#cyberespionage — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cyberespionage, aggregated by home.social.
-
📰 Iranian APT 'Screening Serpens' Intensifies Espionage with New RATs Targeting US, Israel, and UAE
🇮🇷 Iranian APT 'Screening Serpens' escalates cyber-espionage against US, Israel & UAE. New RATs 'MiniUpdate' & 'MiniJunk V2' deployed. Group using advanced AppDomainManager hijacking for persistence. #APT #CyberEspionage #Iran #ThreatIntel
🌐 cyber[.]netsecops[.]io
-
📰 Iranian APT 'Screening Serpens' Intensifies Espionage with New RATs Targeting US, Israel, and UAE
🇮🇷 Iranian APT 'Screening Serpens' escalates cyber-espionage against US, Israel & UAE. New RATs 'MiniUpdate' & 'MiniJunk V2' deployed. Group using advanced AppDomainManager hijacking for persistence. #APT #CyberEspionage #Iran #ThreatIntel
🌐 cyber[.]netsecops[.]io
-
Fresh mischief and digital shenanigans
FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.
Pulse ID: 6a0e803c81c123ee6cf7066a
Pulse Link: https://otx.alienvault.com/pulse/6a0e803c81c123ee6cf7066a
Pulse Author: AlienVault
Created: 2026-05-21 03:47:08Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault
-
Fresh mischief and digital shenanigans
FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.
Pulse ID: 6a0e803c81c123ee6cf7066a
Pulse Link: https://otx.alienvault.com/pulse/6a0e803c81c123ee6cf7066a
Pulse Author: AlienVault
Created: 2026-05-21 03:47:08Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault
-
Fresh mischief and digital shenanigans
FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.
Pulse ID: 6a0e803c81c123ee6cf7066a
Pulse Link: https://otx.alienvault.com/pulse/6a0e803c81c123ee6cf7066a
Pulse Author: AlienVault
Created: 2026-05-21 03:47:08Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault
-
Fresh mischief and digital shenanigans
FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.
Pulse ID: 6a0e803c81c123ee6cf7066a
Pulse Link: https://otx.alienvault.com/pulse/6a0e803c81c123ee6cf7066a
Pulse Author: AlienVault
Created: 2026-05-21 03:47:08Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault
-
Fresh mischief and digital shenanigans
FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.
Pulse ID: 6a0e803c81c123ee6cf7066a
Pulse Link: https://otx.alienvault.com/pulse/6a0e803c81c123ee6cf7066a
Pulse Author: AlienVault
Created: 2026-05-21 03:47:08Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Belarus #CobaltStrike #CredentialHarvesting #CyberSecurity #Cyberespionage #EasternEurope #Espionage #Europe #Government #InfoSec #Java #JavaScript #Military #OTX #OpenThreatExchange #PDF #Phishing #Poland #RAT #SMS #SpearPhishing #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault
-
Belarus-aligned FrostyNeighbor continues targeting Ukrainian government, military sectors with updated attack techniques
ESET researchers identified renewed activity from FrostyNeighbor, a long-running cyberespionage actor apparently aligned with Belarusian interests,…
#Belarus #BY #Europe #Europa #EU #belarus #cyberattack #cyberthreats #cyberespionage #Cybersecurity #défense #electroniccommunications #ESET #FrostyNeighbor #JavaScript #military #PicassoLoader
https://www.europesays.com/3002226/ -
Poland shifts away from Signal following cyberattacks on officials’ accounts
Poland shifts away from Signal following cyberattacks on officials’ accounts Pierluigi Paganini May 19, 2026 Poland told officials…
#Poland #Polska #PL #Europe #Europa #EU #cyberespionage #Hacking #hackingnews #informationsecuritynews #ITInformationSecurity #mSzyfrMessenger #PierluigiPaganini #SecurityAffairs #SecurityNews #Signal
https://www.europesays.com/poland/7501/ -
A 75-cent billing error. A hacker selling US secrets to the KGB. One astronomer who refused to look away. The Cuckoo's Egg is a true spy story like no other.
#CuckoosEgg #CliffordStoll #CyberEspionage #books #bookreviews
https://thisgrandpablogs.com/cuckoos-egg-book-review/ -
A 75-cent billing error. A hacker selling US secrets to the KGB. One astronomer who refused to look away. The Cuckoo's Egg is a true spy story like no other.
