Cyber Espionage News, Articles and Updates

New Desert Scorpion spyware found in malicious chat app aimed at Palestinians

A malicious chat app that was advertised on Facebook and sold in the Google Play store was discovered to execute a previously undiscovered spyware program linked to APT-C-23, an advanced persistent threat group allegedly with ties to Hamas.

Terbium Labs CEO: We have the tools to curtail fake news, if we'd only use them

We already have the means to significantly curtail fake news campaigns emanating from Russia and elsewhere, but it is up security practitioners, and especially online content and advertising platforms, to meaningfully employ these measures, according to Dr. Daniel Rogers, CEO of Terbium Labs.

Operation Parliament targeting Middle East nations with cyberespionage malware

Kaspersky Labs has detailed a large scale nation-state backed malware campaign called Operation Parliament that is targeting governments and high-level officials in the Middle East and North Africa (MENA) regions.

U.K. intel director discloses offensive cyber campaign against ISIS, lambastes Russia

In his first public speech, the U.K.'s GCHQ Director Jeremy Fleming acknowledged that the agency recently coordinated a major cyber offensive operation against ISIS, significantly crippling the terrorist group's ability to recruit and coordinate attacks online.

Justice was overdue: Indicted Iranian hackers phished targets using library account lures

The nine Iranian hackers who were indicted last Friday for allegedly exfiltrating 31 terabytes of research documents and credentials from academics, companies and government agencies phished many of their targets using lures intended to trick them into thinking their library accounts were cancelled.

New Sanny info-stealer campaign targets government agencies with evolved malware

Researchers this month discovered a new spear phishing campaign targeting government agencies with an evolved version of Sanny malware, a five-year-old information-stealer that now features a multi-stage infection process, whereby each stage is downloaded from the attacker's server.

Kaspersky research on Slingshot APT campaign reportedly exposes U.S. counterterrorism operation

A recently published Kaspersky Lab report that exposed a sophisticated, six-year cyber espionage campaign targeting the Middle East and Africa disrupted an active counterterrorism operation, according to an article this week by CyberScoop, citing current and former U.S. intelligence officials.

Russian hackers target European agency with updated DealersChoice Adobe Flash exploit tool

The aggressive Russian APT group Sofacy targeted yet another European government agency earlier this month, attempting to infect the organization with unknown malware using a crafty new variant of its Adobe Flash-based exploit platform DealersChoice.

Suspected Chinese cyberespionage group targets U.S. engineering, maritime Industries

The suspected Chinese cyberespionage group dubbed "TEMP.Periscope" is targeting U.S. engineering and maritime Industries in its latest campaign.

MuddyWater APT campaign flowing again

The MuddyWater APT campaign appears to be rising to the surface again with researchers finding similarities between this older cyberespionage attack and a new one targeting Turkey, Pakistan and Tajikistan.

Slingshot APT campaign exposed after six years of sophisticated spying

A cyber espionage campaign bearing all of the hallmarks of an extremely advanced nation-state actor used malware to spy on international targets for six years before it was finally detected and exposed, Kaspersky Lab reported on Friday.

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to at least a select few of the 2.27 million computers that had downloaded the tainted utility program.

North Korea's APT37 hacking group expands its reach and ups its game, warns researchers

Reputed North Korean APT group TEMP.Reaper, the alleged culprit behind a zero-day ROKRAT malware campaign leveraging Adobe Flash Player vulnerability CVE-2018-4878, has been expanding its global target list despite remaining largely under the radar, according to a new FireEye research report.

U.S. intel officials: Chinese phones, telecom services could be espionage tools

In testimony before the Senate Intelligence Committee last Tuesday, six top U.S. intelligence officials unanimously advised against government bodies or private citizens using equipment or services from China-based telecommunications companies ZTE or Huawei, due to the risks of potential espionage.

Two-year-old malware campaign plagues Ukrainians with Vermin, Quasar RATs

Researchers have uncovered a two-year-old cyber espionage campaign that's been infecting Ukrainians with either a newly discovered remote access tool called Vermin or the more established Quasar RAT.

Apparent Korean actor 'Group123' linked to six phishing campaigns, including 'Evil New Year' scam

Researchers have attributed six separate phishing campaigns targeting South Koreans in either 2017 or 2018 to a single threat actor called "Group123," including multiple operations designed to infect victims with the remote administration tool ROKRAT.

Turla cyber-espionage group fakes Adobe Flash Player to drop malware on embassies

Cyberespionage group Turla is reported to be targeting embassies and consulates in the post-Soviet states using a new tool to dupe potential victims into installing malware to exfiltrate data.

Jailed Russian says he left poison pill in Kremlin-directed DNC hack

A imprisoned Russian who claimed the Kremlin ordered him to hack the Democratic National Committee (DNC) computers now says he has the evidence to prove it, asserting that he left behind a "poison pill" in case Russian intelligence betrayed him.

Report: Vietnamese cyber military unit formed to fight controversial ideas on internet

The Vietnamese government has reportedly deployed a military cyber warfare unit compromised of more than 10,000 digital soldiers to combat and censor views on the internet that it finds threatening or "wrong."

Report: Chinese cyberspies targeted Western think tanks with spy tools, DDos attacks in Q4

At least four Western think tanks and two non-government organizations were targeted in Chinese cyber espionage activities this past October and November, according to a new report from CrowdStrike.

Researchers: Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber espionage operation that targeted a Middle Eastern government organization, using a recently patched remote code execution vulnerability in Microsoft Office as an attack vector.

Hello, Charming Kitten: Alleged HBO hacker, two others possibly linked to Iranian APT group

Researchers with ClearSky Cyber Security believe with medium-level confidence that they have linked three individuals to the Iranian advanced persistent threat group Charming Kitten, including the man accused of hacking and extorting HBO.