Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

LucidRook spear-phishing malware activity targeting Taiwan NGOs and universities

Malware Activity
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

LucidRook is being used in spear-phishing campaigns against NGOs and universities in Taiwan, creating a direct path for reconnaissance and data theft. The activity was seen in October 2025 and used password-protected archives plus multiple delivery chains to plant the malware. Once active, LucidRook collects system details, encrypts them with RSA, and exfiltrates the data over FTP.

Related Happenings

PowMix phishing campaign targeting Czech workforce

Campaign
First: 16.04.2026 20:52 Last: 16.04.2026 20:52 Sources 1

About this happening: The **PowMix** campaign is actively targeting the **Czech Republic’s workforce**, raising the risk of **remote access** and **remote code execution** on compromised systems. The i...

Open Happening

TA416 European government espionage campaign

Campaign
First: 01.04.2026 15:05 Last: 01.04.2026 15:05 Sources 1

About this happening: TA416 has resumed **cyber espionage** activity, targeting **European governments** and **EU/NATO diplomatic missions** with a renewed malware-delivery operation that raises cross-...

Latest development: 03.04.2026 20:34

TA416 expanded its espionage campaign to Middle Eastern government and diplomatic entities after the outbreak of the U.S.-Israel-Iran conflict in late February 2026, while linking to archives hosted on Google Drive or a compromised SharePoint instance to refine its PlugX delivery chain and collect regional intelligence.

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

UAT-10027 U.S. education and healthcare targeting campaign

Campaign
First: 26.02.2026 17:17 Last: 26.02.2026 17:17 Sources 1

About this happening: **UAT-10027** is running an active **campaign** against **U.S. education and healthcare organizations**, and the activity matters because it delivers a new backdoor and supporting...

Open Happening

SmartLoader trojanized Oura MCP Server delivery of StealC

Malware Activity
First: 17.02.2026 14:42 Last: 17.02.2026 14:42 Sources 1

About this happening: The **SmartLoader** operation is now distributing a **trojanized Oura MCP Server** to drop **StealC**, creating a supply-chain path to steal developer secrets. The rogue package i...

Open Happening

Timeline

  1. 10.04.2026 01:04 2 articles · 1mo ago

    Cisco Talos discloses LucidRook phishing campaign against Taiwan NGOs and universities

    Initial Disclosure

    Cisco Talos disclosed LucidRook, a Lua-based malware used in spear-phishing campaigns against non-governmental organizations and universities in Taiwan, and attributed the activity to UAT-10362. The tooling used phishing emails with password-protected archives, an LNK shortcut chain that delivered LucidPawn, an EXE-based chain that impersonated Trend Micro Worry-Free Business Security Services, Lua bytecode execution, system reconnaissance, and FTP exfiltration.

    Show sources
    Open in new tab