HeartlessSoul phishing and malvertising espionage campaign targeting aerospace firms and drone operators
Campaign
Summary
Hide ▲
Show ▼
The HeartlessSoul operation is using phishing and malvertising to target aerospace firms and drone operators, raising the risk of geospatial data theft from compromised systems. The campaign's lure infrastructure mimics legitimate aviation software and resources, including a fake SourceForge project. Activity has been tracked since at least February, with earliest signs back to at least September 2025.
Related Happenings
PhantomCore TrueConf server targeting campaign in Russia
Campaign
First: 27.04.2026 14:54
Last: 27.04.2026 14:54
Sources 1
About this happening:
**PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...
PhantomCore TrueConf server targeting campaign in Russia
CampaignAbout this happening: **PhantomCore** is running an **active campaign** against **TrueConf servers in Russia**, and successful intrusions can give attackers a foothold for deeper network access. The gr...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
UnsolicitedBooker Central Asian telecom phishing campaign
Campaign
First: 24.02.2026 11:54
Last: 24.02.2026 11:54
Sources 1
About this happening:
The **UnsolicitedBooker** cluster shifted its phishing operation to **telecommunications companies in Kyrgyzstan and Tajikistan**, extending a multi-month campaign that matters be...
UnsolicitedBooker Central Asian telecom phishing campaign
CampaignAbout this happening: The **UnsolicitedBooker** cluster shifted its phishing operation to **telecommunications companies in Kyrgyzstan and Tajikistan**, extending a multi-month campaign that matters be...
APT31 Russian IT sector cloud-services and phishing campaign
Campaign
First: 22.11.2025 17:19
Last: 22.11.2025 17:19
Sources 1
About this happening:
The **APT31** campaign targeted the **Russian IT sector** from **2024 to 2025**, using **cloud services** and **phishing** to evade detection and sustain espionage. The operation...
APT31 Russian IT sector cloud-services and phishing campaign
CampaignAbout this happening: The **APT31** campaign targeted the **Russian IT sector** from **2024 to 2025**, using **cloud services** and **phishing** to evade detection and sustain espionage. The operation...
Operation ForumTroll phishing and Chrome zero-day campaign against Russian organizations
Campaign
First: 27.10.2025 18:37
Last: 27.10.2025 18:37
Sources 1
About this happening:
**Operation ForumTroll** was exposed as a **targeted phishing campaign** that used a **Google Chrome zero-day** to compromise selected **Russian organizations**. The operation mat...
Operation ForumTroll phishing and Chrome zero-day campaign against Russian organizations
CampaignAbout this happening: **Operation ForumTroll** was exposed as a **targeted phishing campaign** that used a **Google Chrome zero-day** to compromise selected **Russian organizations**. The operation mat...
Latest development: 17.12.2025 16:54
Kaspersky reported on December 17, 2025 that it detected a new Operation ForumTroll phishing wave in October 2025 targeting Russian scholars and researchers in political science, international relations, and global economics at major Russian universities and research institutions. The attackers used fake eLibrary emails from support@e-library[.]wiki, hosted a copy of elibrary[.]ru on e-library[.]wiki, and personalized ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip for the targeted individuals.
Timeline
-
11.05.2026 15:00 2 articles · 16d ago
HeartlessSoul phishing and malvertising campaign targets aerospace and drone systems
Initial DisclosureKaspersky Lab says HeartlessSoul is a cyber espionage group using phishing and malvertising to target aerospace firms and drone operators with lookalike aviation-software downloads and a fake SourceForge project, with the apparent goal of stealing geospatial and GPS data from compromised systems mainly tied to Russian government and enterprise environments.
Show sources
- Cyber Espionage Group Targets Aviation Firms to Steal Map Data — www.darkreading.com — 11.05.2026 15:00
- Cyber Espionage Group Targets Aviation Firms to Steal Map Data — www.darkreading.com — 11.05.2026 15:00