Tag: government targets

5 Attack Reports | 0 Vulnerabilities

Attack reports

Ink Dragon's Relay Network and Stealthy Offensive Operation

Check Point Research has identified a new wave of attacks by the Chinese threat actor Ink Dragon, targeting government entities in Europe, Southeast Asia, and South America. The actor builds a victim-based relay network using a custom ShadowPad IIS Listener module, turning compromised servers into …
espionage
shadowpad
government targets
chinese threat actor
finaldraft
iis exploitation
2025-12-16
relay network
stealthy operations
Published: December 16, 2025
Downloadable IOCs: 16

New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2

Kaspersky researchers uncovered new malicious operations by the Tomiris threat actor targeting foreign ministries, intergovernmental organizations, and government entities. The attacks, which began in early 2025, show a shift in tactics with increased use of implants leveraging public services like…
apt
discord
telegram
havoc
government targets
adaptixc2
2025-11-28
jlorat
tomiris powershell telegram backdoor
multi-language malware
tomiris c# reverseshell
tomiris c/c++ reverseshell
tomiris python telegram reverseshell
reverse shells
tomiris python discord reverseshell
tomiris c# telegram reverseshell
tomiris rust downloader
tomiris python filegrabber
distopia backdoor
tomiris go reversesocks
tomiris go reverseshell
tomiris rust reverseshell
tomiris c++ reversesocks
Published: November 28, 2025
Downloadable IOCs: 66

Cyber Espionage Operation Expanding from Central Asia

An active cyber-espionage campaign by UAC-0063 is targeting organizations in Central Asia and Europe, including government entities and diplomatic missions. The group exploits previously compromised victims by weaponizing exfiltrated documents to deliver HATVIBE malware. They use sophisticated tool…
government targets
cyber-espionage
central asia
hatvibe
2025-01-29
downexpyer
weaponized documents
pyplunderplug
logpie
Published: January 29, 2025
Downloadable IOCs: 0

New Star Blizzard spear-phishing campaign targets WhatsApp accounts

Star Blizzard, a Russian threat actor, has launched a new spear-phishing campaign targeting WhatsApp accounts. The campaign, observed in mid-November 2024, marks a shift in the actor's tactics. Targets include government officials, diplomats, and researchers focused on Russia-related topics. The at…
social engineering
whatsapp
credential theft
government targets
spear-phishing
2025-01-17
diplomacy targets
qr code
russian threat actor
Published: January 17, 2025
Downloadable IOCs: 2

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Between April and July 2024, Iranian state-sponsored threat actor Peach Sandstorm deployed a new custom multi-stage backdoor called Tickler. The malware targeted organizations in the satellite, communications equipment, oil and gas, and government sectors in the United States and UAE. Peach Sandsto…
backdoor
2024-08-30
azure abuse
password spray
satellite sector
government targets
tickler
linkedin intelligence gathering
tickler malware
iranian threat actor
Published: August 30, 2024
Downloadable IOCs: 9
Click here to see more Attack Reports