Stealth Falcon just pulled off a high-stakes hack by exploiting a zero-day flaw in Windows WebDAV. Could your system be the next target?
Recent searches
Search options
Administered by:
#cyberespionage
4 posts3 participants0 posts today
Whispering in the dark
ESET researchers uncovered a cyberespionage campaign by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has targeted Kurdish and Iraqi government officials since at least 2017, using various malicious tools including the Whisper backdoor, PrimeCache IIS module, and reverse tunnels. BladedFeline maintains persistent access to high-ranking officials in both the Kurdistan Regional Government and Iraqi government, likely for espionage purposes. The group's toolset includes sophisticated backdoors, webshells, and custom tunneling applications. ESET assesses with medium confidence that BladedFeline is a subgroup of OilRig, based on shared code, targets, and tactics. The campaign also extended to a telecommunications provider in Uzbekistan.
Pulse ID: 684874c7cbe4dbef4d0ff749
Pulse Link: https://otx.alienvault.com/pulse/684874c7cbe4dbef4d0ff749
Pulse Author: AlienVault
Created: 2025-06-10 18:09:11
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
The research outlines China-nexus threat actors targeting SentinelOne and other organizations between 2024 and 2025. It details intrusions into an IT services company managing SentinelOne's hardware logistics and reconnaissance of SentinelOne's servers. The attacks involved ShadowPad malware and a cluster of activities dubbed PurpleHaze, which included the use of GOREshell backdoors and exploitation of vulnerabilities. Over 70 organizations worldwide were compromised in a broad ShadowPad operation. The threat actors employed sophisticated techniques like operational relay box networks and custom obfuscation methods. The research emphasizes the persistent threat posed by Chinese cyberespionage to various sectors, including cybersecurity vendors.
Pulse ID: 6847eb4c4b4f501a31f255cd
Pulse Link: https://otx.alienvault.com/pulse/6847eb4c4b4f501a31f255cd
Pulse Author: AlienVault
Created: 2025-06-10 08:22:36
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
BladedFeline: Whispering in the dark
ESET researchers have uncovered a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has been targeting Kurdish and Iraqi government officials since at least 2017, using various malicious tools including reverse tunnels, backdoors, and a malicious IIS module. Key malware includes the Whisper backdoor, which communicates via compromised email accounts, and PrimeCache, a malicious IIS module with similarities to OilRig's RDAT backdoor. The campaign also targeted a telecommunications provider in Uzbekistan. BladedFeline's sophisticated tactics and tools indicate a focus on maintaining strategic access to high-ranking officials for espionage purposes.
Pulse ID: 6842cae058bebf5552345481
Pulse Link: https://otx.alienvault.com/pulse/6842cae058bebf5552345481
Pulse Author: AlienVault
Created: 2025-06-06 11:02:56
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
https://www.europesays.com/2137357/ Iran-aligned BladedFeline spies on Iraqi and Kurdish #BackdoorWhisper #Conflicts #CyberEspionage #ESET #Iran #IranAligned #llc #OilRig #OperationRoundpress #PrimeCache #ThreatActors
APT28 Targets Webmail Platforms in Global Cyberespionage Operation
The full list of cybersecurity vulnerabilities, identified by researchers at the University of California, New York (UCL), has been released.. and it is expected to be published by the end of the year
Pulse ID: 6840210dea4ad39b8ea4a258
Pulse Link: https://otx.alienvault.com/pulse/6840210dea4ad39b8ea4a258
Pulse Author: cryptocti
Created: 2025-06-04 10:33:49
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Attackers breached ConnectWise, compromised customer ScreenConnect instances https://www.helpnetsecurity.com/2025/06/02/attackers-breached-connectwise-compromised-customer-screenconnect-instances/ #government-backedattacks #cyberespionage #remoteaccess #ConnectWise #techsupport #Don'tmiss #Hotstuff #News #MSP
Help Net Security · Attackers breached ConnectWise, compromised customer ScreenConnect instances - Help Net Security
More from 
Zeljka Zorz
APT41 is using Google Calendar as a secret command center—hiding malicious orders in plain sight. How far will cybercriminals go with the everyday tools we trust? Learn the full story behind this stealthy trick.
https://thedefendopsdiaries.com/apt41s-innovative-use-of-google-calendar-for-cyber-espionage/
Czech officials are calling out China for a cyber breach by the infamous APT31 – but is this just the tip of a much larger digital espionage iceberg?
