CyberSecurity news

FlagThis - #espionage

Jenna McLaughlin@NPR Topics: Technology //
A whistleblower at the US National Labor Relations Board (NLRB) has come forward with allegations of a significant cybersecurity breach involving the Department of Government Efficiency (DOGE), overseen by Elon Musk. According to the whistleblower, Daniel Berulis, DOGE operatives arrived at the agency in early March and were granted unrestricted access to internal systems, a move that deviated from standard operating procedures. The whistleblower claims that these DOGE employees ignored infosec rules and were instructed to hand over any requested accounts and stay out of DOGE’s way.

According to the affidavit submitted to the Senate Intelligence Committee, these actions led to a "significant cybersecurity breach" potentially exposing the agency's data to foreign adversaries. The whistleblower also alleges that during their activity, DOGE employees exfiltrated 10GB of data to servers in the US and disabled monitoring tools, raising concerns about potential data exposure. Berulis’s document points out that not even his CIO enjoyed the level of access given to DOGE unit operatives, and that the NLRB already had auditor accounts set up that provided enough privileges to check data without being able to edit, copy, or remove it.

The most alarming aspect of the allegations involves attempted access to the NLRB's systems from a Russian IP address using legitimate accounts created by DOGE staffers. These attempts were reportedly blocked, but the valid credentials used suggest a potential compromise. The NPR has reported that the data that DOGE moved could have included sensitive information on unions, ongoing legal cases and corporate secrets. Democratic lawmakers are calling for an investigation into the matter.

Recommended read:
References :
  • ciso2ciso.com: Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts – Source: www.csoonline.com
  • The Register - Security: Whistleblower describes DOGE IT dept rampage at America's labor watchdog
  • : Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts.
  • DataBreaches.Net: A whistleblower’s disclosure details how DOGE may have taken sensitive labor data
  • aboutdfir.com: A whistleblower’s disclosure details details how DOGE may have taken sensitive labor data In the first days of March, a team of advisers from President Trump’s new Department of Government Efficiency initiative arrived at the Southeast Washington, D.C., headquarters of the National Labor Relations Board.
  • Policy ? Ars Technica: Government IT whistleblower calls out DOGE, says he was threatened at home
  • NPR Topics: Technology: Someone using a Russian IP address attempted to access the internal systems of the US National Labor Relations Board (NLRB) using legitimate accounts set up by staff from Elon Musk's Department of Government Efficiency (DOGE), a whistleblower inside the agency has alleged.

@www.silentpush.com //
A sophisticated phishing campaign, suspected to be backed by Russian Intelligence Services, has been uncovered targeting individuals sympathetic to Ukraine, including Russian citizens and informants. The operation involves creating fake websites impersonating organizations such as the CIA, the Russian Volunteer Corps (RVC), Legion Liberty, and "Hochuzhit" ("I Want to Live"), an appeals hotline for Russian service members operated by Ukrainian intelligence. These deceptive sites aim to collect personal information from unsuspecting visitors, exploiting anti-war sentiment within Russia, where such activities are illegal and punishable by law.

Researchers at Silent Push discovered four distinct phishing clusters using tactics such as static HTML, JavaScript, and Google Forms to steal data. The threat actors are utilizing a bulletproof hosting provider, Nybula LLC, to host the fake websites, which are designed to mimic legitimate organizations. The goal is to gather intelligence and potentially identify dissidents within Russia. The campaign highlights the ongoing digital dimension of the Russia-Ukraine conflict and underscores the need for increased vigilance and improved digital hygiene among potential targets.