#CuckoosEgg #CliffordStoll #CyberEspionage #books #bookreviews
https://thisgrandpablogs.com/cuckoos-egg-book-review/ -
A 75-cent billing error. A hacker selling US secrets to the KGB. One astronomer who refused to look away. The Cuckoo's Egg is a true spy story like no other.
#CuckoosEgg #CliffordStoll #CyberEspionage #books #bookreviews
https://thisgrandpablogs.com/cuckoos-egg-book-review/ -
A 75-cent billing error. A hacker selling US secrets to the KGB. One astronomer who refused to look away. The Cuckoo's Egg is a true spy story like no other.
#CuckoosEgg #CliffordStoll #CyberEspionage #books #bookreviews
https://thisgrandpablogs.com/cuckoos-egg-book-review/ -
Trump Reveals US, China Discussed Cyberattacks, Espionage
President Donald Trump revealed that he and Chinese President Xi Jinping had a candid conversation about cyberattacks and espionage, with Trump bluntly stating that the US spies on China just as China spies on the US. Trump hinted at a cat-and-mouse game between the two nations, saying the US does things to China that it doesn't know…
#UschinaRelations #CyberEspionage #NationState #Geopolitics #EmergingThreats
-
Mustang Panda Unveils Modular FDMTP Backdoor in Cyberespionage Push
Cyberespionage groups like Mustang Panda are constantly evolving their tactics, and a recent campaign has seen the emergence of a modular backdoor that allows attackers to adapt and persist in compromised environments. This sophisticated tool enables hackers to blend in with legitimate processes, making it a major concern for security…
#Cyberespionage #ModularBackdoor #Fdmtp #MustangPanda #EarthPreta
-
Cliff Stoll found a 75-cent error and caught a KGB spy. This true story beats any thriller novel on the shelf.
#books #bookreview #truecrimethriller #cyberespionage
https://thisgrandpablogs.com/cuckoos-egg-book-review/ -
Cliff Stoll found a 75-cent error and caught a KGB spy. This true story beats any thriller novel on the shelf.
#books #bookreview #truecrimethriller #cyberespionage
https://thisgrandpablogs.com/cuckoos-egg-book-review/ -
Cliff Stoll found a 75-cent error and caught a KGB spy. This true story beats any thriller novel on the shelf.
#books #bookreview #truecrimethriller #cyberespionage
https://thisgrandpablogs.com/cuckoos-egg-book-review/ -
Cliff Stoll found a 75-cent error and caught a KGB spy. This true story beats any thriller novel on the shelf.
#books #bookreview #truecrimethriller #cyberespionage
https://thisgrandpablogs.com/cuckoos-egg-book-review/ -
Cliff Stoll found a 75-cent error and caught a KGB spy. This true story beats any thriller novel on the shelf.
#books #bookreview #truecrimethriller #cyberespionage
https://thisgrandpablogs.com/cuckoos-egg-book-review/ -
📰 Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign
⚠️ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel
-
Iranian Hackers Target Electronics Maker in Global Espionage Push
Iran-linked hackers, known as MuddyWater, infiltrated a major South Korean electronics manufacturer's network for a week in February 2026, as part of a massive global cyber-espionage campaign targeting nine high-profile organizations across multiple sectors and countries.
#Muddywater #Seedworm #CyberEspionage #DllSideloading #Chromelevator
-
📰 Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign
⚠️ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel
-
Operation HumanitarianBait: An Infostealer Campaign in Disguise
Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.
Pulse ID: 6a01c14d4138e8c33a19b4d7
Pulse Link: https://otx.alienvault.com/pulse/6a01c14d4138e8c33a19b4d7
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:45:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL
-
Operation HumanitarianBait: An Infostealer Campaign in Disguise
Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.
Pulse ID: 6a01c14d4138e8c33a19b4d7
Pulse Link: https://otx.alienvault.com/pulse/6a01c14d4138e8c33a19b4d7
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:45:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL
-
Operation HumanitarianBait: An Infostealer Campaign in Disguise
Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.
Pulse ID: 6a01c14d4138e8c33a19b4d7
Pulse Link: https://otx.alienvault.com/pulse/6a01c14d4138e8c33a19b4d7
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:45:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL
-
Operation HumanitarianBait: An Infostealer Campaign in Disguise
Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.
