"China-nexus cyberespionage dominates in volume, often exploiting edge devices and zero-days for long-dwell intrusions into aerospace and defense entities. Groups conducting such operations include UNC4841, UNC3886 (blamed for the recent Singapore telecom attacks), and UNC5221. Russian actors such as APT44 (Sandworm), UNC5125, and UNC5792 have targeted Ukraine and other countries, focusing on battlefield-adjacent technologies such as drones. GTIG has highlighted that one threat group linked to Russia's intelligence services has been using LLMs to overcome certain technical limitations."
"'Through prompting, they conduct reconnaissance, create lures for social engineering, and seek answers to basic technical questions for post-compromise activity and C2 infrastructure setup,' GTIG explained in its report. North Korea-linked groups blend espionage with revenue generation through IT worker infiltration schemes at defense firms. Google has described attacks conducted by APT45 against defense, automotive manufacturing, and semiconductor companies in South Korea; APT43 attacks impersonating defense entities in the US and Germany;"
Hacktivists, state-sponsored threat actors, and profit-driven cybercrime groups increasingly target the defense industrial base, including contractors, suppliers, and personnel supporting military capabilities. China-linked cyberespionage accounts for high-volume intrusions, exploiting edge devices and zero-days for long-dwell access against aerospace and defense entities. Russian-linked groups target battlefield-adjacent technologies such as drones and are using large language models to overcome technical limitations and automate reconnaissance, lure creation, and C2 planning. North Korea-linked actors combine espionage with revenue generation via IT worker infiltration schemes. Ransomware and chatbot-assisted OSINT also appear in campaigns against manufacturing and defense sectors.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]