Cyber espionage stories

Google’s threat team warns that hackers are now using AI to create self-modifying malware and evade defences.

Curly COMrades exploit Microsoft Hyper-V to run hidden malware inside lightweight VMs, evading detection and maintaining stealthy control over targets.

Google warns of a surge in cyber espionage targeting Asia-Pacific summits in 2026, alongside rising scams using false base stations and tighter supply chain cybersecurity rules.

European organisations faced a sharp 2024 rise in ransomware and state-backed cyberattacks, with 22% of global victims, says CrowdStrike's latest report.

Rapid7 warns AI and quantum computing will escalate cyber threats, urging firms to adopt advanced defences and post-quantum cryptography amid rising hybrid attacks.

Over half of cyberattacks last year were driven by extortion or ransomware, with criminals focusing on financial gain rather than espionage, Microsoft reveals.

New Zealand’s intelligence chief warns rising foreign cyber espionage demands businesses strengthen security to protect innovation and national interests.

A North Korean group has used blockchain-based EtherHiding to secretly deploy malware, targeting developers in tech and cryptocurrency sectors worldwide.

Australia ranks tenth globally for cyberattack frequency, with AI fueling a rise in ransomware and extortion, Microsoft reports in its 2025 Digital Defence Review.

Phantom Taurus, a new Chinese state-backed group, targets governments and telecoms in Africa, the Middle East, and Asia with advanced espionage tools and tactics.

AI-driven cyber threats in Australia have doubled, with human error and outdated systems leaving critical infrastructure vulnerable to attacks in 2025.

A Chinese cyber group has targeted US government and policy organisations with spearphishing attacks amid trade talks, using advanced tactics to gain persistent access.

Chinese-linked EggStreme malware targets Philippine military firm, signalling rising espionage efforts in Asia-Pacific by advanced threat groups.

Salesloft breach exposed sensitive data of 700+ firms, including Cloudflare and Palo Alto Networks, after hackers exploited OAuth tokens via a prolonged GitHub intrusion.

Lazarus subgroup deploys three remote access trojans, including PondRAT and ThemeForestRAT, to target financial and cryptocurrency organisations with advanced cyberattacks.

State-sponsored hackers have stolen OAuth2 tokens from Salesforce integrations, compromising hundreds of organisations and exposing risks in SaaS connectivity.

Recent cyberattacks on infrastructure and healthcare reveal a new digital battleground, prompting global efforts to strengthen cyber resilience and defence.

New Zealand faces mounting cyber threats from state-backed digital guerrilla warfare, urging urgent government action to safeguard critical infrastructure and national security.

Nation-state cyberattacks increasingly target vital infrastructure sectors, exposing weaknesses and urging urgent improvements in cybersecurity resilience.

Proofpoint uncovers significant overlap between cybercrime groups TA829 and UNK_GreenSec, blending Russian espionage with ransomware attacks globally.