Shadow-Void-044 and Shadow-Earth-045 PeckBirdy cyber-espionage campaigns
Campaign
Summary
Hide ▲
Show ▼
Two China-aligned PeckBirdy espionage campaigns were identified, widening risk to Chinese gambling websites, Asian government entities, and a Philippine educational institution. The operations have used multiple attack vectors since 2023, with one track emerging in July 2024. They relied on malicious scripts, fake Chrome update pages, and modular backdoors to harvest credentials and maintain access. The shared tooling suggests a sustained operation even though attribution to specific groups remains cautious.
Related Happenings
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm expanded European government and South Africa university espionage campaign
Campaign
First: 20.05.2026 14:30
Last: 20.05.2026 14:30
Sources 1
About this happening:
Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...
Webworm expanded European government and South Africa university espionage campaign
CampaignAbout this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
Campaign
First: 01.05.2026 17:02
Last: 01.05.2026 17:02
Sources 1
About this happening:
**SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
CampaignAbout this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
Silk Typhoon / Hafnium coordinated intelligence-gathering campaign
Campaign
First: 27.04.2026 22:56
Last: 27.04.2026 22:56
Sources 1
About this happening:
The **Silk Typhoon / Hafnium** operation is tied to a **coordinated intelligence-gathering campaign** spanning **February 2020 to June 2021**, underscoring a sustained espionage e...
Silk Typhoon / Hafnium coordinated intelligence-gathering campaign
CampaignAbout this happening: The **Silk Typhoon / Hafnium** operation is tied to a **coordinated intelligence-gathering campaign** spanning **February 2020 to June 2021**, underscoring a sustained espionage e...
Latest development: 28.04.2026 15:30
US officials described Silk Typhoon/Hafnium activity from February 2020 to June 2021 as a coordinated intelligence-gathering campaign that targeted US universities and COVID-19 researchers, including a Texas university network, and later expanded into Microsoft Exchange Server vulnerability exploitation. The operation reportedly used stolen mailbox access to search for vaccines, treatments, and testing research, and the FBI said the campaign affected more than 12,700 US organizations.
Timeline
-
28.01.2026 18:19 2 articles · 3mo ago
Shadow-Void-044 and Shadow-Earth-045 PeckBirdy cyber-espionage campaigns
Initial DisclosureBeginning in **2023**, the **Shadow-Void-044** track used **PeckBirdy** against **Chinese gambling websites**, pushing malicious scripts and fake **Google Chrome** update pages to deliver backdoors.
Show sources
- China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks — www.darkreading.com — 28.01.2026 18:19
- China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks — www.darkreading.com — 28.01.2026 18:19