StrikeShark SharkLoader and Cobalt Strike Beacon campaign
Campaign
Summary
Hide ▲
Show ▼
The StrikeShark campaign is deploying SharkLoader to load Cobalt Strike Beacon on compromised hosts, raising the risk of broader follow-on intrusion activity. It has targeted a diplomatic organization in Indonesia, government organizations in Taiwan, software development companies, and other entities across multiple countries. The operation combines exploit-driven initial access with post-compromise tooling and persistence, making it a sustained, multi-sector campaign.
Related Happenings
SharkLoader loader activity deploying Cobalt Strike Beacon
Malware Activity
H score30
First: 26.06.2026 21:17
Last: 26.06.2026 21:17
Sources 1
How related:
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts.
About this happening:
A newly observed **SharkLoader** malware operation is staging **Cobalt Strike Beacon** on compromised Windows hosts, expanding post-compromise control and persistence risk. The lo...
SharkLoader loader activity deploying Cobalt Strike Beacon
Malware ActivityHow related: A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts.
About this happening: A newly observed **SharkLoader** malware operation is staging **Cobalt Strike Beacon** on compromised Windows hosts, expanding post-compromise control and persistence risk. The lo...
TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation
Campaign
H score30
First: 07.02.2026 17:09
Last: 07.02.2026 17:09
Sources 1
About this happening:
The **TGR-STA-1030/UNC6619** operation **Shadow Campaigns** expanded a state-sponsored espionage effort that compromised **at least 70 organizations** across **37 countries**, inc...
TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation
CampaignAbout this happening: The **TGR-STA-1030/UNC6619** operation **Shadow Campaigns** expanded a state-sponsored espionage effort that compromised **at least 70 organizations** across **37 countries**, inc...
UAT-7290 long-running telecom espionage campaign
Campaign
H score41
First: 08.01.2026 18:00
Last: 08.01.2026 18:00
Sources 1
About this happening:
**UAT-7290** is running a **long-running cyber-espionage campaign** against **telecommunications providers** in South Asia, with recent expansion into Southeastern Europe. The ope...
UAT-7290 long-running telecom espionage campaign
CampaignAbout this happening: **UAT-7290** is running a **long-running cyber-espionage campaign** against **telecommunications providers** in South Asia, with recent expansion into Southeastern Europe. The ope...
Mustang Panda ToneShell kernel-mode loader campaign against Asian government organizations
Campaign
H score32
First: 30.12.2025 02:08
Last: 30.12.2025 02:08
Sources 1
About this happening:
A **Mustang Panda** campaign is using **ToneShell** delivered through a **kernel-mode loader** to hide malicious activity from security tools while targeting **government organiza...
Mustang Panda ToneShell kernel-mode loader campaign against Asian government organizations
CampaignAbout this happening: A **Mustang Panda** campaign is using **ToneShell** delivered through a **kernel-mode loader** to hide malicious activity from security tools while targeting **government organiza...
Evasive Panda DNS poisoning MgBot espionage campaign
Campaign
H score33
First: 26.12.2025 16:44
Last: 26.12.2025 16:44
Sources 1
About this happening:
**Evasive Panda** ran a **highly targeted cyber espionage campaign** that used **DNS poisoning** to deliver **MgBot** to victims in **Türkiye, China, and India**. The operation wa...
Evasive Panda DNS poisoning MgBot espionage campaign
CampaignAbout this happening: **Evasive Panda** ran a **highly targeted cyber espionage campaign** that used **DNS poisoning** to deliver **MgBot** to victims in **Türkiye, China, and India**. The operation wa...
Timeline
-
26.06.2026 21:17 2 articles · 4h ago
StrikeShark campaign deploys SharkLoader and Cobalt Strike Beacon
Initial DisclosureKaspersky tracked StrikeShark as a multi-country campaign that used the SharkLoader malware family to deploy Cobalt Strike Beacon on compromised hosts, targeting a diplomatic organization in Indonesia, government organizations in Taiwan, software development companies, and other entities across Hong Kong, Lebanon, Syria, Colombia, North Macedonia, Nepal, and Serbia. The operators used exploit-driven initial access, web shells, DLL side-loading, custom droppers masquerading as Google Update and Cisco AnyConnect, and open-source post-compromise tools including FScan, Searchall, and Pillager; Kaspersky assessed the activity as likely carried out by a Chinese-speaking threat actor.
Show sources
- New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks — thehackernews.com — 26.06.2026 21:17
- New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks — thehackernews.com — 26.06.2026 21:17