Recommended read:
References :
  • gbhackers.com: reports on the Russian attempts to steal Ukraine Defense Intelligence data
  • hackread.com: Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
  • www.silentpush.com: Russian Intelligence Service-backed Campaigns Impersonate the CIA to Target Ukraine Sympathizers, Russian Citizens and Informants
  • Cyber Security News: In a sophisticated cyber espionage campaign recently uncovered, Russian hackers have been impersonating the U.S. Central Intelligence Agency (CIA) and other organizations to harvest sensitive information from Ukrainian sympathizers and potential Russian defectors.
  • securityonline.info: Silent Push Threat Analysts uncover a multi-cluster phishing operation leveraging fake CIA and anti-Putin group websites to harvest
  • Vulnerable U: Russian Hackers Target Ukraine With Stealthy Malware Attack

Sergiu Gatlan@BleepingComputer //
Google has released a critical security update for its Chrome browser to address a high-severity zero-day vulnerability, identified as CVE-2025-2783. This vulnerability was actively exploited in a sophisticated espionage campaign targeting Russian organizations, specifically media companies, educational institutions, and government entities. According to Kaspersky, the vulnerability allowed attackers to bypass Chrome’s sandbox protections, gaining unauthorized access to affected systems without requiring further user interaction. This incident marks the first actively exploited Chrome zero-day since the start of the year, underscoring the persistent threat landscape faced by internet users.

Kaspersky's investigation, dubbed "Operation ForumTroll," revealed that the attacks were initiated through personalized phishing emails disguised as invitations to the "Primakov Readings" forum. Clicking the malicious link led victims to a compromised website that immediately exploited the zero-day vulnerability. The technical sophistication of the exploit chain points to a highly skilled Advanced Persistent Threat (APT) group. Google urges users to update their Chrome browsers immediately to version 134.0.6998.177/.178 for Windows to mitigate the risk.

Recommended read:
References :
  • cyberinsider.com: Google has released a security update for Chrome to address a high-severity zero-day vulnerability that was actively exploited in a sophisticated espionage campaign targeting Russian organizations.
  • thehackernews.com: Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
  • securityaffairs.com: Google fixed the first actively exploited Chrome zero-day since the start of the year
  • techcrunch.com: Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists
  • thecyberexpress.com: Google has rolled out a new security update for Chrome users, following the discovery of a vulnerability, CVE-2025-2783, affecting the Windows version of the browser.
  • The DefendOps Diaries: Google Chrome Vulnerability CVE-2025-2783: A Closer Look
  • Cybernews: Google has patched a dangerous zero-day vulnerability that has already been exploited by sophisticated threat actors in the wild
  • Zack Whittaker: New: Google has fixed a zero-day bug in Chrome that was being actively exploited as part of a hacking campaign. Kaspersky says the bug was exploited to target journalists and employees at educational institutions.
  • Kaspersky official blog: Kaspersky’s GReAT experts have discovered the Operation ForumTroll APT attack, which used a zero-day vulnerability in Google Chrome.
  • bsky.app: Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations.
  • Cyber Security News: Operation ForumTroll: APT Hackers Use Chrome Zero-Day to Evade Sandbox Protections.
  • www.bleepingcomputer.com: Google has released out-of-band fixes to address a high-severity security flaw in Chrome browser for Windows that has been actively exploited.
  • Help Net Security: Help Net Security: Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
  • securityonline.info: CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
  • MSSP feed for Latest: Google remediated the high-severity Chrome for Windows zero-day vulnerability.
  • The Register - Security: After Chrome patches zero-day used to target Russians, Firefox splats similar bug
  • thecyberexpress.com: CISA Issues Urgent Security Alerts: Critical Vulnerabilities in Schneider Electric, Chrome, and Sitecore
  • PCMag UK security: Details about Firefox also being affected by Chrome zero-day flaw
  • CyberInsider: Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks
  • iHLS: Google Patches Dangerous Zero-Day Flaw in Chrome
  • PCMag UK security: Time to Patch: Google Chrome Flaw Used to Spread Spyware
  • MSPoweruser: Google patches a Chrome zero-day vulnerability used in espionage
  • The Hacker News: Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
  • Blog: Mozilla has released updates to fix a critical security flaw in its Firefox browser for Windows. The vulnerability, designated CVE-2025-2857, stems from improper handling within the browser's inter-process communication (IPC) code, which could allow a compromised child process to gain elevated privileges by manipulating the parent process into returning a powerful handle, potentially leading to sandbox escape.
  • techcrunch.com: Mozilla patches Firefox bug ‘exploited in the wild,’ similar to bug attacking Chrome
  • securityaffairs.com: Google addressed a critical vulnerability, tracked as CVE-2025-2783, impacting its Chrome browser for Windows.
  • securityaffairs.com: U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
  • www.scworld.com: Mozilla Patches Firefox Bug Exploited in the Wild, Similar to Chrome Zero-Day
  • OODAloop: Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
  • bsky.app: Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.

