Find notable cyber news and cases, enriched with sources, timelines, and signals.

Jewelbug campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

The Jewelbug / Ink Dragon intrusion campaign remains active, with several dozen victims across Europe, Asia, and Africa and a recent emphasis on government entities in Europe. The operation still targets telecommunications organizations and other entities across multiple regions, making it a sustained multi-victim threat rather than a one-off intrusion. Its persistence matters because the cluster uses web shells, ShadowPad, and FINALDRAFT-related tooling to maintain access, move laterally, and support data exfiltration.

Related Happenings

Scattered Spider reclassified as a decentralized collective of independent clusters

Threat Actor Meta
H score26 First: 07.07.2026 17:00 Last: 07.07.2026 17:00 Sources 1

About this happening: **Scattered Spider** has been reclassified as a **decentralized cybercrime collective**, changing how its persistence and resilience are understood. The shift suggests **independe...

StrikeShark SharkLoader and Cobalt Strike Beacon campaign

Campaign
H score42 First: 26.06.2026 21:17 Last: 26.06.2026 21:17 Sources 1

About this happening: The **StrikeShark** campaign is deploying **SharkLoader** to load **Cobalt Strike Beacon** on compromised hosts, raising the risk of broader follow-on intrusion activity. It has t...

Mustang Panda spear-phishing campaign targeting Indian banks and US-Korea policy circles

Campaign
H score32 First: 21.04.2026 15:00 Last: 21.04.2026 15:00 Sources 1

About this happening: **Mustang Panda** launched a newly identified **spear-phishing campaign** that is aimed largely at **financial organizations in India** and also reaches **US-Korea public policy c...

Red Menshen telecom espionage campaign

Campaign
H score33 First: 26.03.2026 19:40 Last: 26.03.2026 19:40 Sources 1

About this happening: A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...

DarkSword operators phishing and watering-hole campaign

Campaign
H score89 First: 18.03.2026 23:15 Last: 18.03.2026 23:15 Sources 1

About this happening: **DarkSword** operators ran a **cross-border phishing and watering-hole campaign** using an **iPhone exploit chain** against users in **Saudi Arabia** and **Ukraine**, with additi...

Timeline

  1. 17.12.2025 13:12 2 articles · 6mo ago

    Ink Dragon campaign spans multiple regions and sectors

    Campaign Scope Update

    Check Point Research tracks Jewelbug as Ink Dragon, a China-aligned cluster active since at least March 2023 that has increasingly focused on government targets in Europe since July 2025 while still targeting Southeast Asia and South America. The campaign has impacted several dozen victims, including government entities and telecommunications organizations across Europe, Asia, and Africa, and uses vulnerable internet-exposed web applications, web shells, ShadowPad, FINALDRAFT, and related tooling to support command-and-control, lateral movement, defense evasion, and data exfiltration.

    Show sources