Pulse ID: 6a01c14d4138e8c33a19b4d7
Pulse Link: https://otx.alienvault.com/pulse/6a01c14d4138e8c33a19b4d7
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:45:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL
-
Operation HumanitarianBait: An Infostealer Campaign in Disguise
Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign using aid-themed lures in a Russian aid request form, as well as a fileless Python infostealer.
Pulse ID: 6a01c14d4138e8c33a19b4d7
Pulse Link: https://otx.alienvault.com/pulse/6a01c14d4138e8c33a19b4d7
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:45:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CRIL #CyberSecurity #Cyberespionage #Cyble #Espionage #InfoSec #InfoStealer #OTX #OpenThreatExchange #Python #RAT #Russia #bot #CyberHunter_NL
-
🧑🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."
https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html
-
🧑🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."
https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html
-
🧑🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."
https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html
-
🧑🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."
https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html
-
🧑🚀 NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."
https://thehackernews.com/2026/04/nasa-employees-duped-in-chinese.html
-
📰 Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign
⚠️ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel
-
MuddyWater hackers exploit Chaos ransomware as cyber-espionage decoy
MuddyWater hackers have cleverly used Chaos ransomware as a decoy to mask their true intentions - and it's not about making a quick buck. Instead, their tactics suggest a more sinister goal, blurring the lines between state-sponsored espionage and cybercrime.
#Muddywater #Iran #Cyberespionage #Statesponsored #Ransomware
-
MuddyWater hackers exploit Chaos ransomware as cyber-espionage decoy
MuddyWater hackers have cleverly used Chaos ransomware as a decoy to mask their true intentions - and it's not about making a quick buck. Instead, their tactics suggest a more sinister goal, blurring the lines between state-sponsored espionage and cybercrime.
#Muddywater #Iran #Cyberespionage #Statesponsored #Ransomware
-
📰 China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits
🇨🇳 China-based APT 'Silver Fox' expands its campaign across Asia, using fake tax audit emails to target medical and financial firms. The group has evolved into a dual-purpose espionage & financial threat. 🦊 #APT #SilverFox #CyberEspionage
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
Pulse ID: 69f97a64033cedf372cf42a0
Pulse Link: https://otx.alienvault.com/pulse/69f97a64033cedf372cf42a0
Pulse Author: Tr1sa111
Created: 2026-05-05 05:04:36Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
Pulse ID: 69f97a64033cedf372cf42a0
Pulse Link: https://otx.alienvault.com/pulse/69f97a64033cedf372cf42a0
Pulse Author: Tr1sa111
Created: 2026-05-05 05:04:36Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
Pulse ID: 69f97a64033cedf372cf42a0
Pulse Link: https://otx.alienvault.com/pulse/69f97a64033cedf372cf42a0
Pulse Author: Tr1sa111
Created: 2026-05-05 05:04:36Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
Pulse ID: 69f97a64033cedf372cf42a0
Pulse Link: https://otx.alienvault.com/pulse/69f97a64033cedf372cf42a0
Pulse Author: Tr1sa111
Created: 2026-05-05 05:04:36Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
Pulse ID: 69f97a64033cedf372cf42a0
Pulse Link: https://otx.alienvault.com/pulse/69f97a64033cedf372cf42a0
Pulse Author: Tr1sa111
Created: 2026-05-05 05:04:36Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...
Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...
Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...
Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...
Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault
-
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...
Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault
-
📰 China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits
🇨🇳 China-based APT 'Silver Fox' expands its campaign across Asia, using fake tax audit emails to target medical and financial firms. The group has evolved into a dual-purpose espionage & financial threat. 🦊 #APT #SilverFox #CyberEspionage
-
https://www.europesays.com/dk/70989/ German prosecutors arrest suspected Russian spy in Berlin – POLITICO #berlin #CriticalInfrastructure #CyberEspionage #Defense #Drones #Espionage #EURussiaRelations #Germany #HybridThreats #industry #Intelligence #IntelligenceServices #Military #Robotics #Russia #spying #SupplyChains #Ukraine #WarInUkraine
-
German prosecutors arrest suspected Russian spy in Berlin – POLITICO
The material reportedly included details about Berlin’s military support for Ukraine and insights into the country’s defense industry…
#Germany #DE #Europe #EU #Europa #Criticalinfrastructure #CyberEspionage #Defense #Drones #Espionage #EU-Russiarelations #hybridthreats #Industry #Intelligence #Intelligenceservices #Military #Robotics #Russia #Spying #Supplychains #Ukraine #WarinUkraine
https://www.europesays.com/germany/8444/