Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Jewelbug campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 44
1 unique sources, 1 articles

Summary

Hide ▲

The Jewelbug / Ink Dragon intrusion campaign remains active, with several dozen victims across Europe, Asia, and Africa and a recent emphasis on government entities in Europe. The operation still targets telecommunications organizations and other entities across multiple regions, making it a sustained multi-victim threat rather than a one-off intrusion. Its persistence matters because the cluster uses web shells, ShadowPad, and FINALDRAFT-related tooling to maintain access, move laterally, and support data exfiltration.

Related Happenings

Mustang Panda spear-phishing campaign targeting Indian banks and US-Korea policy circles

Campaign
First: 21.04.2026 15:00 Last: 21.04.2026 15:00 Sources 1

About this happening: **Mustang Panda** launched a newly identified **spear-phishing campaign** that is aimed largely at **financial organizations in India** and also reaches **US-Korea public policy c...

Open Happening

Red Menshen telecom espionage campaign

Campaign
First: 26.03.2026 19:40 Last: 26.03.2026 19:40 Sources 1

About this happening: A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...

Open Happening

DarkSword operators phishing and watering-hole campaign

Campaign
First: 18.03.2026 23:15 Last: 18.03.2026 23:15 Sources 1

About this happening: **DarkSword** operators ran a **cross-border phishing and watering-hole campaign** using an **iPhone exploit chain** against users in **Saudi Arabia** and **Ukraine**, with additi...

Open Happening

UAT-9244 South America telecom targeting campaign

Campaign
First: 06.03.2026 01:19 Last: 06.03.2026 01:19 Sources 1

About this happening: UAT-9244 is a China-linked campaign targeting telecommunication providers in South America since 2024. It compromises Windows, Linux, and edge devices to expand access across tele...

Latest development: 06.03.2026 10:22

The first documented phase centers on **TernDoor** targeting **Windows** hosts through **DLL side-loading** with `wsprint.exe` and `BugSplatRc64.dll`. After launch, it loads in memory and establishes persistence through a scheduled task or the Registry Run key.

Open Happening

Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan

Campaign
First: 04.03.2026 10:14 Last: 04.03.2026 10:14 Sources 1

About this happening: The **Silver Dragon** campaign is actively using **public-facing internet servers** and **phishing emails with malicious attachments** to gain initial access, expanding risk acros...

Open Happening

Timeline

  1. 17.12.2025 13:12 2 articles · 5mo ago

    Ink Dragon campaign spans multiple regions and sectors

    Campaign Scope Update

    Check Point Research tracks Jewelbug as Ink Dragon, a China-aligned cluster active since at least March 2023 that has increasingly focused on government targets in Europe since July 2025 while still targeting Southeast Asia and South America. The campaign has impacted several dozen victims, including government entities and telecommunications organizations across Europe, Asia, and Africa, and uses vulnerable internet-exposed web applications, web shells, ShadowPad, FINALDRAFT, and related tooling to support command-and-control, lateral movement, defense evasion, and data exfiltration.

    Show sources
    Open in new tab