State-Sponsored Actors Target Defense Industrial Base with Multi-Vector Cyber Operations

First reported

13.02.2026 18:23

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

State-sponsored actors from China, Iran, North Korea, and Russia have intensified cyber operations against the defense industrial base (DIB) sector. The attacks focus on defense entities involved in the Russia-Ukraine War, exploitation of hiring processes, use of edge devices for initial access, and supply chain risks from breaches in the manufacturing sector. The campaigns involve sophisticated malware, phishing, and social engineering tactics to evade detection and exfiltrate sensitive data.

Timeline

13.02.2026 18:23 1 articles · 6h ago

State-Sponsored Actors Intensify Cyber Operations Against Defense Industrial Base
State-sponsored actors from China, Iran, North Korea, and Russia have intensified cyber operations against the defense industrial base (DIB) sector. The attacks focus on defense entities involved in the Russia-Ukraine War, exploitation of hiring processes, use of edge devices for initial access, and supply chain risks from breaches in the manufacturing sector. The campaigns involve sophisticated malware, phishing, and social engineering tactics to evade detection and exfiltrate sensitive data.
Show sources

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
Open in new tab

Information Snippets

State-sponsored actors from China, Iran, North Korea, and Russia are targeting the defense industrial base (DIB) sector.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
The attacks focus on defense entities involved in the Russia-Ukraine War, exploitation of hiring processes, use of edge devices for initial access, and supply chain risks from breaches in the manufacturing sector.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
APT44 (Sandworm) has attempted to exfiltrate data from Telegram and Signal encrypted messaging applications using a Windows batch script called WAVESIGN.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
TEMP.Vermin (UAC-0020) has used malware like VERMONSTER, SPECTRUM, and FIRMACHAGENT with lure content related to drones and anti-drone defense systems.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC5125 (FlyingYeti, UAC-0149) has conducted targeted campaigns against frontline drone units using Google Forms for reconnaissance and malware like MESSYFORK and GREYBATTLE.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC5792 (UAC-0195) has exploited Signal's device linking feature to hijack victim accounts and targeted entities in Ukraine, Moldova, Georgia, France, and the U.S.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC4221 (UAC-0185) has targeted secure messaging apps used by Ukrainian military personnel and used malware like STALECOOKIE and ClickFix to deliver TINYWHALE and MeshAgent.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC5976 and UNC6096, Russian espionage clusters, have conducted phishing campaigns delivering malicious RDP connection files and malware like GALLGRAB.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC5114, a suspected Russian espionage cluster, has delivered a variant of CraxsRAT by masquerading it as an update for Kropyva, a combat control system used in Ukraine.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
APT45 (Andariel) has targeted South Korean defense, semiconductor, and automotive manufacturing entities with SmallTiger malware.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
APT43 (Kimsuky) has leveraged infrastructure mimicking German and U.S. defense-related entities to deploy a backdoor called THINWAVE.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC2970 (Lazarus Group) has conducted the Operation Dream Job campaign to target aerospace, defense, and energy sectors.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC1549 (Nimbus Manticore) has targeted aerospace, aviation, and defense industries in the Middle East with malware families like MINIBIKE, TWOSTROKE, DEEPROOT, and CRASHPAD.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC6446, an Iranian-nexus threat actor, has used resume builder and personality test applications to distribute custom malware to targets in the aerospace and defense vertical across the U.S. and the Middle East.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
APT5 (Keyhole Panda, Mulberry Typhoon) has targeted current and former employees of major aerospace and defense contractors with tailored phishing lures.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC3236 (Volt Typhoon) has conducted reconnaissance activity against publicly hosted login portals of North American military and defense contractors.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
UNC6508, a China-nexus threat cluster, targeted a U.S.-based research institution in late 2023 by leveraging a REDCap exploit to drop a custom malware named INFINITERED.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23
China-nexus threat groups have utilized operational relay box (ORB) networks for reconnaissance against defense industrial targets.
First reported: 13.02.2026 18:23

1 source, 1 article
Show sources
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations — thehackernews.com — 13.02.2026 18:23

Summary

Timeline

State-Sponsored Actors Intensify Cyber Operations Against Defense Industrial Base

Information Snippets