X-Industry

Recorded Future’s Insikt Group identified a suspected cyber-espionage campaign by TAG-100, targeting global government and private sector organizations.  TAG-100 exploited internet-facing devices and used open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic and trade entities.

• TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmenta

A new information stealer named ExelaStealer has become the latest one to become available to the hacker audience.  There are many choices available for off-the-shelf malware designed to capture sensitive data from compromised Windows systems.  ExelaStealer is a largely open-source infostealer with paid customizations available from the threat actor creator.

Written in Python and incorporating support for JavaScript, it comes fitted with capabilities to siphon passwords, Discord tokens, credit c

Recently, British authorities have arrested a man who reportedly spied for China in their government offices in London, resulting in new fears on how Beijing gathers intelligence today.  The incident follows allegations earlier this year that China flew a surveillance balloon over the United States, causing diplomatic problems.  And the USA failed to shoot down the rogue balloon until it had completely covered the country unmolested.

Here are some of the ways China has worked to spy on the weste

Since 2015, the PRC has passed or updated comprehensive national security, cybersecurity, and data privacy laws and regulations, expanding Beijing’s oversight of domestic and foreign (including US) companies operating within China.  Beijing views inadequate government control of information within China and its outbound flow as a national security risk.  These laws provide the PRC government with expanded legal grounds for accessing and controlling data held by US firms in China.  US companies a

The US military forces used to actively recruit candidates who were avid gamers, due to their expertise in on-line problem solving and keyboard skills.  Now, on-line gaming forums have become a particular worry of the military because of their lure for young service members.  In many US military base recreation halls you will see it; young troops immersed in the world of online games, using government-funded gaming machines or their own consoles.[1]

The enthusiasm military personnel have for gam

LinkedIn has become a popular destination for threat actors trying to communicate with people for a variety of purposes, such as distributing malware, cyberespionage, credential stealing, financial fraud, etc.  One common approach to using LinkedIn by cyber criminals is to approach people using fake profile claiming to be a recruiter working at technology, defense, or media companies.  The North Korean-sponsored group Lazarus often engaged in these kinds of activities in order to propagate malwa