State-sponsored cyber operations
Key Questions
What recent claims has the Iran-linked Handala group made?
Handala claims a California water infrastructure breach with a 5GB PII and credential dump that the company is investigating, and separately claims access to FBI drone surveillance systems though evidence is disputed.
Which Chinese threat actors are expanding operations?
TA4922 is expanding phishing, UNC6508 runs the INFINITERED campaign against North American research centers, and REF6138 deploys backdoors in Linux utilities while FBI seized 13 related websites.
What new tools have North Korean and other groups deployed?
CrowdStrike reports North Korea's Famous Chollima responsible for 47% of state-backed intrusions, while ScarCruft uses NarwhalRAT via fake Microsoft lures and FishMonger deploys a Windows SprySOCKS variant.
What actions has Canada taken against state-linked threats?
Canada's CSIS received its first-ever warrant to hack state-linked botnets as part of efforts to counter ongoing operations from China, Iran, and North Korea.
How persistent is the Iran cyber threat according to US officials?
US officials assess that Iran cyber operations will continue despite a preliminary agreement, as the deal lacks cyber-specific terms and threat activity shows no signs of slowing.
China TA4922 expands phishing. VerdantBamboo BRICKSTORM on Linux. China-nexus group UNC6508 INFINITERED campaign targeting North American research centers. Iran Handala claims California water infrastructure breach (5GB dump confirmed with PII and creds) – company denies billing system breach. CrowdStrike: North Korea's Famous Chollima responsible for 47% of state-backed intrusions. FBI seizes 13 websites linked to Chinese intelligence-gathering. Chinese REF6138 campaign backdoors Linux utilities. Four Iranian banks hit by cyber disruption. ESET discovers Windows SprySOCKS variant from FishMonger targeting Asian governments. ScarCruft deploys NarwhalRAT via fake Microsoft Account Security Alert lures. Canada's CSIS granted first-ever warrant to hack state-linked botnets. Salt Typhoon telecom hack. US officials see Iran cyber threat persisting despite preliminary deal – no cyber-specific terms in agreement. California water utility breach by Iran-linked Handala – investigation ongoing. New: Handala claims breach of FBI drone surveillance systems – evidence disputed, but group continues aggressive targeting.