Find notable cyber news and cases, enriched with sources, timelines, and signals.

Evasive Panda DNS poisoning MgBot espionage campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

Evasive Panda ran a highly targeted cyber espionage campaign that used DNS poisoning to deliver MgBot to victims in Türkiye, China, and India. The operation was observed from November 2022 to November 2024, showing sustained targeting across multiple countries. It relied on AitM redirection and fake software-update lures to seed a loader chain and maintain access on victim systems.

Related Happenings

StrikeShark SharkLoader and Cobalt Strike Beacon campaign

Campaign
H score42 First: 26.06.2026 21:17 Last: 26.06.2026 21:17 Sources 1

About this happening: The **StrikeShark** campaign is deploying **SharkLoader** to load **Cobalt Strike Beacon** on compromised hosts, raising the risk of broader follow-on intrusion activity. It has t...

Operation Endgame takedown of Amadey and StealC infrastructure

Law Enforcement
H score66 First: 24.06.2026 18:02 Last: 24.06.2026 18:02 Sources 1

About this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...

Webworm multi-country targeting campaign against government and enterprise victims

Campaign
H score38 First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...

Interpol Operation Ramz cybercrime crackdown in MENA

Law Enforcement
H score33 First: 18.05.2026 17:00 Last: 18.05.2026 17:00 Sources 1

About this happening: **INTERPOL**-led **Operation Ramz** disrupted **Sniper Dz**, a decade-long **phishing-as-a-service (PhaaS)** platform, during **October 2025-February 2026**. Authorities in **13 M...

TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation

Campaign
H score30 First: 07.02.2026 17:09 Last: 07.02.2026 17:09 Sources 1

About this happening: The **TGR-STA-1030/UNC6619** operation **Shadow Campaigns** expanded a state-sponsored espionage effort that compromised **at least 70 organizations** across **37 countries**, inc...

Timeline

  1. 26.12.2025 16:44 2 articles · 6mo ago

    Evasive Panda DNS poisoning MgBot espionage campaign

    Initial Disclosure

    The first phase used **AitM DNS poisoning** to reroute update traffic to attacker-controlled infrastructure and deliver a first-stage loader to selected victims.

    Show sources