Pierluigi Paganini@Security Affairs //
A Russian zero-day broker known as Operation Zero is offering up to $4 million for zero-day exploits targeting the Telegram messaging app. This broker exclusively sells vulnerabilities to Russian government and private organizations, suggesting a significant interest from these entities in exploiting Telegram's security flaws. The high bounty offered indicates the immense value of potential targets to these organizations and their willingness to invest heavily in acquiring such exploits.

Operation Zero has released multiple bounty tiers for security vulnerabilities targeting Telegram, with the price depending on the user interaction required. Remote code execution vulnerabilities needing one user interaction fetch $500,000, while a zero-click RCE vulnerability is valued at $1.5 million. A complete exploit chain capable of compromising the entire system may command up to $4 million. This highlights the potential for targeted attacks on individuals or user groups through the platform, given Telegram's user base of over a billion.

Recommended read:
References :
  • CyberInsider: Russian Zero-Day Firm Offers Record $4 Million for Telegram Exploits
  • infosec.exchange: NEW: A zero-day provider that exclusively sells to the Russian government is offering up to $4 million for flaws in Telegram. This announcement offers a glimpse into what the Russian government may be especially interested in, and willing to pay (even at a premium), right now. Sources in the industry tell me the prices offered are broadly right.
  • techcrunch.com: Russian zero-day seller is offering up to $4 million for Telegram exploits
  • securityaffairs.com: Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
  • securityonline.info: The Russian vulnerability broker, Operation Zero, is a company specializing in the acquisition and sale of security vulnerabilities—whether The post appeared first on .
  • Davey Winder: The Russian exploit brokerage firm, Operation Zero, is offering up to $4 million for zero-day vulnerabilities in Telegram. This signifies heightened state-sponsored interest in hacking Telegram.
  • hackread.com: A broker that only sells to Russian private and government organizations has just offered $4 million for a zero-day hack attack against the Telegram messenger app.

Mandvi@Cyber Security News //
The FishMonger APT, a Chinese cyber-espionage group with ties to the cybersecurity contractor I-SOON, has been implicated in a global espionage operation known as Operation FishMedley. This campaign, active in 2022, targeted a diverse range of entities, including governments, non-governmental organizations (NGOs), and think tanks across Asia, Europe, and the United States. These findings come as the US Department of Justice unsealed an indictment against I-SOON employees for their alleged involvement in espionage campaigns spanning from 2016 to 2023.

The attacks involved sophisticated malware implants such as ShadowPad, Spyder, and SodaMaster, tools frequently associated with China-aligned threat actors. These implants facilitated data theft, surveillance, and network penetration. One case revealed attackers used the Impacket tool to escalate privileges, execute commands, and extract sensitive authentication data from a US-based NGO. ESET's independent research confirms FishMonger is an espionage team operated by I-SOON, highlighting the ongoing threat posed by China-aligned APT groups to sensitive sectors worldwide.

