#espionage
12 articles
Between April and June 2026, ZCyberNews covered 13 espionage-focused incidents, with APT28 (Fancy Bear), APT37, and CL-STA-1062 emerging as the top threat actors. These campaigns primarily targeted government, defense, healthcare, technology, and banking sectors across Europe, Southeast Asia, South Korea, Ukraine, and Asia. The severity mix included 11 high-severity and 2 critical-severity events, reflecting sustained cyber espionage activity against strategic global interests.
HIGHCL-STA-1062 Targets Southeast Asian Governments and Critical
Chinese-speaking threat group CL-STA-1062 compromised at least 10 Southeast Asian government and energy entities in 2025 using web shells, tunneling tools, and a new TinyRCT...
HIGHSecret Blizzard Upgrades Kazuar Backdoor Into P2P Botnet
Secret Blizzard evolved Kazuar into a modular P2P botnet with 150 config options, AMSI/ETW bypass, and silent-mode nodes. Microsoft details the three-module architecture.
HIGHAPT37 Targets Ethnic Koreans in China With Android BirdCall Malware
ESET says APT37 compromised Sqgame card game platform to deliver BirdCall backdoor to Android devices, stealing SMS, call logs, and private keys from ethnic Koreans in Yanbian.
HIGHDeep#Door Python Backdoor Targets Windows Systems for Espionage
Deep#Door Python backdoor deploys persistent Windows implant for espionage — uses encrypted C2 channels, file exfiltration, and remote shell. No patch available.
HIGHChina-Linked SHADOW-EARTH-053 Hits Asian Govts, NATO State
Trend Micro tracks SHADOW-EARTH-053 targeting government and defense sectors across Asia and one NATO-aligned European state. Campaign uses custom backdoors and spear-phishing.
HIGHSilver Dragon APT Targets Southeast Asia, Europe in Espionage Campaign
Check Point Research tracks Silver Dragon, a Chinese-aligned APT group operationally linked to APT41, targeting government and telecom entities in Southeast Asia and Europe with…
HIGHUK Cyber Agency Handles Four Major Incidents Weekly
The UK's NCSC reports handling four nationally significant cyber incidents per week, with most now attributed to hostile foreign states like China and Russia, up from two per week…
HIGHMustang Panda Deploys New LOTUSLITE Variant Targeting Indian Banks
Mustang Panda's new LOTUSLITE variant targets Indian banks and South Korean policy circles via a dynamic DNS C2 over HTTPS, enabling remote shell access and file theft.
HIGHAgingFly Malware Targets Ukrainian Government and Hospitals
A new malware family dubbed 'AgingFly' is stealing authentication data from Chromium browsers and WhatsApp in targeted attacks against Ukrainian local government bodies and hospitals.
CRITICALCritical PDF Zero-Day Exploited for Months, Infrastructure Espionage Revealed
A critical zero-day vulnerability in widely used PDF software has been actively exploited for months. Concurrently, state-sponsored actors have been targeting fiber optic infrastructure for espionage.
HIGHFancy Bear APT Exploits Unpatched Flaws in Global Espionage Campaign
Russia's APT28 (Fancy Bear) is conducting a global cyber espionage campaign, exploiting unpatched vulnerabilities in routers and network devices to infiltrate government and defense targets.
HIGHStryker Hit by Cyberattack, Windows Zero-Day Exploited, China Supercomputer Hacked
Medical device giant Stryker confirms a cyberattack, while a patched Windows zero-day is actively exploited and a Chinese supercomputer cluster is breached.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.