Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Espionage

Below you will find reports with the tag of “Espionage”

image from Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests.

(more available)
Added: November 15, 2018
image from FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY

FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands. FireEye shared the details of the vulnerability with Microsoft and has been coordinating public disclosure timed with the release of a patch to address the vulnerability and security guidance, which can be found here.

(more available)
Added: November 15, 2018
image from Carbon Paper: Peering into Turla's second stage backdoor

Carbon Paper: Peering into Turla's second stage backdoor

“The Turla espionage group has been targeting various institutions for many years. Recently, we found several new versions of Carbon, a second stage backdoor in the Turla group arsenal. Last year, a technical analysis of this component was made by Swiss GovCERT.ch as part of their report detailing the attack that a defense firm owned by the Swiss government, RUAG, suffered in the past. This blog post highlights the technical innovations that we found in the latest versions of Carbon we have discovered.”

(more available)
Added: November 15, 2018
image from Uri Terror attack & Kashmir Protest Themed spear phishing emails targeting Indian Embassies and Indian Ministry of external affairs

Uri Terror attack & Kashmir Protest Themed spear phishing emails targeting Indian Embassies and Indian Ministry of external affairs

“In my previous blog I posted details of a cyber attack targeting Indian government organizations. This blog post describes another attack campaign where attackers used the Uri terror attack and Kashmir protest themed spear phishing emails to target officials in the Indian Embassies and Indian Ministry of External Affairs (MEA). In order to infect the victims, the attackers distributed spear-phishing emails containing malicious word document which dropped a malware capable of spying on infected systems. The email purported to have been sent from legitimate email ids. The attackers spoofed the email ids associated with Indian Ministry of Home Affairs to send out email to the victims. Attackers also used the name of the top-ranking official associated with Minister of Home affairs in the signature of the email, this is to make it look like the email was sent by a high-ranking Government official associated with Ministry of Home Affairs (MHA).”

(more available)
Added: November 15, 2018
image from Cyber Attack Targeting Indian Navy’s Submarine and Warship Manufacturer

Cyber Attack Targeting Indian Navy’s Submarine and Warship Manufacturer

“In my previous blog posts I described attack campaigns targeting Indian government organizations, and Indian Embassies and Ministry of External affairs. In this blog post I describe a new attack campaign where cyber espionage group targeted the users of Mazagon Dock Shipbuilders Limited (also called as ship builder to the nation). Mazagon Dock Shipbuilders Limited (MDL) is a Public Sector Undertaking of Government of India (Ministry of Defence) and it specializes in manufacturing warships and submarines for the Indian Navy.”

(more available)
Added: November 15, 2018
image from Cyber Attack Impersonating Identity of Indian Think Tank to Target Central Bureau of Investigation (CBI) and Possibly Indian Army Officials

Cyber Attack Impersonating Identity of Indian Think Tank to Target Central Bureau of Investigation (CBI) and Possibly Indian Army Officials

“In my previous blog posts I posted details of cyber attacks targeting Indian Ministry of External Affairs and Indian Navy’s Warship and Submarine Manufacturer. This blog post describes another attack campaign where attackers impersonated identity of Indian think tank IDSA (Institute for Defence Studies and Analyses) and sent out spear-phishing emails to target officials of the Central Bureau of Investigation (CBI) and possibly the officials of Indian Army.”

(more available)
Added: November 15, 2018
image from A Large Scale Cyber Espionage APT in Asia

A Large Scale Cyber Espionage APT in Asia

The investigation of a massive cyber espionage APT (Advanced Persistent Threat) became a game of one-upmanship between attackers and defenders. Dubbed Operation Cobalt Kitty, the APT targeted a global corporation based in Asia with the goal of stealing proprietary business information. The threat actor targeted the company’s top-level management by using sophisticated spear-phishing attacks as the initial penetration vector, ultimately compromising the computers of vice presidents, senior directors and other key personnel in the operational departments. During Operation Cobalt Kitty, the attackers compromised more than 40 PCs and servers, including the domain controller, file servers, Web application server and database server.

(more available)
Added: November 15, 2018
image from Operation Cobalt Kitty

Operation Cobalt Kitty

This report offers a threat actor profile and indicators of compromise around the OceanLotusGroup actor.

