Find notable cyber news and cases, enriched with sources, timelines, and signals.

Webworm multi-country targeting campaign against government and enterprise victims

Campaign
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

Webworm is running a multi-country targeting campaign against government agencies and enterprises, expanding the risk of persistent access across several regions. The operation has been active since at least 2022 and continued into 2025, with victims spanning IT services, aerospace, and electric power. Its shift toward stealthier tooling and custom backdoors makes the campaign harder to detect and disrupt.

Related Happenings

UAT-7810 expands LapDogs ORB network to provide covert routing infrastructure

Threat Actor Meta
H score29 First: 08.07.2026 17:30 Last: 08.07.2026 17:30 Sources 1

About this happening: **UAT-7810** expanded its **LapDogs ORB network**, adding covert routing capacity that helps other hackers hide traffic origin and reach **high-value targets**. The infrastructure...

Scattered Spider reclassified as a decentralized collective of independent clusters

Threat Actor Meta
H score26 First: 07.07.2026 17:00 Last: 07.07.2026 17:00 Sources 1

About this happening: **Scattered Spider** has been reclassified as a **decentralized cybercrime collective**, changing how its persistence and resilience are understood. The shift suggests **independe...

CL-STA-1062 Southeast Asia critical infrastructure campaign using TinyRCT

Campaign
H score18 First: 26.06.2026 13:30 Last: 26.06.2026 13:30 Sources 1

About this happening: A **China-linked** campaign by **CL-STA-1062** is targeting **government entities** and **critical infrastructure** across **Southeast Asia**, with activity reaching **state-owned...

Vo1d botnet campaign targeting unofficial Android-based TV boxes

Campaign
H score88 First: 18.06.2026 20:37 Last: 18.06.2026 20:37 Sources 1

About this happening: **NetNut** used the **Popa botnet** and deceptive SDKs on **off-brand Android-based smart TVs**, streaming media boxes, and unofficial apps to turn home connections into **residen...

Latest development: 03.07.2026 12:35

Google disabled all Google accounts used by NetNut for malware command-and-control, updated Google Play Protect to warn Android users, and disabled apps containing the compromised SDKs. The FBI’s seizure banner appeared on netnut.com while netnut.io briefly remained accessible, and Google said the coordinated actions caused significant degradation to NetNut’s proxy network and business operations.

FishMonger multi-country government espionage campaign

Campaign
H score33 First: 16.06.2026 17:30 Last: 16.06.2026 17:30 Sources 1

About this happening: **FishMonger** ran a **multi-country espionage campaign** against **government bodies** in **Honduras, Taiwan, Thailand and Pakistan** across **2023 and 2024**. The activity point...

Timeline

  1. 20.05.2026 15:51 2 articles · 1mo ago

    Webworm multi-country targeting campaign against government and enterprise victims

    Initial Disclosure

    The campaign was first publicly documented in **September 2022** and was already assessed as active by that point. Early activity centered on **government agencies and enterprises** in **Russia**, **Georgia**, and **Mongolia**.

    Show sources