Cyber Espionage News, Articles and Updates

Symantec pegs Chinese group Thrip behind recent cyberespionage attacks

Symantec researchers spot three Chinese computers behind a string of cyberespionage attacks targeting private and defense-related targets in the United States and Southeast Asia, including attempting to infect a computer system that handled satellite operations.

Adobe issues critical patch after Flash zero-day bug actively exploited in Middle East

Adobe Systems today issued patches for four software vulnerabilities in Flash Player, including a zero-day flaw that attackers have been exploiting in the wild in targeted attacks against Windows users in the Middle East, possibly in Qatar.

Sofacy rolls our Zebrocy toolkit to hit government targets

The Russian APT cybergang Sofacy has rolled out a new campaign based on a seldom used attack tool called Zebrocy and is using it to target government, diplomatic and other strategic organizations primarily in North America and Europe.

RAT campaign targets Koreans with phishing lures featuring U.S.-North Korea summit

A remote access trojan that apparently went undiscovered for at least two years was found targeting Koreans in a spam campaign using the possible upcoming U.S.-North Korea nukes summit as a phishing lure.

Turla cyberespionage group switched to open-source malware

The Turla cyberespionage group has implemented some new tactics over the last few months incorporating some open-source exploitation tools instead of relying solely on their own creations to run campaigns.

Patch Tuesday: Microsoft mends RCE bug reportedly exploited by cyber espionage group

Microsoft Corporation's Patch Tuesday release today fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.

Secret no more: North Korea the likely culprit in complex GhostSecret cyber espionage campaign

What began as an aggressive phishing-based malware campaign against Turkish financial institutions earlier this year appears to have since burgeoned into a worldwide cyberspying and data theft operation targeting a wide range of industry sectors with at least two malicious implants.

New Desert Scorpion spyware found in malicious chat app aimed at Palestinians

A malicious chat app that was advertised on Facebook and sold in the Google Play store was discovered to execute a previously undiscovered spyware program linked to APT-C-23, an advanced persistent threat group allegedly with ties to Hamas.

Terbium Labs CEO: We have the tools to curtail fake news, if we'd only use them

We already have the means to significantly curtail fake news campaigns emanating from Russia and elsewhere, but it is up security practitioners, and especially online content and advertising platforms, to meaningfully employ these measures, according to Dr. Daniel Rogers, CEO of Terbium Labs.

Operation Parliament targeting Middle East nations with cyberespionage malware

Kaspersky Labs has detailed a large scale nation-state backed malware campaign called Operation Parliament that is targeting governments and high-level officials in the Middle East and North Africa (MENA) regions.

U.K. intel director discloses offensive cyber campaign against ISIS, lambastes Russia

In his first public speech, the U.K.'s GCHQ Director Jeremy Fleming acknowledged that the agency recently coordinated a major cyber offensive operation against ISIS, significantly crippling the terrorist group's ability to recruit and coordinate attacks online.

Justice was overdue: Indicted Iranian hackers phished targets using library account lures

The nine Iranian hackers who were indicted last Friday for allegedly exfiltrating 31 terabytes of research documents and credentials from academics, companies and government agencies phished many of their targets using lures intended to trick them into thinking their library accounts were cancelled.

New Sanny info-stealer campaign targets government agencies with evolved malware

Researchers this month discovered a new spear phishing campaign targeting government agencies with an evolved version of Sanny malware, a five-year-old information-stealer that now features a multi-stage infection process, whereby each stage is downloaded from the attacker's server.

Kaspersky research on Slingshot APT campaign reportedly exposes U.S. counterterrorism operation

A recently published Kaspersky Lab report that exposed a sophisticated, six-year cyber espionage campaign targeting the Middle East and Africa disrupted an active counterterrorism operation, according to an article this week by CyberScoop, citing current and former U.S. intelligence officials.

Russian hackers target European agency with updated DealersChoice Adobe Flash exploit tool

The aggressive Russian APT group Sofacy targeted yet another European government agency earlier this month, attempting to infect the organization with unknown malware using a crafty new variant of its Adobe Flash-based exploit platform DealersChoice.

Suspected Chinese cyberespionage group targets U.S. engineering, maritime Industries

The suspected Chinese cyberespionage group dubbed "TEMP.Periscope" is targeting U.S. engineering and maritime Industries in its latest campaign.

MuddyWater APT campaign flowing again

The MuddyWater APT campaign appears to be rising to the surface again with researchers finding similarities between this older cyberespionage attack and a new one targeting Turkey, Pakistan and Tajikistan.

Slingshot APT campaign exposed after six years of sophisticated spying

A cyber espionage campaign bearing all of the hallmarks of an extremely advanced nation-state actor used malware to spy on international targets for six years before it was finally detected and exposed, Kaspersky Lab reported on Friday.

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to at least a select few of the 2.27 million computers that had downloaded the tainted utility program.

North Korea's APT37 hacking group expands its reach and ups its game, warns researchers

Reputed North Korean APT group TEMP.Reaper, the alleged culprit behind a zero-day ROKRAT malware campaign leveraging Adobe Flash Player vulnerability CVE-2018-4878, has been expanding its global target list despite remaining largely under the radar, according to a new FireEye research report.

U.S. intel officials: Chinese phones, telecom services could be espionage tools

In testimony before the Senate Intelligence Committee last Tuesday, six top U.S. intelligence officials unanimously advised against government bodies or private citizens using equipment or services from China-based telecommunications companies ZTE or Huawei, due to the risks of potential espionage.