Recommended read:
References :
  • Cyber Security News: Chinese FishMonger APT Linked to I-SOON Targets Governments and NGOs
  • Virus Bulletin: ESET's Matthieu Faou writes about Operation FishMedley, a global espionage operation by FishMonger, the China-aligned APT group run by I-SOON. In the victims list: governments, NGOs and think tanks across Asia, Europe and the United States.
  • : FishMonger APT Group Linked to I-SOON in Espionage Campaigns
  • gbhackers.com: GB Hackers: I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
  • Talkback Resources: Talkback: Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley [net] [rev] [mal]

Bill Mann@CyberInsider //
A critical unpatched zero-day vulnerability in Microsoft Windows is being actively exploited by 11 state-sponsored threat groups for espionage, data theft, and financially motivated campaigns since 2017. The flaw, tracked as ZDI-CAN-25373, involves the use of crafted Windows Shortcut (.LNK) files to execute hidden malicious commands. This allows attackers to gain unauthorized access to systems, steal sensitive data, and potentially conduct cyber espionage activities targeting governments, private entities, financial organizations, think tanks, telecommunication service providers, and military/defense agencies across multiple countries.

The attacks leverage hidden command line arguments within the malicious .LNK files, making detection difficult by padding the arguments with whitespace characters. Nearly 1,000 .LNK file artifacts exploiting the vulnerability have been found, and linked to APT groups from China, Iran, North Korea, and Russia. In these attacks, the .LNK files act as a delivery vehicle for malware families like Lumma Stealer, GuLoader, and Remcos RAT. Microsoft considers the issue a low severity user interface misrepresentation and does not plan to release a fix.

Recommended read:
References :
  • The Hacker News: An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.
  • ZDI: Published Advisories: ZDI-25-148: (0Day) Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability
  • The Register - Security: Microsoft isn't fixing 8-year-old shortcut exploit abused for spying
  • securityaffairs.com: State-Sponsored Actors and Cybercrime Gangs Abuse Malicious .lnk Files for Espionage and Data Theft
  • The DefendOps Diaries: Exploiting Windows Zero-Day Vulnerabilities: The Role of State-Sponsored Hacking Groups
  • BleepingComputer: New Windows zero-day exploited by 11 state hacking groups since 2017
  • CyberInsider: Microsoft Declines to Fix Actively Exploited Windows Zero-Day Vulnerability
  • socradar.io: Windows Shortcut Zero-Day (ZDI-CAN-25373) Exploited by State-Backed Threat Actors Since 2017: Overview of Key Details
  • Virus Bulletin: Trend Micro ZDI's Peter Girnus & Aliakbar Zahravi describe how researchers uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373, a Windows .lnk file vulnerability that enables hidden command execution.
  • Tech Monitor: A Windows shortcut vulnerability, identified as ZDI-CAN-25373, has been exploited in widespread cyber espionage campaigns.
  • www.ghacks.net: Windows has an 8-year-old security issue that is exploited and known by Microsoft for some time
  • www.cybersecuritydive.com: 11 nation-state groups exploit unpatched Microsoft zero-day
  • www.techradar.com: An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
  • Security Risk Advisors: APT Groups Exploit Unpatched Windows Shortcut Vulnerability for Espionage and Data Theft
  • hackread.com: 11 Nation-State Hackers Exploit Unpatched Windows Flaw Since 2017
  • : Windows Shortcut Flaw Exploited by 11 State-Sponsored Groups
  • securityonline.info: A recently uncovered vulnerability, ZDI-CAN-25373, identified by the Trend Zero Day Initiative (ZDI), is at the center of the
  • Blog: Microsoft reluctant to patch Windows zero-day exploited by nation-state hackers
  • Virus Bulletin: Trend Micro ZDI's Peter Girnus & Aliakbar Zahravi describe how researchers uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373, a Windows .lnk file vulnerability that enables hidden command execution.
  • Sam Bent: Windows Shortcut Zero-Day Used by Nation-States
  • www.trendmicro.com: ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns
  • Logpoint: Windows Shell Link Vulnerability ZDI-CAN-25373: Detecting Hidden Commands
  • SecureWorld News: Nation-State Hackers Exploit Windows Shortcut Zero-Day Vulnerability
  • Information Security Buzz: Windows Shortcut Zero-Day Under Active Attack
  • borncity.com: Windows shortcut exploit used by state hackers as a 0-day since 2017
  • Threats | CyberScoop: Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day
  • Help Net Security: APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)
  • aboutdfir.com: Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying
  • securityboulevard.com: Microsoft Won’t Fix This Bad Zero Day (Despite Wide Abuse)
  • aboutdfir.com: Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there’s no sign of a fix from Microsoft, which apparently considers this a low priority.

