Security News

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. "APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009," researchers Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, and Michael Barnhart said.

Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "Complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force Army Private, and her husband, a 62-year-old self-employed laborer. They have been charged with one count each of preparing for an espionage offense, which carries a maximum penalty of 15 years' imprisonment.

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November...

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle...

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The...

The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is...

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Sophos released its report, "Operation Crimson Palace: Threat Hunting Unveils Multiple Clusters of Chinese State-Sponsored Activity Targeting Southeast Asia," which details a highly sophisticated, nearly two-year long espionage campaign against a high-level government target. During Sophos X-Ops' investigation, which began in 2023, the managed detection and response team found three distinct clusters of activity targeting the same organization, two of which included tactics, techniques and procedures that overlap with well-known, Chinese nation-state groups: BackdoorDiplomacy, APT15 and the APT41 subgroup Earth Longzhi.

Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace. According to a report from cybersecurity company Sophos, the campaign relied on new malware variants and three different activity clusters that indicate a coordinated attack.

An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace....