Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Information Compromised. Show all posts
Information Compromised
Critical Infrastructure critical infrastructure cybersecurity Cyber Breaches cyber espionage Cyber Security Information Compromised

Shadow Campaigns Expose 37 Nations to State-Linked Cyber Espionage Operations

 

A state-backed cyber espionage effort known as the “Shadow Campaigns” has quietly breached government bodies and critical infrastructure across 37 countries. Investigators from Palo Alto Networks’ Unit 42 assess that the activity began by early 2024 and likely originates from Asia. While no formal attribution has been made, the actor is tracked as TGR-STA-1030 or UNC6619. The campaign is marked by stealth and persistence, focusing on long-term intelligence gathering rather than overt disruption. 

At least 70 organizations were confirmed compromised, primarily government ministries and agencies handling finance, trade, energy, mining, immigration, border control, diplomacy, and law enforcement. Victims span multiple regions, including Brazil’s Ministry of Mines and Energy, Mexican and Bolivian government-linked entities, infrastructure in Panama, and agencies across Europe such as those in Germany, Italy, Poland, and Czechia. Other affected organizations include an Indonesian airline, Malaysian government departments, Mongolian law enforcement, a Taiwanese power equipment supplier, and critical infrastructure entities across parts of Africa. 

Reconnaissance activity was even broader. Between November and December, infrastructure linked to 155 countries was scanned. Systems associated with Australia’s Treasury, Afghanistan’s Ministry of Finance, Nepal’s prime minister’s office, and hundreds of European Union and German government IP addresses showed signs of probing. Analysts noted spikes in activity during politically sensitive periods, including the U.S. government shutdown in October 2025 and the lead-up to Honduras’ national election, suggesting interest in geopolitical developments. Initial access often relied on highly targeted phishing emails referencing internal government matters. 

These messages delivered malware via compressed files hosted on Mega.nz, deploying a loader called Diaoyu that could fetch Cobalt Strike and VShell payloads after performing evasion checks. The group also exploited at least 15 known vulnerabilities in products such as Microsoft Exchange Server, SAP Solution Manager, D-Link devices, and Windows systems. A key finding was a custom Linux kernel rootkit, ShadowGuard, which operates at the kernel level to hide malicious activity and evade detection. 

Infrastructure supporting the campaign used legitimate VPS providers in the U.S., Singapore, and the U.K., along with relay servers and anonymization layers. Researchers conclude the actor is highly capable and remains an ongoing threat to governments and critical services worldwide.
Read more »
Telegram
API Cyberattacks CyberCrime Cyberhackers Cybersecurity CyberThreat Data Breach Information Compromised Real American Voice SiegedSec Telegram

Data Breach at Real America’s Voice: User Information Compromised

 


In the past few weeks, a group of homosexual, furry hackers called SiegedSec has hacked the far-right media outlet Real America’s Voice, and they have taken it down. As well as hosting far-right commentators such as Steve Bannon and Charlie Kirk, the right-wing media outlet owned by Robert Sigg also plays host to conspiracy theories, such as COVID-19 misinformation, 2020 election conspiracy theories, QAnon, and transphobic content, as well as far-right commentators such as Steve Bannon and Charlie Kirk. 

This group announced on Monday that it had hacked the app of Real America's Voice, a right-wing media outlet, founded in 2020 and regularly featuring far-right activists such as Steve Bannon and Charlie Kirk, in an announcement posted to its Telegram channel. As well as spreading conspiracy theories and transphobic rhetoric, Real America's Voice is often attacked by SiegedSec, a hacker furry collective that has wreaked havoc on the outlet. 

As part of their release, they provided data on over 1,000 users of their app, along with information on hosts Charlie Kirk, Steve Bannon, and Ted Nugent, the latter who wrote a song about wanting to fuck a 13-year-old girl. This hacker was known for destroying Minnesota River Valley Church, which used $6,000 of money to buy inflatable sea lions. 

They were also known for destroying nuclear research facilities and demanding that they focus on cat girls to accomplish their goal. It has been reported that SiegedSec has released personal information about more than 1,200 users using the app, including their full names, telephone numbers, and email addresses, as part of its ongoing hacktivism campaign OpTransRights. Additionally, the group said that they removed the user's data from the app's API as well as its cloud storage system, as well as going poof on the files. 

SiegedSec wrote in their Telegram message about the optics of their actions in regards to the Real America's Voice leak as the company shared it with their followers. We have received concerns throughout the attacks that actions had been conducted against transphobic entities and that our attacks would be construed to label the LGBTQ+ community as ‘terrorists’ and ‘criminals,’ as the group stated. 

It’s important to realize that these types of people are always going to blame the LGBTQ+ community, no matter what we do. They’re going to look for ways to hate, they will not listen to reason, and they’re going to spread lies to discredit people who are different. Data reportedly deleted from the Amazon server included information about the network’s top shows, including those hosted by prominent right-wing figures like Charlie Kirk, Steve Bannon, and Ted Nugent, as well as the top shows on the network. 

There is no information available as to whether SiegedSec's actions resulted in any permanent damage to the organization. Initially launched last year after SiegedSec attacked government websites in five states over the policies regarding transgender healthcare, the #OpTransRights campaign has just been relaunched as a part of the group's recently relaunched #OpTransRights campaign. 

As a result of anti-transgender remarks made by the pastor of River Valley Church in Burnsville, Minnesota, SiegedSec hacked the church on April 1 and launched it again on April 1. SiegedSec also used the church's Amazon account to buy inflatable sea lions worth several thousand dollars worth of money using the church's Amazon account after the hack. 

This hack exposed private prayer requests from 15,000 users of the church's website. After doing that, SiegedSec went on to dox River Valley Church's pastor Rob Ketterling less than a week later. They also noted that in their statement on Monday, they expressed concern that such attacks would negatively impact the LGBTQ+ community.
Read more »
Subscribe to: Comments (Atom)