The Trump administration is directing employees at the U.S. Department of Agriculture to investigate foreign scientists who collaborate with the agency on research papers for evidence of “subversive or criminal activity.”

read more

With $800 of off-the-shelf equipment and months worth of patience, a team of U.S. computer scientists set out to find out how well geostationary satellite communications are encrypted. And what they found was shocking. 

read more

“I would never wish death upon anyone, but I have read some obituaries with great satisfaction.” - Winston Churchill

OPINION -- I associate myself with at least the latter part of that quote from Winston Churchill with regard to Aldrich Ames. To my knowledge, I met Ames on only one occasion. It was during a cocktail party in 1989 or 1990 when he oversaw the CIA operations group responsible for what was then Czechoslovakia. I have no clear recollection of that event, but I was later told that fellow traitor Robert Hanssen was also in attendance. If so, to paraphrase Shakespeare: ‘Hell was empty and the devils were there’.

While I can recall little about meeting Ames at that party, my colleagues and I lived – and still live – with the consequences of his betrayal. The loss of an agent is a very personal thing for those responsible for securely handling him or her. I saw that impact up close early on in my career.

Toward the end of my training as an operations officer in late 1982, I was summoned to the office of the then-chief of Soviet Division (SE). In that era, a summons to a meeting with any Division Chief - much less the head of what was then the most secretive operational component – could be unnerving for any junior officer. The initial moments of my appointment with then-C/SE, Dave Forden, were appropriately unsettling. He began by asking me whether I had stolen anything lately. Having never purloined anything ever, I was taken aback. After I answered no, he asked if I could pass a polygraph exam. Again surprised, I responded that I could the last time I took one. ‘Good’, Forden said, ‘you are coming to SE to replace Ed Howard in Moscow’. Howard, whom I had met during training, had been fired from CIA for a variety of offenses. He later defected to the USSR, betraying his knowledge of CIA operations and personnel to the KGB.

After completing training, I reported to SE Division. Shortly thereafter, I was told I would not be going to Moscow after all. Instead, I was informed, I would be going to Prague. Initially, I was a bit disappointed not to have a chance to test my skills against our principal adversary. In hindsight, however, that change in plan was fortuitous. While I could not know it at the time, my SE colleagues who went to Moscow would be there during the grim mid-1980’s period in which our agents were being rolled-up by the KGB. Many CIA officers involved with those cases would have to live for years thereafter wondering what had happened to their agents and whether anything they had done had contributed to their arrests and executions. My colleagues’ ordeals would only end with the revelation that one of our own was a spy.

But Ames was more than a spy. He was a killer. His career floundering and burdened by growing debt, Ames decided to solve his money problems by selling the identities of several low-level CIA agents to the KGB. Consequently, on April 16, 1985 he walked into the Soviet Embassy and passed on the following note: "I am Aldrich H. Ames and my job is branch chief of Soviet (CI) at the CIA. […] I need $50,000 and in exchange for the money, here is information about three agents we are developing in the Soviet Union right now.” He attached a page from SE Division's phone list, with his name underlined, to prove he was genuine. Within weeks, fearful that Soviet spy John Walker had been fingered by a CIA agent within the KGB, and worried that he might likewise be exposed, Ames decided to comprise all of the CIA and FBI Soviet sources he knew of. “My scam,” he later said, “was supposed to be a one-time hit. I was just going to get the fifty thousand dollars and be done with it, but now I started to panic.”

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Accordingly, on June 13, 1985, Ames passed the Soviets what he called “the Big Dump.” That tranche of documents contained the identities of at least 11 CIA agents. Brave men who had risked all in deciding to serve freedom’s cause, many of them would be arrested, interrogated and ultimately executed.

Ames’s rationalization of this act says everything about the kind of man he was. “All of the people whose names were on my list knew the risks they were taking when they began spying for the CIA and FBI,” he said, before adding that, "They knew they were risking prison or death.”

He would repeatedly seek to justify his actions by claiming that his espionage for the USSR was morally equivalent to what Western services had long done against their adversaries. Oleg Gordievsky, a British spy within the KGB and one of the few agents betrayed by Ames who escaped, rightly rejected any such equivalency. "I knew,” he said, that “the people I identified would be arrested and put in prison. Ames knew the people he identified would be arrested and shot. That is one of the differences between us.”

Sentenced to prison, Ames would spend almost 32 years of his life behind bars. I like to think that punishment was worse than death. One hopes he whiled away hours in his cell thinking of what he’d done and the lives he took. He expressed contrition during the plea bargain and sentencing process to ensure leniency for his wife, Rosario, saying, for example, that, "No punishment by this court can balance or ease the profound shame and guilt I bear."

But I very much doubt the sincerity of such statements because he showed no signs of having a troubled conscience thereafter. Instead, in statements while incarcerated, Ames was at pains to give his actions a veneer of ideological justification. "I had,” he said, “come to believe that the espionage business, as carried out by the CIA and a few other American agencies, was and is a self-serving sham, carried out by careerist bureaucrats who have managed to deceive several generations of American policy makers and the public about both the necessity and the value of their work.”

“There is an actuarial certainty that there are other spies in U.S. national security agencies and there always will be.” That statement by former CIA Chief of Counterintelligence Paul Redmond in the wake of the Ames and Hanssen cases reflects a grim reality of the intelligence profession.

Nonetheless, when I joined CIA, it was accepted wisdom that the Agency had never had, and could never have, a spy in its ranks. With the benefit of hindsight, it is hard to understand how such a naïve conviction could have taken hold given the repeated penetration of our predecessor organization, the Office of Strategic Services (OSS), and our British counterparts by Soviet intelligence. “There will,” as CIA Chief of CI James J. Angleton said, “always be penetrations…it is a way of life. It should never be thought of as an aberration. Anyone who gets flustered is in the wrong business.”

Perhaps the downplaying of such a possibility was a natural reaction to the overreach of Angleton himself with his ‘HONETOL’ spy hunts which hindered the Agency’s ability to mount operations against the Soviets for years at the height of the Cold War. It was certainly a reflection of institutional arrogance.

Whatever the reason, the idea that a foreign intelligence service could recruit a serving CIA officer as a spy was inconceivable to many. That mindset makes the accomplishment of Redmond and the Agency team led by Jeanne Vertefeuille, concluding that reporting from a Soviet mole – ultimately determined to be CIA officer Aldrich Ames – was the cause of the losses, all the more remarkable.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

The years-long hunt for the agent the KGB called “KOLOKOL” (‘Bell’) ended on February 21, 1994 with the arrest of Ames by the FBI. The assessment of the damage that Ames had inflicted on U.S. national security in exchange for some $2.5 million from Moscow was, not surprisingly, extensive. Even in the analogue era, he was able to pass along voluminous documentary and oral reporting to Moscow. This included reporting on his own debriefing of Vitaliy Yurchenko, who defected briefly to U.S. before returning to the USSR.

But it was the review of Ames’s role in compromising our courageous agents that struck home with us. Their sacrifice is commemorated by the CIA ‘Fallen Agent Memorial’ and other memorials within Agency spaces. And one hopes that someday the Russian people, too, will come to realize that Military/Technical researcher Adolf G. Tolkachev (GTVANQUISH); KGB Line PR officer Vladimir M. Piguzov (GTJOGGER); KGB Line PR officer Leonid G. Poleschuk (GTWEIGH); GRU officer Vladimir M. Vasilyev (GTACCORD); GRU officer Gennadiy A. Smetanin (GTMILLION); KGB Line X officer Valeriy F. Martynov (GTGENTILE); KGB Active Measures specialist Sergey M. Motorin (GTGAUZE); KGB Illegals Support officer Gennadiy G. Varenik (GTFITNESS); KGB Second Chief Directorate officer Sergey Vorontsov (GTCOWL); and the highest-ranking spy run by the U.S. against the USSR; GRU General Dmitry F. Polyakov (TOPHAT, BOURBON and ROAM); sacrificed everything for them and for their country.

“The life of the dead,” Marcus Tullius Cicero wrote, “is placed in the memory of the living.” For my part, I will remember Ames as the base traitor he was and the men he killed as the heroes they were.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

A sophisticated phishing campaign impersonating WhatsApp Web uses fake meeting links and QR codes to hijack accounts and enable real-time surveillance.

