A sophisticated Chinese-aligned threat campaign has been observed delivering the PlugX Remote Access Trojan (RAT) through a clever abuse of legitimate G DATA antivirus components, according to new research from LAB52. The Attack Chain The infection begins with a spear-phishing email titled “Meeting Invitation” containing two links — one redirecting to Iceland’s Ministry of Foreign…
The Czech Republic has publicly attributed a sophisticated multi-year cyber intrusion to Chinese state-sponsored group APT31 (also known as Zirconium or Judgment Panda), marking one of the most significant national attribution cases in European cyber defense history. The Campaign From 2022 through May 2025, APT31 maintained persistent access to unclassified networks at the Czech Ministry…
A China-aligned threat actor known as UnsolicitedBooker has expanded its targeting to telecommunications companies in Kyrgyzstan and Tajikistan, deploying two sophisticated backdoors—LuciDoor and MarsSnake—in a series of espionage campaigns documented by Positive Technologies researchers. Campaign Overview UnsolicitedBooker, first documented by ESET in May 2025 after targeting Saudi Arabian organizations, has been active since at least…
Palo Alto Networks’ Unit 42 has uncovered an active exploitation campaign targeting BeyondTrust Remote Support and Privileged Remote Access appliances through CVE-2026-1731, a critical pre-authentication remote code execution vulnerability with a CVSS score of 9.9. The attacks have deployed sophisticated backdoors including VShell and SparkRAT across organizations in financial services, healthcare, legal, and high-tech sectors….
A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day vulnerability in Dell’s RecoverPoint for Virtual Machines (CVE-2026-22769) since at least mid-2024, according to new research from Google’s Threat Intelligence Group (GTIG) and Mandiant. The attackers deployed sophisticated backdoors and maintained persistent access inside targeted networks for over 18 months before discovery. 🎯…
Google has revealed it detected and blocked a sophisticated campaign involving more than 100,000 prompts designed to extract the proprietary reasoning capabilities of its Gemini AI model, according to the Google Threat Intelligence Group’s latest quarterly threat report. The Growing Threat of Model Extraction The coordinated attack represents what security researchers call model extraction or…
Singapore’s government has officially confirmed that a sophisticated Chinese cyber-espionage group breached all four of the nation’s largest telecommunications providers in a coordinated campaign that exploited zero-day vulnerabilities and deployed advanced persistence mechanisms. The Cyber Security Agency of Singapore (CSA) disclosed that UNC3886, a threat actor tracked by Google’s Mandiant security unit and linked to…
A massive, state-aligned cyber espionage campaign has quietly infiltrated government networks across 37 countries, targeting ministries of finance, law enforcement, and critical infrastructure. In a new report, Unit 42 exposes the operations of TGR-STA-1030 (also tracked as UNC6619), an Asia-based threat group that has compromised at least 70 organizations worldwide over the past year. The…
A new investigation from CyStack’s security team reveals how the threat group APT-Q-27, also known as GoldenEyeDog, is bypassing modern security defenses through an elaborate multi-stage attack chain that operates almost entirely in memory. The Attack Chain: From Support Ticket to Full Compromise The intrusion began with an unsuspecting customer support agent clicking a link…
Cisco Talos researchers have disclosed a sophisticated adversary-in-the-middle (AitM) framework dubbed “DKnife” that enables China-nexus threat actors to intercept, manipulate, and weaponize network traffic at the gateway level. The framework has been operational since at least 2019 and its command and control infrastructure remains active as of January 2026. Seven Linux Implants for Deep-Packet Inspection…
