Author: AlienVault
    Created: 2026-04-30 19:11:26

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

  39. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

    Pulse ID: 69f3a95eda9a5492f5d1b6f4
    Pulse Link: otx.alienvault.com/pulse/69f3a
    Pulse Author: AlienVault
    Created: 2026-04-30 19:11:26

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

  40. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

    Pulse ID: 69f3a95eda9a5492f5d1b6f4
    Pulse Link: otx.alienvault.com/pulse/69f3a
    Pulse Author: AlienVault
    Created: 2026-04-30 19:11:26

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

  41. Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

    A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...

    Pulse ID: 69f3a95eda9a5492f5d1b6f4
    Pulse Link: otx.alienvault.com/pulse/69f3a
    Pulse Author: AlienVault
    Created: 2026-04-30 19:11:26

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault

  42. 📰 China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits

    🇨🇳 China-based APT 'Silver Fox' expands its campaign across Asia, using fake tax audit emails to target medical and financial firms. The group has evolved into a dual-purpose espionage & financial threat. 🦊 #APT #SilverFox #CyberEspionage

    🔗 cyber.netsecops.io

  43. German prosecutors arrest suspected Russian spy in Berlin – POLITICO

    The material reportedly included details about Berlin’s military support for Ukraine and insights into the country’s defense industry…
    #Germany #DE #Europe #EU #Europa #Criticalinfrastructure #CyberEspionage #Defense #Drones #Espionage #EU-Russiarelations #hybridthreats #Industry #Intelligence #Intelligenceservices #Military #Robotics #Russia #Spying #Supplychains #Ukraine #WarinUkraine
    europesays.com/germany/8444/