Whispering in the dark

ESET researchers uncovered a cyberespionage campaign by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has targeted Kurdish and Iraqi government officials since at least 2017, using various malicious tools including the Whisper backdoor, PrimeCache IIS module, and reverse tunnels. BladedFeline maintains persistent access to high-ranking officials in both the Kurdistan Regional Government and Iraqi government, likely for espionage purposes. The group's toolset includes sophisticated backdoors, webshells, and custom tunneling applications. ESET assesses with medium confidence that BladedFeline is a subgroup of OilRig, based on shared code, targets, and tactics. The campaign also extended to a telecommunications provider in Uzbekistan.

Pulse ID: 684874c7cbe4dbef4d0ff749
Pulse Link: https://otx.alienvault.com/pulse/684874c7cbe4dbef4d0ff749
Pulse Author: AlienVault
Created: 2025-06-10 18:09:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

BladedFeline: Whispering in the dark

ESET researchers have uncovered a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has been targeting Kurdish and Iraqi government officials since at least 2017, using various malicious tools including reverse tunnels, backdoors, and a malicious IIS module. Key malware includes the Whisper backdoor, which communicates via compromised email accounts, and PrimeCache, a malicious IIS module with similarities to OilRig's RDAT backdoor. The campaign also targeted a telecommunications provider in Uzbekistan. BladedFeline's sophisticated tactics and tools indicate a focus on maintaining strategic access to high-ranking officials for espionage purposes.

Pulse ID: 6842cae058bebf5552345481
Pulse Link: https://otx.alienvault.com/pulse/6842cae058bebf5552345481
Pulse Author: AlienVault
Created: 2025-06-06 11:02:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

https://www.europesays.com/2137357/ Iran-aligned BladedFeline spies on Iraqi and Kurdish #BackdoorWhisper #Conflicts #CyberEspionage #ESET #Iran #IranAligned #llc #OilRig #OperationRoundpress #PrimeCache #ThreatActors

Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group https://www.helpnetsecurity.com/2025/05/27/microsoft-dutch-security-agencies-lift-veil-on-laundry-bear-void-blizzard-cyber-espionage-group/ #government-backedattacks #accounthijacking #cyberespionage #government #Don'tmiss #Microsoft #Hotstuff #phishing #News #NATO #EU

New Russia-affiliated actor Void Blizzard targets critical sectors for espionage

Void Blizzard, a newly identified Russia-affiliated threat actor, has been conducting global cyberespionage operations since April 2024. Their primary targets are organizations in critical sectors, particularly in NATO member states and Ukraine, including government, defense, transportation, media, NGOs, and healthcare. The group employs tactics such as using stolen credentials, likely obtained from commodity infostealer ecosystems, and recently evolved to include targeted spear phishing for credential theft. Despite using unsophisticated techniques, Void Blizzard has been effective in gaining access and collecting large volumes of emails and files from compromised organizations. Their activities pose a significant risk to NATO member states and allies of Ukraine.

Pulse ID: 6835955789329a0d9f2f521c
Pulse Link: https://otx.alienvault.com/pulse/6835955789329a0d9f2f521c
Pulse Author: AlienVault
Created: 2025-05-27 10:35:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations https://www.helpnetsecurity.com/2025/05/23/chinese-cyber-spies-are-using-ivanti-epmm-flaws-to-breach-eu-us-organizations/ #government-backedattacks #manufacturingsector #telecommunications #financialindustry #cyberespionage #EclecticIQ #government #healthcare #Don'tmiss #aerospace #Hotstuff #Ivanti #News #USA #Wiz #EU

Nation-state APTs ramp up attacks on Ukraine and the EU https://www.helpnetsecurity.com/2025/05/21/apt-groups-attacks-eu-ukraine/ #RussianFederation #cyberespionage #cybersecurity #NorthKorea #Ukraine #report #survey #China #News #ESET #EU

Russia-linked hackers target webmail servers in Ukraine-related espionage operation https://www.helpnetsecurity.com/2025/05/15/espionage-operation-roundpress-webmail-servers/ #RussianFederation #cyberespionage #emailsecurity #News #ESET #APT #XSS

