Nation-State Threats
12 articles RSS
Unit 42 Exposes Shadow Campaigns, a State-Aligned Espionage Operation That Breached 70 Government Organizations Across 37 Countries
Palo Alto Networks researchers reveal TGR-STA-1030, an Asia-based threat group that compromised law enforcement agencies, finance ministries, and telecoms across 37 countries while scanning government infrastructure in 155 nations.
Iran-Linked Handala Hackers Breach FBI Director Kash Patel's Personal Email as Retaliation Escalates Between Washington and Tehran
Pro-Iranian hacking group Handala published over 300 emails and personal photos from FBI Director Kash Patel's Gmail account, claiming retaliation after the DOJ seized four of the group's domains.
Suspected Chinese Hackers Breach FBI Wiretap Network Through Supply Chain Backdoor as FISA Reauthorization Debate Intensifies
U.S. investigators believe China-affiliated hackers penetrated the FBI's Digital Collection System Network, which manages FISA warrants and wiretap surveillance, by exploiting a commercial ISP vendor relationship.
FBI and CISA Warn Russian Intelligence Is Hijacking Signal and WhatsApp Accounts in Global Phishing Campaign
A joint FBI-CISA advisory says Russian-linked actors have compromised thousands of Signal and WhatsApp accounts belonging to government officials, military personnel, and journalists across multiple countries.
APT28 Weaponizes Microsoft Office Zero-Day Within 72 Hours, Deploying Steganographic Loaders and Cloud-Based C2 Across Six NATO-Adjacent Countries
Russia's APT28 exploited CVE-2026-21509, a Microsoft Office OLE bypass, within 72 hours of disclosure to hit military targets across six NATO-adjacent countries with steganographic loaders and cloud-based C2.
Iran-Linked Hackers Weaponize Microsoft Intune to Wipe 200,000 Stryker Devices in Retaliatory Cyberattack
Pro-Iran hacktivist group Handala hijacked Stryker's Microsoft Intune tenant to remotely wipe over 200,000 systems across 79 countries, crippling the medical device giant and threatening global hospital supply chains.
Government-Grade iPhone Exploit Kit 'Coruna' Proliferated from Spy Tool to Cryptocurrency Heist in Under a Year
Google and iVerify reveal Coruna, a 23-exploit iOS framework that moved from a surveillance vendor to Russian spies to Chinese cybercriminals in months.
Pakistan-Linked APT36 Deploys AI-Generated 'Vibeware' Against Indian Government in First Documented Nation-State Use of Vibe-Coded Malware
Bitdefender documents APT36 using LLMs to mass-produce malware in Nim, Zig, and Crystal at a daily cadence, flooding Indian government networks with disposable implants in a strategy researchers call 'Distributed Denial of Detection.'
Cloudflare's 2026 Threat Report: Attackers Swap Break-Ins for Log-Ins as AI and Credential Theft Redefine the Threat Landscape
Cloudflare's 2026 Threat Report documents a pivotal shift: attackers now log in rather than break in, using stolen session tokens and AI-assisted credential theft to bypass MFA, as DDoS volumes doubled and nation-state pre-positioning inside critical infrastructure intensifies.
Google Disrupts Decade-Long Chinese Cyberespionage Campaign That Hijacked Google Sheets to Spy on 53 Telecoms and Governments Across 42 Countries
Google and Mandiant exposed UNC2814, a China-nexus threat actor that used a novel backdoor called GRIDTIDE to abuse Google Sheets as command-and-control infrastructure, breaching telecoms and government agencies across three continents since at least 2017.
Chinese Hackers Exploited a Maximum-Severity Dell Zero-Day for Nearly Two Years Before Discovery
A hardcoded-credential flaw in Dell RecoverPoint rated CVSS 10.0 let Chinese spies deploy three malware families and hide inside VMware infrastructure since mid-2024.
CISA Orders Federal Agencies to Rip Out Unsupported Edge Devices as Nation-State Hackers Exploit Aging Firewalls and Routers
Binding Operational Directive 26-02 gives agencies 18 months to inventory and replace end-of-life firewalls, routers, and switches that advanced threat actors are actively exploiting.