Cybersecurity

Cyber: State Actor Targets 155 Countries In 'shadow Campaigns' Espionage Op

2026-02-07 0 views admin
Cyber: State Actor Targets 155 Countries In 'shadow Campaigns' Espionage Op

A state-sponsored threat group has compromised dozens of networks of government and critical infrastructure entities in 37 countries in global-scale operations dubbed 'Shadow Campaigns'.

Between November and December last year, the actor also engaged in reconnaissance activity targeting government entities connected to 155 countries.

According to Palo Alto Networks’ Unit 42 division, the group has been active since at least January 2024, and there is high confidence that it operates from Asia. Until definitive attribution is possible, the researchers track the actor as TGR-STA-1030/UNC6619.

'Shadow Campaigns' activity focuses primarily on government ministries, law enforcement, border control, finance, trade, energy, mining, immigration, and diplomatic agencies.

Unit 42 researchers confirmed that the attacks successfully compromised at least 70 government and critical infrastructure organizations across 37 countries.

This includes organizations engaged in trade policy, geopolitical issues, and elections in the Americas; ministries and parliaments across multiple European states; the Treasury Department in Australia; and government and critical infrastructure in Taiwan.

The list of countries with targeted or compromised organizations is extensive and focused on certain regions with particular timing that appears to have been driven by specific events.

The researchers say that during the U.S. government shutdown in October 2025, the threat actor showed increased interest in scanning entities across North, Central and South America (Brazil, Canada, Dominican Republic, Guatemala, Honduras, Jamaica, Mexico, Panama, and Trinidad and Tobago).

Significant reconnaissance activity was discovered against "at least 200 IP addresses hosting Government of Honduras infrastructure" just 30 days before the national election, as both candidates indicated willingness to restore diplomatic ties with Taiwan.

Unit 42 assesses that the threat group compromised the following entities:

Source: BleepingComputer

🏷️ Tags

attackthreat

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views