Intelligence – MCYSEKA-Maritime Cyber Security Knowledge Archive

Amazon blocks APT29 campaign targeting Microsoft device code authentication

Amazon stopped a Russia-linked APT29 watering hole attack that hijacked Microsoft device code authentication via compromised sites. Amazon announced that it had disrupted an opportunistic watering hole campaign orchestrated by the Russia-linked cyber espionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes). Amazon experts labeled the attacks as an opportunistic watering hole campaign using compromised […]

August 31, 2025

0 comment

New zero-click exploit allegedly used to hack WhatsApp users

WhatsApp warns users targeted by advanced spyware, sending threat notifications to affected individuals from the past 90 days. A new zero-click exploit used to hack WhatsApp users, reported Donncha Ó Cearbhaill, Head of Security Lab at @AmnestyTech. WhatsApp has just sent out a round of threat notifications to individuals they believe were targeted by an […]

August 30, 2025

0 comment

Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure

Dutch intelligence reports Chinese cyber spies (Salt Typhoon, RedMike) targeted the Netherlands, hitting critical infrastructure. The Dutch intelligence and security services MIVD and AIVD say Chinese cyber spies linked to Salt Typhoon (RedMike) targeted the Netherlands in a campaign hitting global critical infrastructure. In late 2024, a large-scale Chinese cyberespionage campaign targeting global telecoms was […]

August 29, 2025

0 comment

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon, are targeting global telecom, government, transport, lodging, and military sectors. “The National Security Agency (NSA) and […]

August 28, 2025

0 comment

China linked Silk Typhoon targeted diplomats by hijacking web traffic

The China-linked APT group Silk Typhoon targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group Silk Typhoon targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an […]

August 27, 2025

0 comment

Spy Versus Spy: Iran’s Playbook for Espionage in Israel

OPINION — Israel’s intelligence penetration of Iran played out in dramatic form over the course of the 12-day war this summer, but Iran is running an aggressive recruitment and spying operation of its own targeting Israel. And while the two espionage …

August 26, 2025

0 comment

Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

APT36 uses Linux .desktop files in new attacks on Indian gov & defense, aiming for data theft and persistent espionage access. Transparent Tribe (aka APT36, Operation C-Major, and Mythic Leopard), a Pakistan-linked threat actor, is using Linux .desktop files to load malware in new attacks against government and defense entities in India. The APT group […]

August 25, 2025

0 comment

Android.Backdoor.916.origin malware targets Russian business executives

New Android spyware Android.Backdoor.916.origin is disguised as an antivirus linked to Russia’s intelligence agency FSB, and targets business executives. Doctor Web researchers observed a multifunctional backdoor Android.Backdoor.916.origin targeting Android devices belonging to representatives of Russian businesses. The malware executes attacker commands, enabling surveillance, keylogging, and theft of chats, browser data, and even live camera/audio streams. […]

August 25, 2025

0 comment

China-linked Silk Typhoon APT targets North America

China-linked Silk Typhoon APT group ramp up North America attacks, exploiting n-day and zero-day flaws for system access, CrowdStrike warns. China-linked Silk Typhoon APT group (aka Murky Panda) targets organizations in North America exploiting n-day and zero-day flaws for system access, CrowdStrike warns. This Chinese APT has one of the widest targeting scopes. In March, […]

August 23, 2025

0 comment

After SharePoint attacks, Microsoft stops sharing PoC exploit code with China

Microsoft halts PoC exploit sharing with Chinese firms after SharePoint zero-day leaks, giving only written bug details to curb future abuse. Microsoft has reportedly stopped giving Chinese firms proof-of-concept exploit code through its Microsoft Active Protections Program (MAPP) program after July’s mass exploitation of SharePoint flaws, believed linked to a leak of early bug disclosures. […]

August 22, 2025

0 comment

1 2 3 … 27