OTX Bot16m ago

Targeted espionage against Cambodian government entities

Pulse ID: 6a2b8b9a68544ae5ecf23a53
Pulse Link: https://otx.alienvault.com/pulse/6a2b8b9a68544ae5ecf23a53
Pulse Author: Tr1sa111
Created: 2026-06-12 04:31:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cambodia #CyberSecurity #Espionage #Government #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot16m ago

From external espionage to domestic targeting

Pulse ID: 6a2b8ba2d2884fd446cd1164
Pulse Link: https://otx.alienvault.com/pulse/6a2b8ba2d2884fd446cd1164
Pulse Author: Tr1sa111
Created: 2026-06-12 04:31:30

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Espionage #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
This Grandpa Blogs7h ago
MI6 gave one historian full access to 40 years of classified files. Nobody outside the agency had ever seen them before.
#books #bookreview #MI6 #espionage
https://grandpasbookreviews.blogspot.com/2026/05/secret-history-of-mi6.html
Secret History of MI6: How Britain Built Its Spy Agency From Scratch

The Secret History of MI6 by Keith Jeffery covers 1909–1949 using classified files. A dense but rewarding look at how British intelligence was built.

This Grandpa Blogs7h ago
How does a loud, hard-drinking diplomat hide as a Soviet spy for years? Class loyalty beat common sense.
#books #bookreview #GuyBurgess #espionage
https://grandpasbookreviews.blogspot.com/2026/05/cambridge-spy-ring.html
Cambridge Spy Ring: How Guy Burgess Fooled Britain and Served Moscow

Stalin's Englishman tells the true story of Guy Burgess and the Cambridge Spy Ring — charm, class, and Cold War betrayal.

knoppix8h ago

Russia-aligned groups are still exploiting a patched WinRAR flaw (CVE-2025-8088) to target Ukrainian organisations with stealer malware and espionage toolchains. 🔐
The attacks use crafted archives and persistence tricks, showing how delayed patching keeps known entry points open. 🧩

🔗 https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html

#TechNews #Cybersecurity #WinRAR #RAR #ZIP #Ukraine #Russia #Ukrainian #Russianinvasion #CVE2025 #CVE #Malware #Infostealer #Espionage #Hacking #ThreatIntel #Security #Infosec #APT #Patch

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Russia-aligned hackers are still exploiting WinRAR CVE-2025-8088 against Ukrainian organizations nearly a year after patches shipped.

The Hacker News
AA10h ago

New.

"The RAT abuses the Google Sheets API as its command-and-control (C2) channelauthenticating via an embedded GCP service account private key and using individual spreadsheet tabs per victim for bidirectional communication."

Securonix: Analyzing SHEET#CREEP: SHEETCREEP is up again with different config obfuscation https://www.securonix.com/blog/sheetcreep-evolved-google-sheets-rat/ #espionage #infosec #threatresearch #Google

SHEET#CREEP Espionage Return

Securonix Threat Research: Securonix analyzes SHEET#CREEP, a stealthy RAT that uses Google Sheets as a command-and-control channel, enabling persistent access, espionage, and cloud-based evasion.

Securonix
AA12h ago

New.

ESET: OceanLotus: From external espionage to domestic targeting https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/ @ESETresearch

More:

The Hacker News: OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html @thehackernews #infosec #espionage #cyberattack

OceanLotus: From external espionage to domestic targeting

ESET researchers show how OceanLotus, a Vietnam-aligned APT group, has put an increasing focus on domestic espionage between 2024 and 2026.

OTX Bot13h ago

Targeted espionage against Cambodian government entities

Acronis Threat Research Unit identified two espionage campaigns targeting Cambodian government entities in defense and public works sectors, attributed to a cluster tracked as Khmer Shadow. Both campaigns delivered a custom C++ loader named NIGHTFORGE through government-themed lures in self-extracting archives. NIGHTFORGE employs sophisticated evasion techniques including NTDLL unhooking and Hell's Gate syscall resolution to decrypt and execute a Havoc Demon payload in memory. The loader utilizes DLL sideloading through a legitimate VMware-signed binary (VMwareNamespaceCmd.exe) and establishes persistence via COM-based scheduled tasks. Despite advanced technical capabilities, the actor demonstrated poor operational security by reusing identical payloads and infrastructure across targets. The campaigns targeted Cambodia's Information Collection Bureau and Ministry of Public Works and Transport using meeting-themed social engineering lures.

Pulse ID: 6a2aa0fe417d1a6f2b89eec1
Pulse Link: https://otx.alienvault.com/pulse/6a2aa0fe417d1a6f2b89eec1
Pulse Author: AlienVault
Created: 2026-06-11 11:50:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cambodia #CyberSecurity #ELF #Espionage #Government #InfoSec #OTX #OpenThreatExchange #RAT #SideLoading #SocialEngineering #VMware #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot14h ago

From external espionage to domestic targeting

Analysis of OceanLotus activities from 2024-2026 reveals a strategic shift toward domestic espionage within Vietnam. The Vietnam-aligned APT group conducted two distinct campaigns using the SPECTRALVIPER backdoor: a supply-chain attack compromising FireAnt Metakit stock trading platform from October 2025 to March 2026, and a prolonged intrusion into a Vietnamese infrastructure and transport construction corporation from mid-2024 through January 2026. The FireAnt compromise exploited the platform's insecure update mechanism, targeting stock investors with selective deployment. This operational pivot coincides with Vietnam's Blazing Furnace anti-corruption campaign, suggesting possible alignment with domestic investigative efforts against financial crime. The group continues demonstrating sophisticated tactics despite public exposure of its front company in 2020, maintaining technical innovation in tooling and infrastructure.

Pulse ID: 6a2ac312c98386d398eab284
Pulse Link: https://otx.alienvault.com/pulse/6a2ac312c98386d398eab284
Pulse Author: AlienVault
Created: 2026-06-11 14:15:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Espionage #ICS #InfoSec #OTX #OpenThreatExchange #RAT #Vietnam #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Wesearch.press15h ago

Chinese agents revive Volt Typhoon APT botnet, target US infrastructure and use AI to sway public opinion on datacenter electricity costs #cybersecurity #espionage

https://wesearch.press/s/chinese-agents-caught-rebuilding-botnets-and-stirring-the-po-e6b4a4a2?utm_source=social&utm_medium=auto&utm_campaign=mastodon