A state-backed espionage group infiltrated government networks across 37 countries in a single year while scanning infrastructure in 155 more — one in five nations on Earth. That is the lead story in HN61, joined by a CVSS 9.9 RCE in BeyondTrust, Signal accounts hijacked without malware, CISA pulling the plug on aging edge devices, and a ransomware gang claiming 1.4 TB from a data vault provider.
Stories Covered
Shadow Campaigns: TGR-STA-1030
Palo Alto Networks Unit 42 published a major investigation into a previously undocumented Asian state-backed group tracked as TGR-STA-1030, dubbed the Shadow Campaigns. The group compromised government networks in 37 countries over the past year and was actively scanning infrastructure in 155 others. Their toolkit includes custom implants, living-off-the-land techniques, and infrastructure designed to blend into legitimate cloud traffic.
BeyondTrust CVSS 9.9 RCE
A critical remote code execution vulnerability in BeyondTrust remote access tooling scored a 9.9 on the CVSS scale. Remote access tools are high-value targets by definition — a near-perfect score on one makes this an immediate patch priority for any organization using the product.
Signal Accounts Hijacked Without Malware
A state-sponsored campaign successfully hijacked Signal accounts belonging to European politicians and military officials without deploying a single line of malware. The attack exploited Signal linked-devices feature, allowing attackers to silently mirror targets messages in real time once they tricked the victim into scanning a malicious QR code.
CISA Edge Device Directive and Ransomware Data Breach
CISA ordered federal agencies to remove outdated edge devices from their networks following ongoing exploitation campaigns targeting perimeter hardware. Separately, a ransomware gang claimed to have exfiltrated 1.4 TB of data from a provider that safeguards critical data vaults worldwide.
Leave a Reply