In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Sophisticated supply chain attack exploited TrueConf update process
April 2, 2026
Southeast Asian governments were recently targeted by a highly sophisticated supply chain attack as part of a wider cyber-espionage campaign, which experts believe is the work of the Chinese government. Security researchers Check Point detailed their findings on Operation TrueChaos, a campaign revolving around a zero-day vulnerability in TrueConf, a video conferencing and collaboration platform which ...
- Iran targets M365 accounts with password-spraying attacks
March 31, 2026
Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting bomb-damage assessment following missile strikes. Tel Aviv-based Check Point Research on Tuesday said that the attackers used multiple source IP addresses to target numerous Microsoft 365 accounts, affecting ...
- Iranian hackers allegedly breached FBI Director Patel’s personal emails
March 27, 2026
Hackers breached FBI Director Kash Patel’s personal email, according to sources familiar with the situation. The majority of the emails were from prior to 2019, according to sources, and appear to be from before his tenure at the FBI. There were a few emails from 2022, sources told ABC News. “The FBI is aware of malicious ...
- Coruna: the framework used in Operation Triangulation
March 26, 2026
On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit kit was first discovered in targeted attacks conducted by a customer of an unnamed surveillance vendor. It was later used by other attackers in watering-hole attacks in Ukraine and in financially motivated ...
- Russian Intelligence Services Target Commercial Messaging Application Accounts
March 20, 2026
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are jointly issuing this public service announcement (PSA) to warn the public about ongoing phishing campaigns by cyber actors associated with the Russian Intelligence Services (RIS) targeting commercial messaging applications (CMAs). RIS actors have compromised individual CMA accounts, but not CMAs’ encryption ...
- Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets
March 20, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate information on malicious cyber activity conducted by actors on behalf of the Government of Iran Ministry of Intelligence and Security (MOIS). Specifically, MOIS cyber actors are responsible for using Telegram as a command-and-control (C2) infrastructure to push malware targeting Iranian dissidents, journalists opposed to ...