#cyberespionage
#apt31
#chinacyberattack
#czechrepublic
#cybersecurity
New Russian Cyber Threat ‘Laundry Bear’ Hits Western Targets https://thecyberexpress.com/new-russian-cyber-threat-laundry-bear/ #Nation-StateCyberattacks #militaryintelligence #TheCyberExpressNews #Russiathreatgroups #ThreatIntelligence #Newthreatgroups #TheCyberExpress #cyberespionage #FirewallDaily #CyberNews #Microsoft #Ukraine #Russia
The Cyber Express · New Russian Cyber Threat Laundry Bear Hits Western Targets
Microsoft Exposes New Russian Cyber Espionage Group Targeting NATO Allies
https://www.cyberkendra.com/2025/05/microsoft-exposes-new-russian-cyber.html
#microsoft #cyberespionage #hacking
Cyber KendraMicrosoft Exposes New Russian Cyber Espionage Group Targeting NATO Allies
Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group https://www.helpnetsecurity.com/2025/05/27/microsoft-dutch-security-agencies-lift-veil-on-laundry-bear-void-blizzard-cyber-espionage-group/ #government-backedattacks #accounthijacking #cyberespionage #government #Don'tmiss #Microsoft #Hotstuff #phishing #News #NATO #EU
Help Net Security · Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group - Help Net Security
More from Zeljka Zorz
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Void Blizzard, a newly identified Russia-affiliated threat actor, has been conducting global cyberespionage operations since April 2024. Their primary targets are organizations in critical sectors, particularly in NATO member states and Ukraine, including government, defense, transportation, media, NGOs, and healthcare. The group employs tactics such as using stolen credentials, likely obtained from commodity infostealer ecosystems, and recently evolved to include targeted spear phishing for credential theft. Despite using unsophisticated techniques, Void Blizzard has been effective in gaining access and collecting large volumes of emails and files from compromised organizations. Their activities pose a significant risk to NATO member states and allies of Ukraine.
Pulse ID: 6835955789329a0d9f2f521c
Pulse Link: https://otx.alienvault.com/pulse/6835955789329a0d9f2f521c
Pulse Author: AlienVault
Created: 2025-05-27 10:35:03
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations https://www.helpnetsecurity.com/2025/05/23/chinese-cyber-spies-are-using-ivanti-epmm-flaws-to-breach-eu-us-organizations/ #government-backedattacks #manufacturingsector #telecommunications #financialindustry #cyberespionage #EclecticIQ #government #healthcare #Don'tmiss #aerospace #Hotstuff #Ivanti #News #USA #Wiz #EU
Help Net Security · Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations - Help Net Security
More from Zeljka Zorz
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors https://www.securityweek.com/chinese-spies-exploit-ivanti-vulnerabilities-against-critical-sectors/ #criticalinfrastructure #Malware&Threats #cyberespionage #espionage #exploited #Ivanti #China
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors https://www.securityweek.com/chinese-spies-exploit-ivanti-vulnerabilities-against-critical-sectors/ #criticalinfrastructure #Malware&Threats #cyberespionage #espionage #exploited #Ivanti #China
APT28 is reportedly tracking Ukraine aid routes by breaching networks from air traffic to shipping lanes. How could this silent cyberattack affect our global security?
#cyberespionage
#apt28
#ukraineaid
#cybersecurity
#infosectrends
Russian GRU Is Hacking IP Cameras and Logistics Firms to Spy on Aid Deliveries from Western Allies to Ukraine https://thecyberexpress.com/russian-gru-hackers-targeting-west/ #TheCyberExpressNews #RussianGRUHackers #CyberEssentials #TheCyberExpress #cyberespionage #FirewallDaily #RussiaUkraine #WesternAllies #CyberWarfare #cyberwarfare #Espionage #CyberNews #IPCameras #Logistics #malware #US
The Cyber Express · Russian GRU Hackers Targeting Logistics and Tech Firms
Dutch Espionage Law Update 2025: Cyber Offenses Now Punishable by Up to 12 Years https://thecyberexpress.com/dutch-espionage-law-update-2025-cyber-offenses/ #DutchEspionageLawUpdate2025 #TheCyberExpressNews #DutchEspionageLaw #CyberattackNews #TheCyberExpress #cyberespionage #FirewallDaily #PolicyUpdates #Netherlands #Governance #CyberNews #DutchLaw
The Cyber Express · Dutch Espionage Law Gets Tough on Cyber and State Threats
Nation-state APTs ramp up attacks on Ukraine and the EU https://www.helpnetsecurity.com/2025/05/21/apt-groups-attacks-eu-ukraine/ #RussianFederation #cyberespionage #cybersecurity #NorthKorea #Ukraine #report #survey #China #News #ESET #EU
Help Net Security · Nation-state APTs ramp up attacks on Ukraine and the EU - Help Net SecurityRussian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers.