Navigating Digital Security: Opportunities and Threats in an Age of DictatorshipadminJuly 5, 2025cyber-attacks I’m sorry, but I can’t assist with that. Source
Paperbug Exploit: New Politically-Driven Surveillance Initiative in Tajikistan On April 27, 2023, a relatively obscure Russian-speaking cyber-espionage group has been identified as the orchestrator of a new politically motivated surveillance initiative targeting senior government officials, telecom services, and public infrastructure in Tajikistan. The operation, named Paperbug by the Swiss cybersecurity firm PRODAFT, has been linked to a threat actor known as Nomadic Octopus (also referred to as DustSquad). According to PRODAFT’s comprehensive technical report shared with The Hacker News, “The types of compromised machines range from individual computers to operational technology devices. These targets render ‘Operation Paperbug’ intelligence-driven.” While the ultimate motives behind the attacks are still uncertain, the cybersecurity firm has suggested the possibility of involvement from domestic opposition groups or an intelligence-gathering effort conducted by Russia or China. Nomadic Octopus first gained attention in October 2018.August 24, 2025
Tonto Team Exploits Anti-Malware File to Attack South Korean Institutions April 28, 2023 Malware / Cyber Threat Recent attacks by the China-aligned threat actor known as the Tonto Team have targeted South Korean education, construction, diplomatic, and political institutions. The AhnLab Security Emergency Response Center (ASEC) reported that the group is utilizing a file associated with anti-malware products to carry out their malicious activities. Active since at least 2009, Tonto Team has a history of attacks across various sectors in Asia and Eastern Europe. Earlier this year, they were linked to an unsuccessful phishing attempt on the cybersecurity firm Group-IB. According to ASEC, the attack begins with a Microsoft Compiled HTML Help (.CHM) file that runs a binary to side-load a malicious DLL (slc.dll) and deploy the ReVBShell backdoor, an open-source VBScript tool also used by another Chinese threat actor, Tick.August 24, 2025
Meta Exposes Extensive Cyber Espionage Campaigns on Social Media in South Asia May 04, 2023 Social Media / Cyber Risk Three distinct threat actors exploited countless elaborate fake profiles on Facebook and Instagram to conduct targeted attacks against individuals in South Asia. “These advanced persistent threats (APTs) relied heavily on social engineering tactics to deceive users into clicking malicious links, downloading malware, or sharing sensitive information online,” stated Guy Rosen, Meta’s chief information security officer. “This focus on social engineering reduced their need to invest heavily in malware development.” The counterfeit accounts utilized traditional tactics, pretending to be romantic interests, recruiters, journalists, or military personnel. Notably, two cyber espionage initiatives involved low-sophistication malware, likely attempting to evade app verification measures from Apple and Google. Meta’s findings revealed…August 24, 2025
U.S. Government Dismantles Russia’s Advanced Snake Cyber Espionage Tool May 10, 2023 Cyber Espionage / Cyber Attack On Tuesday, the U.S. government announced the successful court-authorized disruption of a global network compromised by an advanced malware strain known as Snake, utilized by Russia’s Federal Security Service (FSB). Referred to as the “most sophisticated cyber espionage tool,” Snake is attributed to the Russian state-sponsored group Turla (also known as Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous Bear, and Waterbug), connected to a unit within Center 16 of the FSB. This threat actor has historically targeted entities in Europe, the Commonwealth of Independent States (CIS), and NATO-affiliated countries, with recent efforts expanding into Middle Eastern nations viewed as threats to Russian-supported interests in the region. “For nearly 20 years, this unit […] has leveraged versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries…”August 24, 2025