Added: November 15, 2018
image from Operation Wilted Tulip

Operation Wilted Tulip

CopyKittens is a cyberespionage group that has been operating since at least 2013. In November 2015, ClearSky and Minerva Labs published1 the first public report exposing its activity. In March 2017, ClearSky published a second report2 exposing further incidents, some of which impacted the German Bundestag. In this report, Trend Micro and ClearSky expose a vast espionage apparatus spanning the entire time the group has been active. It includes recent incidents as well as older ones that have not been publicly reported; new malware; exploitation, delivery and command and control infrastructure; and the group’s modus operandi. We dubbed this activity Operation Wilted Tulip

(more available)
Added: November 15, 2018
image from Charming Kitten

Charming Kitten

Iranian cyber espionage against human rights activists, academic researchers and media outlets -and the HBO hacker connection

Added: November 15, 2018
image from Tainted Leaks Disinformation and Phishing With a Russian Nexus

Tainted Leaks Disinformation and Phishing With a Russian Nexus

This report describes an extensive Russia-linked phishing and disinformation campaign. It provides evidence of how documents stolen from a prominent journalist and critic of Russia was tampered with and then “leaked” to achieve specific propaganda aims. We name this technique “tainted leaks.” The report illustrates how the twin strategies of phishing and tainted leaks are sometimes used in combination to infiltrate civil society targets, and to seed mistrust and disinformation. It also illustrates how domestic considerations, specifically concerns about regime security, can motivate espionage operations, particularly those targeting civil society.

(more available)
Added: November 15, 2018
image from Dissecting the APT28 Mac OS X Payload

Dissecting the APT28 Mac OS X Payload

This report analyzes the Mac specific malware from APT28 named Trojan.MAC.APT28

Added: November 12, 2018
image from 2016 Data Breach Investigations Report

2016 Data Breach Investigations Report

Verizon’s annual report on data breaches in 2016

Added: October 25, 2018
image from Cyber Threats To International Organizations And Non-Profits

Cyber Threats To International Organizations And Non-Profits

Gain insights into the nature and rationales of cyber threats international organizations and nonprofits face.

Added: October 25, 2018
image from Threat Intelligence: Cyberattacks And The Utility Industry

Threat Intelligence: Cyberattacks And The Utility Industry

This report takes a look at how cyberattacks impact the utility industry.

Added: October 25, 2018
image from Cyber Espionage Is Alive And Well APT32

Cyber Espionage Is Alive And Well APT32

This blog post discusses APT32 and it’s targetting of global corporations for destruction.

Added: October 24, 2018
image from 2015 Global Threat Report

2015 Global Threat Report

This year’s CrowdStrike Intelligence Global Threat Report contains a wealth of intelligence regarding adversary behavior, capabilities, and intentions. More importantly, it ties it back to the events that influenced those activities. By understanding the events that shape the beliefs and motivations of threat actors—regardless if they are criminal, nation-state, or hacktivist—it is possible to comprehend what drove the adversaries to behave as they did, and perhaps to understand what this will mean for the future.

(more available)
Added: October 23, 2018
image from Cyber Threatscape Report 2018

Cyber Threatscape Report 2018

This report provides detailed information about Iranian Threat, Extended Supply Chain Threats, Critical Infrastructure, Advanced Persistent Threats, Miner Malware, and Ransomware.

(more available)
Added: October 23, 2018
image from China Country Profile 2017

China Country Profile 2017

This paper gives a profile of China.

Added: October 22, 2018
image from Insights Into Iranian Cyber Espionage APT33

Insights Into Iranian Cyber Espionage APT33

This blog post provides great discussion and insight into an APT operating out of Iran that is specifically targeting the Aerospace and Defense Industries.

(more available)
Added: October 22, 2018
image from Regional Advanced Threat Report: Asia Pacific H1 2015

Regional Advanced Threat Report: Asia Pacific H1 2015

This report discusses trends in the cyber security environment in Asia Pacific from January to June 2015.

Added: October 22, 2018
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • »
  • »»
© Cyentia Institute 2025
Library updated: June 21, 2025 12:08 UTC (build b1d7be4)