Find notable cyber news and cases, enriched with sources, timelines, and signals.

HeartlessSoul phishing and malvertising espionage campaign targeting aerospace firms and drone operators

Campaign
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The HeartlessSoul operation is using phishing and malvertising to target aerospace firms and drone operators, raising the risk of geospatial data theft from compromised systems. The campaign's lure infrastructure mimics legitimate aviation software and resources, including a fake SourceForge project. Activity has been tracked since at least February, with earliest signs back to at least September 2025.

Related Happenings

PhantomCore TrueConf server targeting campaign in Russia

Campaign
H score34 First: 27.04.2026 14:54 Last: 27.04.2026 14:54 Sources 1

About this happening: **PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
H score58 First: 08.04.2026 12:16 Last: 08.04.2026 12:16 Sources 1

About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...

Latest development: 03.06.2026 14:00

President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.

UnsolicitedBooker Central Asian telecom phishing campaign

Campaign
H score31 First: 24.02.2026 11:54 Last: 24.02.2026 11:54 Sources 1

About this happening: The **UnsolicitedBooker** cluster shifted its phishing operation to **telecommunications companies in Kyrgyzstan and Tajikistan**, extending a multi-month campaign that matters be...

APT31 Russian IT sector cloud-services and phishing campaign

Campaign
H score31 First: 22.11.2025 17:19 Last: 22.11.2025 17:19 Sources 1

About this happening: The **APT31** campaign targeted the **Russian IT sector** from **2024 to 2025**, using **cloud services** and **phishing** to evade detection and sustain espionage. The operation...

Operation ForumTroll phishing and Chrome zero-day campaign against Russian organizations

Campaign
H score42 First: 27.10.2025 18:37 Last: 27.10.2025 18:37 Sources 1

About this happening: **Operation ForumTroll** was exposed as a **targeted phishing campaign** that used a **Google Chrome zero-day** to compromise selected **Russian organizations**. The operation mat...

Latest development: 17.12.2025 16:54

Kaspersky reported on December 17, 2025 that it detected a new Operation ForumTroll phishing wave in October 2025 targeting Russian scholars and researchers in political science, international relations, and global economics at major Russian universities and research institutions. The attackers used fake eLibrary emails from support@e-library[.]wiki, hosted a copy of elibrary[.]ru on e-library[.]wiki, and personalized ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip for the targeted individuals.

Timeline

  1. 11.05.2026 15:00 2 articles · 1mo ago

    HeartlessSoul phishing and malvertising campaign targets aerospace and drone systems

    Initial Disclosure

    Kaspersky Lab says HeartlessSoul is a cyber espionage group using phishing and malvertising to target aerospace firms and drone operators with lookalike aviation-software downloads and a fake SourceForge project, with the apparent goal of stealing geospatial and GPS data from compromised systems mainly tied to Russian government and enterprise environments.

    Show sources