Find notable cyber news and cases, enriched with sources, timelines, and signals.

Subtle Snail LinkedIn phishing espionage campaign against telecom and aerospace targets

Campaign
First reported
Last updated
Happening score
H score 20
2 unique sources, 2 articles

Summary

Hide ▲

The Subtle Snail (UNC1549) campaign expanded across the Middle East, Europe, and North America, using LinkedIn recruiter lures and impersonated job openings to target telecommunications, satellite, and aerospace organizations. The burst matters because the operators stole highly sensitive data from 11 global companies and customized each intrusion to the victim. The activity points to a sustained espionage effort focused on privileged staff and sensitive business systems.

Related Happenings

Bitter Middle East spear-phishing campaign targeting civil society figures

Campaign
H score28 First: 09.04.2026 13:45 Last: 09.04.2026 13:45 Sources 1

About this happening: A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...

Contagious Interview cryptocurrency social-engineering and malware-delivery campaign

Campaign
H score37 First: 23.03.2026 20:09 Last: 23.03.2026 20:09 Sources 1

About this happening: A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...

OFAC sanctions DPRK IT worker scheme network

Regulatory/Legal Action
H score32 First: 18.03.2026 19:26 Last: 18.03.2026 19:26 Sources 1

About this happening: **OFAC** sanctioned **Ryujong Credit Bank**, **KMCTC**, and **eight individuals** tied to **North Korean cryptocurrency laundering** and **fraudulent IT worker schemes**. The **U....

Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign

Campaign
H score38 First: 09.03.2026 23:24 Last: 09.03.2026 23:24 Sources 1

About this happening: An **ongoing Russian intelligence-linked** phishing **campaign** is targeting **Signal** and **WhatsApp** users and has evolved from stealing verification codes and account PINs t...

Latest development: 27.06.2026 01:06

FBI and CISA warn that the Russian intelligence services-linked Signal phishing campaign has evolved from stealing verification codes, account PINs, and linked-device access to eliciting victims' Backup Recovery Keys through impersonated Signal support messages. If a target provides the key, attackers can restore Signal's Secure Backups on their own devices and read historical messages, including private and group conversations, while the campaign continues to target high-intelligence-value individuals.

Global Profit / MC Profit Always exposed phishing repository leak

Data Leak
H score27 First: 25.02.2026 01:57 Last: 25.02.2026 01:57 Sources 1

About this happening: An exposed repository tied to **Global Profit / MC Profit Always** leaked an **SQL database** and **Telegram webhook logs**, exposing phishing-operator communications and infrastr...

Timeline

  1. 19.09.2025 16:59 3 articles · 9mo ago

    Subtle Snail campaign disclosure across telecom and aerospace targets

    Initial Disclosure

    Subtle Snail (UNC1549) has stolen highly sensitive data from 11 global telecommunications companies, satellite operators, and aerospace equipment manufacturers while expanding operations across the Middle East, Europe, and North America. The group uses LinkedIn recruiter lures, fake job openings, and phishing domains impersonating Telespazio or Safran Group to deliver the MiniBike backdoor and load DLL components for espionage-oriented data theft.

    Show sources