North Korea's Cyber Espionage: A New Threat Landscape in Ukraine

As North Korea intensifies its cyber operations in Ukraine, the implications for cybersecurity are profound. The state-backed group Konni is leveraging sophisticated phishing tactics to gather intelli...

https://news.lavx.hu/article/north-korea-s-cyber-espionage-a-new-threat-landscape-in-ukraine

North Korea’s covert cyber strike in Ukraine isn’t just espionage—it’s a high-stakes play to realign military alliances and fund its ambitions. Curious how digital spying is reshaping global power?

https://thedefendopsdiaries.com/north-koreas-cyber-espionage-in-ukraine-strategic-motivations-and-global-implications/

#northkorea
#cyberespionage
#ukraine
#globalsecurity
#cybersecurity

Zero-Day Vulnerability in Output Messenger: A New Frontier for Cyber Espionage

A recently discovered zero-day vulnerability in Output Messenger has been exploited by a Türkiye-backed cyberespionage group, marking a significant shift in their operational tactics. This security fl...

https://news.lavx.hu/article/zero-day-vulnerability-in-output-messenger-a-new-frontier-for-cyber-espionage

Zero-Day Vulnerability in Output Messenger: A New Frontier for Cyber Espionage

A recently discovered zero-day vulnerability in Output Messenger has been exploited by a Türkiye-backed cyberespionage group, marking a significant shift in their operational tactics. This security fl...

https://news.lavx.hu/article/zero-day-vulnerability-in-output-messenger-a-new-frontier-for-cyber-espionage

Google scopre LostKeys: malware russo per lo spionaggio
#ClickFix #COLDRIVER #CyberEspionage #Cybercrime #FSB #Geopolitica #Google #LostKeys #Malware #Notizie #Russia #Sicurezza #Spionaggio #StateSponsoredHacking #TechNews #Tecnologia #ThreatIntelligence #VBS

https://www.ceotech.it/google-scopre-lostkeys-malware-russo-per-lo-spionaggio/

Unveiling LostKeys: The New Malware Threat from Russian Cyberspies

The emergence of the LostKeys malware marks a significant escalation in cyber-espionage tactics employed by the Russian state-backed ColdRiver group. As this sophisticated tool targets Western governm...

https://news.lavx.hu/article/unveiling-lostkeys-the-new-malware-threat-from-russian-cyberspies

Unveiling LostKeys: The New Malware Threat from Russian Cyberspies

The emergence of the LostKeys malware marks a significant escalation in cyber-espionage tactics employed by the Russian state-backed ColdRiver group. As this sophisticated tool targets Western governm...

https://news.lavx.hu/article/unveiling-lostkeys-the-new-malware-threat-from-russian-cyberspies

https://www.europesays.com/uk/84074/ Chinese cyber menace exceeds threat from Russia, Dutch spy chief warns – POLITICO #China #CyberDiplomacy #CyberEspionage #Cybersecurity #CybersecurityAndDataProtection #DonaldTrump #Elections #ElectionsInEurope #Intelligence #Russia #TheNetherlands #UnitedStates #VladimirPutin

https://www.europesays.com/uk/72614/ Notorious Russian hackers behind 2017 ‘Macron leaks,’ France says – POLITICO #CyberDiplomacy #CyberEspionage #DonaldTrump #Elections #EmmanuelMacron #EU #Europe #France #Hackers #HybridThreats #Intelligence #JeanNoelBarrot #Russia #Sanctions #StateBackedHacking #Ukraine #UnitedStates #VladimirPutin #WarInUkraine

https://www.europesays.com/uk/68243/ TikTok hit with €530M fine after illegally sending users’ data to China – POLITICO #BigData #Business #China #Communications #CyberEspionage #Data #Data/Privacy #DataBreaches #DataCenters #DataFlows #DataProtection #Espionage #EUU.S.PrivacyShield #Intelligence #Ireland #Malware #Privacy #UK #UnitedKingdom

Unmasking Salt Typhoon: The Cyber Espionage Threat to Telecommunications

The FBI is on a mission to identify the Salt Typhoon hackers, a Chinese cyber-espionage group responsible for significant breaches in the telecommunications sector. With a history of targeting global ...

https://news.lavx.hu/article/unmasking-salt-typhoon-the-cyber-espionage-threat-to-telecommunications