JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

APT

China-linked APT Curious Gorge targeted Russian govt agencies

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge, is targeting Russian government agencies. The Google TAG team published a report focused on cybersecurity […]

China-linked APT Salt Typhoon

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns.

Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge, is targeting Russian government agencies.

The Google TAG team published a report focused on cybersecurity activity in Eastern Europe. The experts warn that a growing number of threat actors are using the war as a lure in their attacks. The researchers also observed threat actors increasingly targeting organizations in the critical infrastructure.

Curious Gorge, a group TAG attributes to China’s PLA SSF, has remained active against government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia. In Russia, long running campaigns against multiple government organizations have continued, including the Ministry of Foreign Affairs.” wrote Google TAG Security Engineer Billy Leonard. “Over the past week, TAG identified additional compromises impacting multiple Russian defense contractors and manufacturers and a Russian logistics company.”

Google TAG also observed Russia-linked APT28 (aka Fancy Bear) cyberespionage group targeting users in Ukraine with a new variant of a .Net malware distributed via email attachments inside of password protected zip files (ua_report.zip). The malware is able to steal cookies and saved passwords from Chrome, Edge and Firefox browsers.

The experts also monitored spear-phishing attacks conducted by Russia-linked Turla APT aimed at defense and cybersecurity organizations in the Baltics.

Russia continues to be one of the most active states, the experts also spotted Coldriver (aka Callisto) using Gmail accounts to deliver phishing emails targeting government and defense officials, NGOs, think tanks, and journalists.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, China)

[adrotate banner=”5″]

[adrotate banner=”13″]