📰 Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign
⚠️ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel
MuddyWater hackers exploit Chaos ransomware as cyber-espionage decoy
MuddyWater hackers have cleverly used Chaos ransomware as a decoy to mask their true intentions - and it's not about making a quick buck. Instead, their tactics suggest a more sinister goal, blurring the lines between state-sponsored espionage and cybercrime.
#Muddywater #Iran #Cyberespionage #Statesponsored #Ransomware
📰 China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits
🇨🇳 China-based APT 'Silver Fox' expands its campaign across Asia, using fake tax audit emails to target medical and financial firms. The group has evolved into a dual-purpose espionage & financial threat. 🦊 #APT #SilverFox #CyberEspionage
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
Pulse ID: 69f97a64033cedf372cf42a0
Pulse Link: https://otx.alienvault.com/pulse/69f97a64033cedf372cf42a0
Pulse Author: Tr1sa111
Created: 2026-05-05 05:04:36
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...
Pulse ID: 69f3a95eda9a5492f5d1b6f4
Pulse Link: https://otx.alienvault.com/pulse/69f3a95eda9a5492f5d1b6f4
Pulse Author: AlienVault
Created: 2026-04-30 19:11:26
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #China #CredentialHarvesting #CyberSecurity #Cyberespionage #Espionage #Government #InfoSec #Microsoft #NATO #OTX #OpenThreatExchange #Proxy #RAT #ShadowPad #SideLoading #bot #AlienVault
📰 China-Based Silver Fox APT Expands Espionage Campaign Across Asia with Fake Tax Audits
🇨🇳 China-based APT 'Silver Fox' expands its campaign across Asia, using fake tax audit emails to target medical and financial firms. The group has evolved into a dual-purpose espionage & financial threat. 🦊 #APT #SilverFox #CyberEspionage
Alleged #SilkTyphoon hacker extradited to US for #cyberespionage
HAFNIUM-linked suspect faces U.S. indictment.
• 12,700+ orgs impacted
• Exchange exploits at scale
• Research institutions targeted
Your take?
CyberNetsecIO
Politico.eu (Unofficial RSS)
Analyst207
OTX Bot
The New Oil
TechNadu