The post This WhatsApp Link Can Hand Over Your Account in Seconds appeared first on TechRepublic.

A sophisticated phishing campaign impersonating WhatsApp Web uses fake meeting links and QR codes to hijack accounts and enable real-time surveillance.

The post This WhatsApp Link Can Hand Over Your Account in Seconds appeared first on TechRepublic.

DEEP DIVE — Federal prosecutors in Texas, in December, unsealed charges and related details exposing a sprawling scheme that quietly siphoned some of America’s most powerful artificial intelligence chips into China.

According to court filings, a Houston businessman and his company orchestrated a $160 million smuggling operation that moved thousands of NVIDIA’s top-tier processors overseas, evading U.S. export controls through falsified shipping records and shell transactions.

Hao Global and its founder, Alan Hao Hsu, pleaded guilty on October 10, 2025, to participating in smuggling and unlawful export activities, including knowingly exporting and attempting to export at least $160 million in Nvidia H100 and H200 GPUs between October 2024 and May 2025. Investigators say the operation was funded by more than $50 million in wire transfers originating from China, and the U.S. has seized over $50 million in Nvidia hardware and cash as part of the broader investigation, with the seizures tied to the overall network, not solely this defendant’s operation.

The operation reveals a broader strategy: if you can’t build it, take it. With a blend of state-run espionage and corporate infiltration, China has turned technology acquisition into an art form. Their ‘all-of-the-above’ approach has allowed their AI sector to grow even as export bans tighten. By sourcing the hardware from elsewhere, Beijing has made the lack of domestic chip manufacture moot.

The Corporate Insider Pipeline

The same month that prosecutors announced the NVIDIA chip smuggling charges, the Department of Justice filed a superseding indictment against Linwei Ding, a former Google software engineer accused of stealing over 1,000 confidential files containing trade secrets related to Google’s AI infrastructure. According to the indictment, Ding uploaded the files to his personal cloud account between May 2022 and May 2023 while secretly working for two China-based technology companies.

It is believed that the stolen materials included detailed specifications of Google’s Tensor Processing Unit chips and Graphics Processing Unit systems, as well as the software platform that orchestrates thousands of chips into supercomputers used to train cutting-edge AI models.

Ding allegedly circulated presentations to employees of his Chinese startup, citing national policies encouraging domestic AI development, and applied to a Shanghai-based talent program, stating that his company’s product “will help China to have computing power infrastructure capabilities that are on par with the international level.”

Within weeks of beginning the theft, Ding was offered a chief technology officer position at Beijing Rongshu Lianzhi Technology with a monthly salary of approximately $14,800 plus bonuses and stock. He traveled to China to raise capital and was publicly announced as CTO. A year later, he founded his own AI startup, Zhisuan, focused on training large AI models. Ding never disclosed either affiliation to Google.

After Google detected unauthorized uploads in December 2023, Ding vowed to save the files as evidence of his work. Nonetheless, he resigned a week later after booking a one-way ticket to Beijing. Security footage revealed that another employee had been scanning Ding’s access badge to give the appearance that he was working there during extended trips to China. Ding faces up to 175 years in prison on 14 counts: economic espionage and theft of trade secrets.

Ding has pleaded not guilty to the charges on multiple occasions. He entered a not guilty plea in March 2024 to the original four counts of trade secret theft, and again pleaded not guilty through his attorney, Grant Fondo, in September 2025 to the expanded superseding charges — including seven counts each of economic espionage and trade secret theft. Fondo has actively represented Ding in court proceedings, including a successful June 2025 motion to suppress certain post-arrest statements due to alleged Miranda violations, though no extensive public explanatory statements from the attorney or Ding appear beyond these court actions and pleas.

The federal trial in San Francisco began in early January 2026, with jury selection reported around January 8, and Ding remains presumed innocent until proven guilty.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

AI-Powered Cyber Espionage at Scale.

The threat escalated dramatically in September 2025 when Anthropic detected what it describes as the first fully automated cyberattack using artificial intelligence to breach corporate networks. Chinese state-sponsored hackers conducted the campaign, which Anthropic assessed with high confidence, targeted approximately 30 organizations, including technology firms, financial institutions, chemical manufacturers, and government agencies.

