The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

In mid-2025, Kaspersky researchers identified a malicious driver file on computer systems in Asia. The driver file is signed with an old, stolen, or leaked digital certificate and registers as a mini-filter driver on infected machines. Its end-goal is to Read More …

Meet the team that investigates when journalists and activists get hacked with government spyware

For more than a decade, dozens of journalists and human rights activists have been targeted and hacked by governments all over the world. Cops and spies in Ethiopia, Greece, Hungary, India, Mexico, Poland, Saudi Arabia, and United Arab Emirates, among Read More …

Cloud Atlas activity in the first half of 2025: what changed

Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process (CVE-2018-0802) to download and Read More …

UK Foreign Office was victim of cyberattack

The UK Foreign Office was hacked in October, a minister has admitted, raising fears that thousands of confidential documents and data may have been compromised. While ministers are “pretty confident” that visa applicants’ details have not been accessed, they have Read More …

FBI: Senior U.S. Officials Continue to be Impersonated in Malicious Messaging Campaign

This is an update to Public Service Announcement I-051525-PSA, released May 15, 2025, which can be found here. Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well Read More …

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

In March 2025, we discovered Operation ForumTroll, a series of sophisticated cyberattacks exploiting the CVE-2025-2783 vulnerability in Google Chrome. Kaspersky researchers previously detailed the malicious implants used in the operation: the LeetAgent backdoor and the complex spyware Dante, developed by Read More …

French government hit by cyberattack

The French Interior Ministry has confirmed recently suffering a cyberattack, but the consequences are still being determined. The French Minister of Interior said the attack took place at night, between December 11 and December 12. Email servers were compromised, allowing Read More …

Trump’s national security strategy wants spy agencies to watch world supply chains

President Donald Trump’s national security strategy tasks the U.S. intelligence community with monitoring global supply chains as part of a sweeping goal to decouple the nation’s economy from foreign adversaries and advance American economic interests. The demands listed in the Read More …

Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say

Spyware maker Intellexa had remote access to some of its government customers’ surveillance systems, giving company staffers the ability to see the personal data of people whose phones had been hacked with its Predator spyware, according to new evidence published Read More …

India pulls mandate to preinstall government app on smartphones

India has backed away from its plan to force smartphone makers to preinstall a government app on all devices, following backlash and mounting concerns that the mandate would expand state access to users’ devices and weaken privacy protections. On Wednesday, Read More …