Russian state-backed group APT28 rapidly exploited a new Microsoft Office vulnerability to breach multiple European government agencies. Their campaign used advanced spearphishing, fileless malware, and cloud-based command-and-control to evade detection and exfiltrate sensitive data.
APT28 (Fancy Bear) hackers leveraged a novel Microsoft Office vulnerability to launch a silent, multi-stage espionage campaign against European agencies. Using forged emails, advanced malware, and legitimate cloud services, they stole sensitive information with near-invisible tactics.
North Korea’s Ricochet Chollima hackers launched a stealthy campaign using weaponized LNK files and Dropbox, targeting activists and analysts investigating the regime. Learn how Operation: ToyBox Story unfolded and why it signals a new era of cyber-espionage.
Russian state-backed APT28 exploited a fresh Microsoft Office zero-day in a sophisticated espionage campaign, targeting Ukraine, Slovakia, and Romania with email-stealing malware and advanced loaders despite emergency patches.
A targeted cyber-espionage campaign by China’s Lotus Blossom group hijacked Notepad++ updates, infecting high-value organizations with spyware. The case exposes the vulnerability of trusted open-source software to state-backed supply chain attacks.
Russian-linked APT28 hackers exploited a fresh Microsoft Office zero-day in a sophisticated campaign targeting Eastern European governments. Using crafted documents and advanced malware like MiniDoor and PixyNetLoader, the attackers stole sensitive emails and established covert access, even after Microsoft’s emergency patch.
Lotus Blossom, a China-linked APT, breached Notepad++'s hosting provider to distribute a custom backdoor via tampered updates. Investigators reveal how the attack exploited supply chain weaknesses and advanced obfuscation techniques.
PeckBirdy, a stealthy JScript-based malware toolkit linked to China, is targeting gambling and government sites across Asia with modular backdoors and advanced evasion tactics. Here’s how it works—and why it’s so hard to detect.
HoneyMyte’s CoolClient malware has evolved, now targeting browser logins in addition to its espionage functions. Security experts warn this upgrade could expose organizations worldwide to deeper breaches.
Mustang Panda’s latest CoolClient malware variant is targeting Asian and Russian government networks with advanced infostealers and stealthy data exfiltration techniques, raising the stakes in global cyber-espionage.