rohann@checkpoint.com@Check Point Blog //
References: Check Point Blog , bsky.app , bsky.app ...
Blind Eagle, one of Latin America's most dangerous cyber criminal groups, has been actively targeting Colombian institutions and government entities since November 2024. According to Check Point Research (CPR), this advanced persistent threat (APT) group, also tracked as APT-C-36, is using sophisticated techniques to bypass traditional security defenses. They leverage trusted platforms like Google Drive, Dropbox, GitHub, and Bitbucket to distribute their malicious payloads, and have recently been seen using a variant of an exploit for a now-patched Microsoft Windows flaw, CVE-2024-43451. This allows them to infect victims with a high rate of success.

CPR has uncovered that Blind Eagle incorporated this exploit a mere six days after Microsoft released the patch. They use malicious .URL files distributed via phishing emails, and victims are often unaware they are triggering the infection. The final payload is often the Remcos RAT, a remote access trojan that grants attackers complete control over infected systems, allowing for data theft, remote execution, and persistent access. In one campaign in December 2024, over 1,600 victims were affected, highlighting the group's efficiency and targeted approach.

Recommended read:
References :
  • Check Point Blog: The Growing Danger of Blind Eagle: One of Latin America’s Most Dangerous Cyber Criminal Groups Targets Colombia
  • bsky.app: Blind Eagle APT group has compromised over 1,600 victims inside Colombian institutions and government agencies. The campaign took place in November & December of last year and used an exploit similar to a zero-day exploited by Russian hackers in Ukraine.
  • The Hacker News: The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.
  • bsky.app: The Blind Eagle APT group has compromised over 1,600 victims inside Colombian institutions and government agencies. The campaign took place in November & December of last year and used an exploit similar to a zero-day exploited by Russian hackers in Ukraine.
  • gbhackers.com: Blind Eagle Hackers Exploit Google Drive, Dropbox & GitHub to Evade Security Measures
  • : Blind Eagle has been running campaigns targeting the Colombian government with malicious .url files and phishing attacks
  • Talkback Resources: Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
  • securityonline.info: Blind Eagle’s Rapid Adaptation: New Tactics Deployed Days After Patch
  • gbhackers.com: Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes

info@thehackernews.com (The@The Hacker News //
The APT group SideWinder is expanding its attacks, now targeting maritime, nuclear, and IT sectors across Asia, the Middle East, and Africa. Previously focused on government, military, and diplomatic institutions, the group has shifted its attention to maritime infrastructure, logistics companies, nuclear power plants, and energy facilities. The attacks, observed by Kaspersky, have spread across multiple countries including Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam.

Kaspersky experts have noted an increase in attacks on nuclear power plants and energy generation facilities with the attackers utilizing spear-phishing emails and malicious documents containing industry-specific terminology to gain trust. The group exploits an older Microsoft Office vulnerability (CVE-2017-11882) to bypass detection systems and access operational data, research projects, and personnel data. According to Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov, SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend persistence on compromised networks, and hide its presence on infected systems.

Recommended read:
References :
  • The Register - Security: Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift
  • The Hacker News: SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
  • www.it-daily.net: SideWinder now also attacks nuclear power plants
  • securityaffairs.com: SideWinder APT targets maritime and nuclear sectors with enhanced toolset
  • Rescana: Inside the Mind of Sidewinder: A Real-World Look at a Sophisticated Cyber Adversary

@World - CBSNews.com //
References: bsky.app , CyberInsider , bsky.app ...
The U.S. Justice Department has indicted 12 Chinese nationals for their alleged involvement in state-linked cyber operations. The individuals include employees of the Chinese technology firm i-Soon, members of the APT27 group (also known as Emissary Panda, TG-3390, Bronze Union, and Lucky Mouse), and two officers from China's Ministry of Public Security. These indictments shed light on the hacking tools and methods allegedly employed in a global hacking scandal. The Justice Department stated that the Ministry of State Security (MSS) and Ministry of Public Security (MPS) utilized an extensive network of private companies, including i-Soon, to conduct unauthorized computer intrusions in the U.S. and elsewhere.

