The National Security Agency is reportedly using Anthropic's Mythos model, raising questions abot embedded engineer roles, classified target approval, and Pentagon access.
#AI #Mythos #Anthropic #NSA #Cybersecurity #AISecurity #CyberThreats #Cyberattacks #Cyberespionage #Claude
FSB’s matryoshka #2/3 – Gamaredon’s gifts that keeps unpacking – GammaLoad
Gamaredon, an FSB-operated cyberespionage group, continues targeting Ukrainian government, military, and critical infrastructure through sophisticated multi-stage infection chains. This analysis examines GammaLoad, a collection of VBScript loaders that establish continuous access through three distinct stages. The malware leverages Dead Drop Resolvers on legitimate platforms including Telegram, Telegraph, and Check-Host to maintain persistent C2 communications while storing configurations in Windows registry keys. Each stage employs different techniques: the first fingerprints hosts and uses failover mechanisms, the second writes payloads to Alternate Data Streams and establishes persistence via scheduled tasks, and the third executes obfuscated PowerShell to deliver the final GammaSteel payload. This matryoshka architecture enables operators to deploy arbitrary payloads while remaining largely invisible by abusing trusted Windows features and cloud platforms.
Pulse ID: 6a2029a0dfb4183bb573e8b2
Pulse Link: https://otx.alienvault.com/pulse/6a2029a0dfb4183bb573e8b2
Pulse Author: AlienVault
Created: 2026-06-03 13:18:24
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cloud #CyberSecurity #Cyberespionage #Espionage #Gamaredon #Government #InfoSec #Malware #Military #OTX #OpenThreatExchange #PowerShell #RAT #Rust #SMS #Telegram #UK #Ukr #Ukrainian #VBS #Windows #bot #AlienVault
🟢 IntelligenceWarning | 8/10
🇨🇳 🇺🇸 🇬🇧
Five Eyes warns of Chinese military intelligence recruitment via LinkedIn
The Five Eyes intelligence partnership has issued a joint bulletin warning that Chinese military intelligence officers are posing as online recruiters on professional networking platforms including LinkedIn, Indeed and Upwork, targeting government employees.
#OSINT #NewsGroup #IntelligenceWarning #FiveEyes #China #CyberEspionage
📰 'Operation Dragon Weave': China-Linked Espionage Campaign Targets Taiwan and Czech Republic
🇨🇳 'Operation Dragon Weave,' a suspected China-linked espionage campaign, targets government & tech sectors in Taiwan & the Czech Republic using highly tailored spearphishing emails. #CyberEspionage #Phishing #ThreatIntel #China
🌐 cyber[.]netsecops[.]io
FSB’s matryoshka #1/3 – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm
Gamaredon, a cyberespionage group operated by Russia's FSB, conducts long-term intrusion operations targeting Ukrainian government, military, and critical infrastructure. This analysis documents their 2026 infection chain, which uses HTML smuggling with weaponized xHTML files delivering RAR archives that exploit CVE-2025-8088 to extract HTA files into Windows Startup directories. The chain deploys GammaPhish for initial access, GammaLoad for staging, GammaWorm for propagation via USB and network drives, and GammaSteal for exfiltration. The architecture is nearly fileless, leveraging NTFS Alternate Data Streams to conceal modules and using Dead Drop Resolvers on legitimate platforms like Telegram and Cloudflare for C2 infrastructure. Every stage functions as an independent backdoor capable of executing arbitrary VBScript, representing a shift from their historical Pteranodon framework to a modular ecosystem designed for persistent espionage.
Pulse ID: 6a1dde0927ce7587f79534ee
Pulse Link: https://otx.alienvault.com/pulse/6a1dde0927ce7587f79534ee
Pulse Author: AlienVault
Created: 2026-06-01 19:31:21
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Cloud #CyberSecurity #Cyberespionage #Espionage #Gamaredon #Government #HTML #InfoSec #Military #OTX #OpenThreatExchange #RAT #Russia #Telegram #UK #USB #Ukr #Ukrainian #VBS #Windows #Worm #bot #AlienVault
China-Aligned Hackers Target Czech Republic, Taiwan in Cyber Espionage Push
China-aligned hackers have launched a sneaky cyber espionage campaign, dubbed Operation Dragon Weave, targeting officials and citizens in the Czech Republic and Taiwan with a cunning malware that masquerades as a legitimate cloud storage service. The malware ultimately delivers an AdaptixC2 agent, putting…
#ChinaalignedHackers #CyberEspionage #OperationDragonWeave #AzureBlobStorage #Adaptixc2
Operation Dragon Weave: Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2
A sophisticated cyber-espionage campaign attributed to China-linked actors targets officials and citizens in Czech Republic and Taiwan through spearphishing attacks. The operation deploys malicious ZIP archives containing dual infection paths that ultimately deliver AZUREVEIL, an Adaptix C2 agent. The campaign uniquely leverages Microsoft Azure Blob Storage as a dead-drop command-and-control channel, bypassing traditional C2 infrastructure. A multi-stage infection chain employs RUSTCLOAK, a Rust-based loader implementing triple-layer encryption using modified RC4, Base64, and SM4-CBC algorithms. The final payload supports 36 post-exploitation commands including Beacon Object File execution in memory, file system manipulation, process control, network pivoting, and data exfiltration. Lure documents impersonate official communications from Taiwanese research institutions and Czech Social Security Administration, demonstrating targeted social engineering tailored to each region.
Pulse ID: 6a19acf8d896b3c89d4bab6f
Pulse Link: https://otx.alienvault.com/pulse/6a19acf8d896b3c89d4bab6f
Pulse Author: AlienVault
Created: 2026-05-29 15:12:56
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Azure #China #Cloud #CyberSecurity #Encryption #Espionage #InfoSec #Microsoft #OTX #OpenThreatExchange #Phishing #RAT #Rust #SocialEngineering #SpearPhishing #ZIP #bot #cyberespionage #AlienVault
📰 Chinese APTs Exploit Middle East Conflict for Cyber-Espionage in Maritime and Energy Sectors
ESET reports Chinese APT groups like FamousSparrow & SteppeDriver are exploiting Middle East tensions to spy on maritime, energy & gov't sectors. Campaigns align with Beijing's strategic goals. 🇨🇳 #APT #CyberEspionage #ThreatIntel
🌐 cyber[.]netsecops[.]io
📰 Iranian APT 'Screening Serpens' Intensifies Espionage with New RATs Targeting US, Israel, and UAE
🇮🇷 Iranian APT 'Screening Serpens' escalates cyber-espionage against US, Israel & UAE. New RATs 'MiniUpdate' & 'MiniJunk V2' deployed. Group using advanced AppDomainManager hijacking for persistence. #APT #CyberEspionage #Iran #ThreatIntel
🌐 cyber[.]netsecops[.]io
Winbuzzer
OTX Bot
Kraken
CyberNetsecIO
Analyst207
Politico.eu (Unofficial RSS)