Find notable cyber news and cases, enriched with sources, timelines, and signals.

APT42 SpearSpecter espionage campaign

Campaign
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

The APT42 SpearSpecter campaign is ongoing, and it is targeting senior defense and government officials with personalized social engineering that also reaches family members. The operation uses WhatsApp lures, malicious links, and a WebDAV-hosted LNK file disguised as a PDF to start the attack chain. If the payload lands, TAMECAT can enable persistent access, credential theft, and data exfiltration.

Related Happenings

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
H score43 First: 23.06.2026 01:42 Last: 23.06.2026 01:42 Sources 1

About this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...

CL-CRI-1089 Operation FlutterBridge macOS malvertising campaign

Campaign
H score33 First: 04.06.2026 14:19 Last: 04.06.2026 14:19 Sources 1

About this happening: A **macOS malvertising campaign** is delivering **FlutterShell** through malicious ads and trojanized apps, expanding browser-hijacking and backdoor risk across **the U.S., Canada...

TA4922 expanded European phishing-and-malware campaign

Campaign
H score40 First: 04.06.2026 00:45 Last: 04.06.2026 00:45 Sources 1

About this happening: **TA4922** is a **China-linked** cybercrime campaign that has expanded from **East Asia** into **Europe and Africa**, including **the U.K., Germany, Italy, and South Africa**. The...

AgingFly malware attacks local governments and hospitals in Ukraine

Malware Activity
H score28 First: 16.04.2026 00:57 Last: 16.04.2026 00:57 Sources 1

About this happening: The **AgingFly** malware is now being deployed against **local governments and hospitals** in **Ukraine**, where it steals browser and WhatsApp authentication data and enables dee...

Handala multi-stage malware with Telegram C2 and exfiltration

Malware Activity
H score22 First: 24.03.2026 11:30 Last: 24.03.2026 11:30 Sources 1

About this happening: The **Handala** malware package uses a **multi-stage payload** to give operators **remote access** to infected **Windows** devices, increasing the risk of stealthy data theft. The...

Timeline

  1. 14.11.2025 16:40 2 articles · 7mo ago

    INDA discloses APT42 SpearSpecter espionage campaign

    Initial Disclosure

    Israel National Digital Agency (INDA) disclosed SpearSpecter as an ongoing APT42 espionage campaign targeting high-value senior defense and government officials, as well as other individuals and organizations of interest to the IRGC. The operation uses personalized social engineering through trusted WhatsApp contacts, meeting and conference lures, a malicious link chain, a WebDAV-hosted LNK disguised as a PDF, and a batch-script loader that can deploy TAMECAT for persistent access, credential capture, reconnaissance, and data exfiltration. TAMECAT can use HTTPS, Discord, and Telegram for command-and-control and can steal data from Google Chrome, Microsoft Edge, and Outlook while operating mostly in memory.

    Show sources