The U.S. DoJ charges these individuals with data theft and suppressing dissent worldwide. i-Soon, identified as one of the private companies involved, allegedly provided tools and methods to customers and hacked for the PRC (People's Republic of China). These actions highlight a significant cybersecurity concern involving state-sponsored actors and their use of private firms to conduct cyber espionage.

Recommended read:
References :
  • bsky.app: US Justice Department has charged Chinese state security officers and APT27 and i-Soon Chinese hackers linked to network breaches and cyberattacks targeting victims worldwide since 2011.
  • CyberInsider: U.S. Charges 12 Chinese Nationals Over Decade-Long Cyber Espionage Campaign
  • The Cyber Express: The United States Department of Justice (DOJ) has taken action against a major cyber threat, opening indictments against 12 Chinese nationals, including two officers from China’s Ministry of Public Security (MPS) and several employees of the Chinese technology firm i-Soon.
  • bsky.app: USA accuses China's State of operating network of "hackers for hire". Accused 12 individuals, 2 officers of the PRC Ministry of Public Security (MPS), employees of a private company, Anxun Information Technology Co. Ltd, and members of APT27.
  • The Hacker News: U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
  • securityaffairs.com: US DOJ charges 12 Chinese nationals for state-linked cyber operations
  • The Register - Security: Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox US government agencies announced Wednesday criminal charges against alleged members of China's Silk Typhoon gang, plus internet domain seizures linked to a long-term Chinese espionage campaign that saw Beijing hire miscreants to compromise US government agencies and other major orgs.…
  • DataBreaches.Net: U.S. Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns
  • bsky.app: The US Justice Department has charged Chinese state security officers and APT27 and i-Soon Chinese hackers linked to network breaches and cyberattacks targeting victims worldwide since 2011.
  • cyble.com: U.S. Indictments Shed Light on i-Soon Hacking Tools, Methods
  • Metacurity: US indicts twelve prolific Chinese hackers, including eight i-Soon staffers
  • Carly Page: The Department of Justice has announced criminal charges against 12 Chinese government-linked hackers who are accused of hacking over 100 American organizations, including the U.S. Treasury, over the course of a decade
  • Threats | CyberScoop: US indicts 12 Chinese nationals for vast espionage attack spree
  • BleepingComputer: The U.S. Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011.
  • hackread.com: US Charges 12 in Chinese Hacker-for-Hire Network, Offers $10M Reward
  • Risky Business Media: US indicts the i-Soon and APT27 hackers, the BADBOX botnet gets disrupted again,authorities seize the Garantex crypto exchange, and the FBI arrests hackers who stole Taylor Swift concert tickets.
  • Security | TechRepublic: The article discusses the charges against Chinese hackers for their role in a global cyberespionage campaign.
  • techxplore.com: US indicts 12 Chinese nationals in hacking
  • : US Charges Members of Chinese Hacker-for-Hire Group i-Soon
  • Matthias Schulze: U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
  • WIRED: US Charges 12 Alleged Spies in China’s Freewheeling Hacker-for-Hire Ecosystem
  • Blog: FieldEffect blog post about U.S. indicts 12 Chinese nationals for cyber espionage.
  • blog.knowbe4.com: U.S. Justice Department Charges China’s Hackers-for-Hire Working IT Contractor i-Soon
  • Talkback Resources: The article details the indictment of 12 Chinese individuals for hacking activities.
  • Schneier on Security: The article discusses the indictment of Chinese hackers for their involvement in global hacking activities.