Viasat’s breach by Chinese hackers is a wake-up call for our global communications. How safe are we when state-backed cyberattacks target vital networks? Read on for the full story.

https://thedefendopsdiaries.com/viasat-breach-by-salt-typhoon-a-wake-up-call-for-cybersecurity/

#viasatbreach
#salttyphoon
#cybersecurity
#nationalsecurity
#cyberespionage

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #24/2025 is out!

It includes the following and much more:

🇨🇳 @SentinelOne Reported That it Faced A Year-long Campaign of #Cyberespionage from Chinese Threat Actors;

⌚️ A New Attack Called "SmartAttack" Uses Smartwatches To Secretly Steal Data From Air-gapped Systems;

❌ #INTERPOL Has Dismantled Over 20,000 Malicious IP Addresses Linked to 69 Types Of #Malware;

🐛 ☁️ Researchers Found Five Zero-day Vulnerabilities and 15 Common Misconfigurations In #Salesforce Industry Cloud;

🇷🇺 🇮🇷 🇨🇳 #OpenAI Has Banned #ChatGPT Accounts Linked To Russian, Iranian, and Chinese Hacker Groups;

📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-24-2025

Stealth Falcon just pulled off a high-stakes hack by exploiting a zero-day flaw in Windows WebDAV. Could your system be the next target?

https://thedefendopsdiaries.com/unmasking-stealth-falcon-exploiting-windows-webdav-zero-day-vulnerability/

#stealthfalcon
#webdav
#zeroday
#cyberespionage
#cybersecurity

Whispering in the dark

ESET researchers uncovered a cyberespionage campaign by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has targeted Kurdish and Iraqi government officials since at least 2017, using various malicious tools including the Whisper backdoor, PrimeCache IIS module, and reverse tunnels. BladedFeline maintains persistent access to high-ranking officials in both the Kurdistan Regional Government and Iraqi government, likely for espionage purposes. The group's toolset includes sophisticated backdoors, webshells, and custom tunneling applications. ESET assesses with medium confidence that BladedFeline is a subgroup of OilRig, based on shared code, targets, and tactics. The campaign also extended to a telecommunications provider in Uzbekistan.

Pulse ID: 684874c7cbe4dbef4d0ff749
Pulse Link: https://otx.alienvault.com/pulse/684874c7cbe4dbef4d0ff749
Pulse Author: AlienVault
Created: 2025-06-10 18:09:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Cyberespionage #ESET #Espionage #Government #ICS #InfoSec #Iran #OTX #OilRig #OpenThreatExchange #Telecom #Telecommunication #bot #AlienVault

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

The research outlines China-nexus threat actors targeting SentinelOne and other organizations between 2024 and 2025. It details intrusions into an IT services company managing SentinelOne's hardware logistics and reconnaissance of SentinelOne's servers. The attacks involved ShadowPad malware and a cluster of activities dubbed PurpleHaze, which included the use of GOREshell backdoors and exploitation of vulnerabilities. Over 70 organizations worldwide were compromised in a broad ShadowPad operation. The threat actors employed sophisticated techniques like operational relay box networks and custom obfuscation methods. The research emphasizes the persistent threat posed by Chinese cyberespionage to various sectors, including cybersecurity vendors.

Pulse ID: 6847eb4c4b4f501a31f255cd
Pulse Link: https://otx.alienvault.com/pulse/6847eb4c4b4f501a31f255cd
Pulse Author: AlienVault
Created: 2025-06-10 08:22:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #China #Chinese #CyberSecurity #Cyberespionage #Espionage #ICS #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RESHELL #SentinelOne #ShadowPad #bot #AlienVault

BladedFeline: Whispering in the dark

ESET researchers have uncovered a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has been targeting Kurdish and Iraqi government officials since at least 2017, using various malicious tools including reverse tunnels, backdoors, and a malicious IIS module. Key malware includes the Whisper backdoor, which communicates via compromised email accounts, and PrimeCache, a malicious IIS module with similarities to OilRig's RDAT backdoor. The campaign also targeted a telecommunications provider in Uzbekistan. BladedFeline's sophisticated tactics and tools indicate a focus on maintaining strategic access to high-ranking officials for espionage purposes.

Pulse ID: 6842cae058bebf5552345481
Pulse Link: https://otx.alienvault.com/pulse/6842cae058bebf5552345481
Pulse Author: AlienVault
Created: 2025-06-06 11:02:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Cyberespionage #ESET #Email #Espionage #Government #ICS #InfoSec #Iran #Malware #OTX #OilRig #OpenThreatExchange #RAT #Telecom #Telecommunication #bot #AlienVault

New today: @ESETresearch analyzed a #cyberespionage campaign conducted by BladedFeline, an Iran-aligned #APT group with likely ties to OilRig 🔎

https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/

🌐 Rising cyber tensions: APT groups linked to China are ramping up espionage targeting Taiwan and the U.S., warns a new report. Geopolitics is now a digital battlefield. #CyberEspionage 🕵️‍♂️ #GeopoliticalSecurity 🌍

https://go.theregister.com/feed/www.theregister.com/2025/06/05/china_taiwan_us_apt_report/