Russian IT service provider hit by network compromise linked to Jewelbug
Incident
Summary
Hide ▲
Show ▼
A Russian IT service provider disclosed a five-month intrusion that exposed code repositories and software build systems, creating supply-chain risk for customers in Russia. The compromise was attributed to Jewelbug, a China-linked group active from January to May 2025, and data was exfiltrated to Yandex Cloud. The operators used cdb.exe, credential dumping, scheduled tasks, and log clearing to maintain access and conceal activity.
Related Happenings
Major South Korean electronics manufacturer hit by data theft breach
Incident
First: 14.05.2026 00:59
Last: 14.05.2026 00:59
Sources 1
About this happening:
A **major South Korean electronics manufacturer** suffered a **week-long intrusion** in **February 2026**, giving attackers time to conduct **reconnaissance**, **credential theft*...
Major South Korean electronics manufacturer hit by data theft breach
IncidentAbout this happening: A **major South Korean electronics manufacturer** suffered a **week-long intrusion** in **February 2026**, giving attackers time to conduct **reconnaissance**, **credential theft*...
CL-UNK-1068 years-long espionage campaign targeting Asian organizations
Campaign
First: 09.03.2026 09:21
Last: 09.03.2026 09:21
Sources 1
About this happening:
A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...
CL-UNK-1068 years-long espionage campaign targeting Asian organizations
CampaignAbout this happening: A **Chinese threat actor** is linked to a **years-long espionage campaign** against **high-value organizations in South, Southeast, and East Asia**, creating persistent risk for c...
Jewelbug campaign expands across multiple victims
Campaign
First: 17.12.2025 13:12
Last: 17.12.2025 13:12
Sources 1
About this happening:
The **Jewelbug / Ink Dragon** intrusion campaign remains **active**, with **several dozen victims** across **Europe, Asia, and Africa** and a recent emphasis on **government entit...
Jewelbug campaign expands across multiple victims
CampaignAbout this happening: The **Jewelbug / Ink Dragon** intrusion campaign remains **active**, with **several dozen victims** across **Europe, Asia, and Africa** and a recent emphasis on **government entit...
Russian-origin Ukraine web shell and LotL intrusion campaign
Campaign
First: 29.10.2025 13:51
Last: 29.10.2025 13:51
Sources 1
About this happening:
The **Russian-origin** campaign targeted **organizations in Ukraine** with **web shells**, **living-off-the-land tactics**, and dual-use tools to keep **persistent access** and st...
Russian-origin Ukraine web shell and LotL intrusion campaign
CampaignAbout this happening: The **Russian-origin** campaign targeted **organizations in Ukraine** with **web shells**, **living-off-the-land tactics**, and dual-use tools to keep **persistent access** and st...
Phantom Taurus as a China-aligned espionage actor targeting government and telecoms
Threat Actor Meta
First: 30.09.2025 19:07
Last: 30.09.2025 19:07
Sources 1
About this happening:
**Phantom Taurus** has been formally classified by **Palo Alto Networks Unit 42** as a **China-aligned espionage actor** targeting **government agencies, embassies, military opera...
Phantom Taurus as a China-aligned espionage actor targeting government and telecoms
Threat Actor MetaAbout this happening: **Phantom Taurus** has been formally classified by **Palo Alto Networks Unit 42** as a **China-aligned espionage actor** targeting **government agencies, embassies, military opera...
Timeline
-
15.10.2025 20:28 2 articles · 7mo ago
Russian IT service provider hit by network compromise linked to Jewelbug
Initial DisclosureIn **January 2025**, the attackers gained access inside the provider's environment and began working against its development systems. Early activity focused on **code repositories**, persistence, and stealthy collection inside the network.
Show sources
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28
- Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months — thehackernews.com — 15.10.2025 20:28