Finnish intelligence warns of persistent cyber espionage from Russia, China
(Alexander Martin – The Record) Finland’s intelligence service warned that Russia and China continue to conduct extensive cyberespionage and influence operations targeting the country’s technology sector, research institutions and government, according to a new national security assessment released Tuesday. The Finnish Security and Intelligence Service (SUPO), which is responsible for foreign intelligence as well as domestic counterintelligence, was last year reorganized to “enhance information gathering.” In a major assessment following that reorganization, SUPO warned that foreign intelligence activity targeting Finland was widespread, combining cyberintrusions, traditional espionage and political influence campaigns aimed at gathering sensitive information and shaping decision-making. “The principal threat to Finland arises from the sustained operations of Russian and Chinese intelligence services in various sectors of Finnish society,” the agency stated. – https://therecord.media/finnish-intel-warns-espionage-china-russia
Russian military hackers revive advanced malware to spy on Ukraine, researchers say
(Daryna Antoniuk – The Record) Russian state hacker group APT28 has revived a sophisticated cyber-espionage toolkit to spy on Ukrainian targets, including military personnel, according to a report published Tuesday by cybersecurity firm ESET. ESET said the group’s advanced development team has reemerged since April 2024 with a renewed arsenal built around two implants known as BeardShell and Covenant, often deployed together in espionage campaigns. – https://therecord.media/russia-apt-28-revives-malware-to-spy-on-ukraine
Ericsson US confirms breach after third-party provider attack
(Pierluigi Paganini – Security Affairs) Ericsson Inc., the U.S. branch of the Swedish telecom giant, disclosed a data breach after a service provider was hacked. The attack compromised the personal information of an unspecified number of employees and customers. “On April 28, 2025, our service provider became aware of a suspicious event that may have involved potential unauthorized access to certain data on their system. It promptly initiated an investigation with the assistance of external cybersecurity specialists.” reads the data breach notification letter shared with the California Attorney General. “It also notified the Federal Bureau of Investigation and implemented measures to enhance security and minimize the risk of a similar incident occurring in the future.” – https://securityaffairs.com/189197/data-breach/ericsson-us-confirms-breach-after-third-party-provider-attack.html
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platfor
(Pierluigi Paganini – Security Affairs) The joint effort, led by Microsoft, Europol, and industry partners, aimed to target the infrastructure of Tycoon 2FA phishing-as-a-service platform responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By mid‑2025, the service accounted for approximately 62 percent of all phishing attempts Microsoft blocked, including more than 30 million emails in a single month. That placed Tycoon2FA among the largest phishing operations globally. Despite extensive defenses, the service is linked to an estimated 96,000 distinct phishing victims worldwide since 2023, including more than 55,000 Microsoft customers. – https://securityaffairs.com/189205/cyber-crime/law-enforcement-disrupted-tycoon-2fa-phishing-as-a-service-platform.html
ShinyHunters Targets Hundreds of Websites in New Salesforce Campaign
(Phil Muncaster – Infosecurity Magazine) Salesforce has urged Experience Cloud customers to audit their website configurations after reports that a notorious threat group has already stolen data from hundreds of companies. The SaaS giant said that it had been tracking an increase in threat actor activity targeting misconfigurations of publicly accessible sites built using its Experience Cloud platform. “Specifically, we have identified a campaign in which malicious actors are exploiting customers’ overly permissive Experience Cloud guest user configurations to potentially access more data than targeted organizations intended,” it explained. – https://www.infosecurity-magazine.com/news/shinyhunters-hundreds-websites/
