top of page
Search

The Rising Tide of State Sponsored Cyber Threats Intensify Worldwide

  • Writer: Yisda Technical Team
    Yisda Technical Team
  • 6 days ago
  • 3 min read

State sponsored cyber threats continue to intensify worldwide as major threat actors escalate operations on multiple fronts. Threat actors linked to China have expanded their campaigns against Taiwan, while threat actors linked to Iran have been using cyber reconnaissance to support real world missile operations. In addition to these global concerns, new research indicates unprecedented coordination between Russian and North Korean linked hacking groups. Together, these developments highlight a rapidly evolving threat landscape where geopolitical tensions increasingly play out through coordinated cyber operations.


Eye-level view of a computer screen showing cyber attack simulation
Cyber attack simulation on a computer screen

China Linked Hackers Escalates Cyber Operations Against Taiwan


A threat actor known as APT24, also called Pitty Tiger, has been reported by researchers at the Google Threat Intelligence Group to have pivoted to using more sophisticated vectors while targeting organizations in Taiwan. They have been executing supply chain attacks, watering hole attacks (legitimate websites that have been infected by the group), along with targeted phishing campaigns. They have targeted industries such as government, healthcare, construction, engineering, mining, non-profit, and telecommunications in the U.S. and Taiwan. 


The group has been using a new malware called BADAUDIO that plays a central role in these attacks. It disguises itself as something seemingly harmless, like a fake Google Chrome update, and once downloaded, it connects back to a server controlled by the attacker. That connection allows them to download an encrypted tool on the device, which can be run on the victim’s machine, giving the attacker a foothold to expand their access over time.


Researchers say that BADAUDIO has been used by APT24 since late 2022 and has been deployed through more than 20 compromised websites. The group also breached a Taiwanese digital marketing firm, which allowed them to inject malicious code into a widely used script and silently spread it to over 1,000 websites in a large supply chain attack. Since 2024, they have also carried out targeted phishing campaigns using emails themed around an animal rescue organization, delivering encrypted archives through services like Google Drive or OneDrive to trick victims into unknowingly installing the malware. Access the full article here.

Compromised JS supply chain attack to deliver BADAUDIO malware
Compromised JS supply chain attack to deliver BADAUDIO malware

Iran Linked Hackers Used Cyber Recon to Aid Real World Missile Strike

Iran linked hackers are reportedly increasing their use of cyber operations to support real world military attacks. This is in a trend that Amazon describes as cyber-enabled kinetic targeting. They are using cyber reconnaissance to gather precise information that can be used in missile strikes or other kinetic operations.


One group called Imperial Kitten has spent more than two years probing maritime systems, including attempts to gain unauthorized access to a ship’s AIS tracking data and to access its onboard CCTV cameras. Days after hackers searched for the AIS location data of this specific vessel, it was targeted in an unsuccessful missile strike attributed to the Iranian-backed Houthi militants.


Another  group called MuddyWater used a compromised server to access live CCTV feeds in Jerusalem ahead of Iranian missile attacks on the city. These examples show how cyber espionage is being used as an enabler for physical attacks, blurring the lines between cyber warfare and kinetic warfare.

Access the full article here.


Researchers Warn Russia and North Korea Are Coordinating Cyber Operations


Researchers have identified what appears to be unprecedented cooperation between Russian and North Korean linked hacking groups. Cybersecurity firm Gen Digital found that Russia’s Gamaredon group and North Korea’s Lazarus group were using overlapping tactics and shared infrastructure, including the same servers and even related malware programs. This is a level of coordination experts say has never been seen between the two threat actors.

Researchers note that one group may be imitating the other, but the findings indicate likely resource sharing and possible direct cooperation. The discovery comes amid deepening military and political ties between Russia and North Korea, including reports that North Korean troops and drone operators have supported Russia’s war efforts in Ukraine.

Access the full article here. Access the full article here.



High angle view of a digital map showing cyber threat connections between countries
Digital map illustrating cyber threat connections between Russia, North Korea, and other countries

Yisda Takeaways


Recent events highlight significant shifts in the global threat landscape, including persistent long-term campaigns, increased targeting of critical infrastructure and other high risk industries, and a rise in cyber operations being used to support physical mission objectives. The activity from Chinese and Iranian linked hacking groups, and the emerging coordination between Russian and North Korean threat actors all reinforce a clear trend. State backed campaigns are becoming more aggressive, more frequent, and more interconnected. As adversaries expand their capabilities and combine cyber espionage with geopolitical objectives, it is increasingly important for organizations to strengthen their cyber defenses through continuous monitoring, strict access controls, secure remote access built on zero trust principles, and improved visibility across their supply chains.


Comments

bottom of page