Netcrook
#Cyber Espionage
Belarus-Linked Spyware Returns to the Ukrainian Front Line
A renewed espionage wave attributed to FrostyNeighbor shows how a long-running threat actor can stay relevant by changing tactics while keeping the same target set in sight.
Phishing, Archive Tricks, and a Familiar Espionage Name Return to the Ukrainian Front
A reported Gamaredon campaign shows how email lures, downloader chains, and a WinRAR traversal flaw can combine into a low-noise intrusion path that is hard to spot early.
Cloud Storage Turned Quiet Courier in a Malaysian Espionage Trail
A cloud-based intrusion path linked to Malaysian networks shows how ordinary storage and compute services can be repurposed into a discreet exfiltration channel.
Trust as a Trap: The Fake Apple and Yahoo Trail Behind a China-Linked Espionage Cluster
Impersonation pages are only the visible layer; the real risk is a staged intrusion chain built to blend into ordinary web trust.
When Aid Forms Become Malware Traps: The Trust Game Behind Operation HumanitarianBait
A campaign using fake humanitarian documents, GitHub-hosted payloads, and Python spyware shows how ordinary trust cues can be turned into an access path.
The Quiet Theft Behind Aviation’s Map Files
An espionage campaign aimed at aerospace and drone operators shows why GIS layers, terrain models, and GPS data can be worth more than the aircraft they support.
Silent Intruders: Inside UAT-8302’s Global Government Cyber Siege
A China-linked threat group’s custom malware arsenal is quietly breaching government networks across continents.
Smoke and Mirrors: How Iranian State Hackers Are Disguising Espionage as Ransomware Attacks
Evidence mounts that Iran’s MuddyWater group is using Chaos ransomware to mask government-backed spying operations.
Firewall Breach: State-Backed Hackers Exploit Palo Alto Networks Flaw for Root Access and Stealth Espionage
A critical PAN-OS vulnerability is under active exploitation, granting attackers root-level control and access to sensitive organizational data.
Espionage in Disguise: MuddyWater Masquerades as Chaos Ransomware in Sophisticated Cyber Attack
Iranian state hackers use ransomware as a smokescreen, blurring the lines between espionage and cybercrime.
“Ransomware as Ruse”: Iranian Hackers Exploit Microsoft Teams in Sophisticated Credential Heist
MuddyWater’s latest attack blurs the line between state espionage and cybercrime, using fake ransomware tactics to mask covert data theft.
Behind Enemy Code: Iranian Cyber Spies Expose Themselves in Omani Government Hack
A careless misstep by Iranian-linked hackers reveals a sweeping campaign to steal sensitive data from Oman’s ministries—and their entire hacking playbook.
Phantom Ransom: Iranian Hackers Cloak Espionage in Fake Chaos Attack
MuddyWater APT group shrouds cyber-espionage with a convincing ransomware smokescreen, leaving organizations scrambling to uncover the real threat.
Spy Games in the Gulf: Iranian Hackers Breach Oman’s Government in Bold Data Heist
Investigators uncover a sweeping cyber-espionage campaign targeting Oman’s ministries, exposing sensitive data and revealing a shadowy Iranian connection.
Game of Shadows: North Korean Hackers Infiltrate Yanbian Gaming Platform With Stealthy Backdoors
A notorious North Korean cyber-espionage group has weaponized a popular gaming platform, targeting ethnic Koreans in China with advanced Windows and Android surveillance tools.
Old Wounds, New Shadows: How SHADOW-EARTH-053 Hijacks Unpatched Exchange Servers for Espionage
A China-linked cyber group leverages long-known Microsoft Exchange flaws to deploy advanced malware and infiltrate high-value targets across Asia—and beyond.
Espionage in the Shadows: How Shadow-Earth-053 Hijacks Asia’s Digital Nerve Centers
A China-aligned cyber threat group exploits old Exchange and IIS flaws to infiltrate governments, defense contractors, and more across Asia—and beyond.