techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.9K
active users

#cyberespionage

4 posts3 participants0 posts today

Whispering in the dark

ESET researchers uncovered a cyberespionage campaign by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has targeted Kurdish and Iraqi government officials since at least 2017, using various malicious tools including the Whisper backdoor, PrimeCache IIS module, and reverse tunnels. BladedFeline maintains persistent access to high-ranking officials in both the Kurdistan Regional Government and Iraqi government, likely for espionage purposes. The group's toolset includes sophisticated backdoors, webshells, and custom tunneling applications. ESET assesses with medium confidence that BladedFeline is a subgroup of OilRig, based on shared code, targets, and tactics. The campaign also extended to a telecommunications provider in Uzbekistan.

Pulse ID: 684874c7cbe4dbef4d0ff749
Pulse Link: otx.alienvault.com/pulse/68487
Pulse Author: AlienVault
Created: 2025-06-10 18:09:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

The research outlines China-nexus threat actors targeting SentinelOne and other organizations between 2024 and 2025. It details intrusions into an IT services company managing SentinelOne's hardware logistics and reconnaissance of SentinelOne's servers. The attacks involved ShadowPad malware and a cluster of activities dubbed PurpleHaze, which included the use of GOREshell backdoors and exploitation of vulnerabilities. Over 70 organizations worldwide were compromised in a broad ShadowPad operation. The threat actors employed sophisticated techniques like operational relay box networks and custom obfuscation methods. The research emphasizes the persistent threat posed by Chinese cyberespionage to various sectors, including cybersecurity vendors.

Pulse ID: 6847eb4c4b4f501a31f255cd
Pulse Link: otx.alienvault.com/pulse/6847e
Pulse Author: AlienVault
Created: 2025-06-10 08:22:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

BladedFeline: Whispering in the dark

ESET researchers have uncovered a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has been targeting Kurdish and Iraqi government officials since at least 2017, using various malicious tools including reverse tunnels, backdoors, and a malicious IIS module. Key malware includes the Whisper backdoor, which communicates via compromised email accounts, and PrimeCache, a malicious IIS module with similarities to OilRig's RDAT backdoor. The campaign also targeted a telecommunications provider in Uzbekistan. BladedFeline's sophisticated tactics and tools indicate a focus on maintaining strategic access to high-ranking officials for espionage purposes.

Pulse ID: 6842cae058bebf5552345481
Pulse Link: otx.alienvault.com/pulse/6842c
Pulse Author: AlienVault
Created: 2025-06-06 11:02:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

APT28 Targets Webmail Platforms in Global Cyberespionage Operation

The full list of cybersecurity vulnerabilities, identified by researchers at the University of California, New York (UCL), has been released.. and it is expected to be published by the end of the year

Pulse ID: 6840210dea4ad39b8ea4a258
Pulse Link: otx.alienvault.com/pulse/68402
Pulse Author: cryptocti
Created: 2025-06-04 10:33:49

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

New Russia-affiliated actor Void Blizzard targets critical sectors for espionage

Void Blizzard, a newly identified Russia-affiliated threat actor, has been conducting global cyberespionage operations since April 2024. Their primary targets are organizations in critical sectors, particularly in NATO member states and Ukraine, including government, defense, transportation, media, NGOs, and healthcare. The group employs tactics such as using stolen credentials, likely obtained from commodity infostealer ecosystems, and recently evolved to include targeted spear phishing for credential theft. Despite using unsophisticated techniques, Void Blizzard has been effective in gaining access and collecting large volumes of emails and files from compromised organizations. Their activities pose a significant risk to NATO member states and allies of Ukraine.

Pulse ID: 6835955789329a0d9f2f521c
Pulse Link: otx.alienvault.com/pulse/68359
Pulse Author: AlienVault
Created: 2025-05-27 10:35:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.