ZCyberNews
中文

#espionage

12 articles

Between April and June 2026, ZCyberNews covered 13 espionage-focused incidents, with APT28 (Fancy Bear), APT37, and CL-STA-1062 emerging as the top threat actors. These campaigns primarily targeted government, defense, healthcare, technology, and banking sectors across Europe, Southeast Asia, South Korea, Ukraine, and Asia. The severity mix included 11 high-severity and 2 critical-severity events, reflecting sustained cyber espionage activity against strategic global interests.

Map of Southeast Asia with highlighted government and energy sector icons, representing CL-STA-1062 targetingHIGH
Malware

CL-STA-1062 Targets Southeast Asian Governments and Critical

Chinese-speaking threat group CL-STA-1062 compromised at least 10 Southeast Asian government and energy entities in 2025 using web shells, tunneling tools, and a new TinyRCT...

4 min readCL-STA-1062
Secret Blizzard Upgrades Kazuar Backdoor Into P2P BotnetHIGH
Malware

Secret Blizzard Upgrades Kazuar Backdoor Into P2P Botnet

Secret Blizzard evolved Kazuar into a modular P2P botnet with 150 config options, AMSI/ETW bypass, and silent-mode nodes. Microsoft details the three-module architecture.

3 min readSecret Blizzard
APT37 Targets Ethnic Koreans in China With Android BirdCall MalwareHIGH
Malware

APT37 Targets Ethnic Koreans in China With Android BirdCall Malware

ESET says APT37 compromised Sqgame card game platform to deliver BirdCall backdoor to Android devices, stealing SMS, call logs, and private keys from ethnic Koreans in Yanbian.

4 min readAPT37
Deep#Door Python Backdoor Targets Windows Systems for EspionageHIGH
Malware

Deep#Door Python Backdoor Targets Windows Systems for Espionage

Deep#Door Python backdoor deploys persistent Windows implant for espionage — uses encrypted C2 channels, file exfiltration, and remote shell. No patch available.

2 min readDeep#Door
China-Linked SHADOW-EARTH-053 Hits Asian Govts, NATO StateHIGH
Threat Intel

China-Linked SHADOW-EARTH-053 Hits Asian Govts, NATO State

Trend Micro tracks SHADOW-EARTH-053 targeting government and defense sectors across Asia and one NATO-aligned European state. Campaign uses custom backdoors and spear-phishing.

2 min readSHADOW-EARTH-053
Silver Dragon APT Targets Southeast Asia, Europe in Espionage CampaignHIGH
Threat Intel

Silver Dragon APT Targets Southeast Asia, Europe in Espionage Campaign

Check Point Research tracks Silver Dragon, a Chinese-aligned APT group operationally linked to APT41, targeting government and telecom entities in Southeast Asia and Europe with…

3 min readSilver Dragon
UK Cyber Agency Handles Four Major Incidents WeeklyHIGH
Industry News

UK Cyber Agency Handles Four Major Incidents Weekly

The UK's NCSC reports handling four nationally significant cyber incidents per week, with most now attributed to hostile foreign states like China and Russia, up from two per week…

2 min read
Mustang Panda Deploys New LOTUSLITE Variant Targeting Indian BanksHIGH
Threat Intel

Mustang Panda Deploys New LOTUSLITE Variant Targeting Indian Banks

Mustang Panda's new LOTUSLITE variant targets Indian banks and South Korean policy circles via a dynamic DNS C2 over HTTPS, enabling remote shell access and file theft.

3 min readMustang Panda
AgingFly Malware Targets Ukrainian Government and HospitalsHIGH
Malware

AgingFly Malware Targets Ukrainian Government and Hospitals

A new malware family dubbed 'AgingFly' is stealing authentication data from Chromium browsers and WhatsApp in targeted attacks against Ukrainian local government bodies and hospitals.

3 min read
Critical PDF Zero-Day Exploited for Months, Infrastructure Espionage RevealedCRITICAL
Threat Intel

Critical PDF Zero-Day Exploited for Months, Infrastructure Espionage Revealed

A critical zero-day vulnerability in widely used PDF software has been actively exploited for months. Concurrently, state-sponsored actors have been targeting fiber optic infrastructure for espionage.

3 min read
Fancy Bear APT Exploits Unpatched Flaws in Global Espionage CampaignHIGH
Threat Intel

Fancy Bear APT Exploits Unpatched Flaws in Global Espionage Campaign

Russia's APT28 (Fancy Bear) is conducting a global cyber espionage campaign, exploiting unpatched vulnerabilities in routers and network devices to infiltrate government and defense targets.

3 min readAPT28 (Fancy Bear)
Stryker Hit by Cyberattack, Windows Zero-Day Exploited, China Supercomputer HackedHIGH
Threat Intel

Stryker Hit by Cyberattack, Windows Zero-Day Exploited, China Supercomputer Hacked

Medical device giant Stryker confirms a cyberattack, while a patched Windows zero-day is actively exploited and a Chinese supercomputer cluster is breached.

3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.