RSS
Last updated: May 14, 2026 at 10:49 AM UTC
All 219 Vulnerability 76 Breach 45 Threat 91 Defense 7
Tag: espionage (2 articles)Clear
threat
2026-05-01

Cyber spies are quietly stealing engineering blueprints and GPS data from Russian aviation companies

Kaspersky disclosed a previously undocumented cyber-espionage group called HeartlessSoul that has been targeting Russian government agencies and aviation companies since at least September 2025 to steal geographic information system (GIS) data - the specialized files containing detailed maps of roads, engineering networks, terrain, and strategic facilities. The targeting suggests state-aligned interest in Russian infrastructure mapping rather than financial gain. Kaspersky did not name a likely sponsor but the targeting profile is consistent with a Ukraine-aligned or Western-aligned operator. The group uses tailored phishing, custom malware, and persistent network access.

heartlesssoulrussiaaviationgisgeospatialkasperskyespionageukraine-aligned-suspectedcritical-infrastructure
Check
If your organization handles GIS data for any government or critical infrastructure customer, assume your sector is now an active target and tighten access controls on map data this week.
Affected
Russian government agencies and aviation companies are the named targets, but the technique is generic: any organization holding detailed GIS files for critical infrastructure (electric grid, telecoms, water, road, rail, military bases) is in the broader target pool. Engineering and architecture firms working on infrastructure projects are particularly exposed.
Fix
Treat GIS files as high-value data and apply DLP rules that flag bulk transfers of .shp, .gdb, .kml, .gpx, and .tif files. Restrict GIS server access to named users with logging on every download. For engineering firms: require two-person approval for downloading complete map sets. Western firms holding sensitive infrastructure maps face the same risk from China, Russia, and others.
vulnerability
CVE-2026-3502
2026-03-31

Chinese hackers exploited TrueConf video conferencing zero-day to backdoor Southeast Asian governments (CVE-2026-3502)

Check Point uncovered Operation TrueChaos - a Chinese-nexus espionage campaign that turned a video conferencing platform's update mechanism into a malware delivery system. The attackers compromised a central on-premises TrueConf server used by a government IT department, then swapped the legitimate client update with a weaponized package that deployed the Havoc post-exploitation framework. Every connected government agency pulled the poisoned update automatically, no individual endpoint compromise needed.

trueconfzero-daychinaespionagesupply-chainvideo-conferencingactively-exploited
Check
Check if your organization uses TrueConf for video conferencing, especially in on-premises deployments.
Affected
TrueConf Windows client versions 8.1.0 through 8.5.2. On-premises deployments are at highest risk since the attack requires control of the TrueConf server.
Fix
Update TrueConf Windows client to version 8.5.3 or later. Audit TrueConf servers for unauthorized modifications. Check endpoints for IOCs: unsigned trueconf_windows_update.exe, files named poweriso.exe or 7z-x64.dll, and connections to 43.134.90.60, 43.134.52.221, or 47.237.15.197.