The attackers manipulated Anthropic’s Claude Code tool into executing 80 to 90 percent of the operation autonomously. Claude’s safety guardrails were bypassed by jailbreaking the system, disguising malicious tasks as routine cybersecurity tests, and breaking attacks into small, seemingly innocent steps that conceal their broader objectives. Once compromised, the AI system independently conducted reconnaissance, identified valuable databases, wrote custom exploit code, harvested credentials, created backdoors, and exfiltrated data with minimal human supervision.

“The AI made thousands of requests per second—an attack speed that would have been, for human hackers, simply impossible to match,” Anthropic stated in its analysis.

“This case is a huge concern for other companies that have almost fully adopted AI in their business operations,” JP Castellanos, Director of Threat Intelligence at Binary Defense, tells The Cipher Brief. “Instead of just using AI to draft phishing emails or assist human hackers, the perpetrators gave Claude direct instructions to carry out multi-stage operations on its own.”

The implications extend far beyond technical sophistication.

“An AI operator doesn’t have to sleep or take breaks moving at machine speed; the agent can do the work of dozens or more hackers, tirelessly and even without error, launching constant attacks that even human defenders would struggle to monitor, let alone counter,” Castellanos explained.

Chief Geopolitical Officer at Insight Forward, Treston Wheat, also noted the operational tempo represents a fundamental shift.

“AI-enabled operations can run reconnaissance, exploitation attempts, credential harvesting, lateral movement playbooks, and exfiltration workflows in parallel, iterating rapidly across targets,” he tells The Cipher Brief.

This shift not only changes how operations are conducted but also reveals the hidden supply chains that enable them.

DeepSeek’s Smuggled Silicon

In early 2025, it became impossible to ignore the connection between black-market chips and stolen IP. It was then that DeepSeek dropped the R1 model, claiming it could compete with OpenAI’s o1, but for significantly less. This, however, immediately set off alarm bells: How does a company hamstrung by U.S. sanctions move that fast without some serious ‘outside’ help?

Reports from The Information in December 2025 revealed that DeepSeek is training its next-generation model using thousands of NVIDIA’s advanced Blackwell chips — processors specifically banned from export to China. The smuggling operation reportedly involves purchasing servers for phantom data centers in Southeast Asia, where Blackwell sales remain legal. After inspection and certification, smugglers allegedly dismantle entire data centers rack by rack, shipping GPU servers in suitcases across borders into mainland China, where the chips are reassembled.

NVIDIA disputed the reports, stating it had seen “no substantiation or received tips of ‘phantom data centers’ constructed to deceive us and our OEM partners” while acknowledging the company pursues any tip it receives. The chipmaker is developing digital tracking features to verify chip locations, a tacit acknowledgement that there are enough smuggling concerns to warrant technological solutions.

Castellanos described China’s strategy as deliberately dual-track.

“China has been very open to being the lead in AI and semiconductors and the need for self-reliance in core technologies,” he said. “But also, externally, China relies on partnering with overseas institutions, building on top of Western open-source technologies, and acquiring advanced technologies through illegal means, such as through theft, smuggling, and forced transfers.”

Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.

The FBI’s Losing Battle

Christopher Wray, the former FBI director, testified that the bureau oversees approximately 2,000 active investigations into Chinese espionage operations.

“Chinese hackers outnumber FBI cyber personnel by at least 50 to 1,” Wray testified before the House Appropriations Committee in 2023. “They’ve got a bigger hacking program than every other major nation combined and have stolen more of our personal and corporate data than all other nations—big or small—combined.”

That scale reflects a long-running strategy rather than a sudden surge.

“U.S. officials say China has long relied on a multi-pronged strategy to lie, to cheat and to steal their way to surpassing us as the global superpower in cyber,” he said. “It’s not just cyber intrusions, we are concerned about, but also human insiders stealing intellectual property. In the realm of AI, this can include insiders siphoning source code, research papers, or semiconductor designs for China.”

The Chinese approach exploits multiple vectors simultaneously, according to experts. The Ministry of State Security operates human intelligence networks. The People’s Liberation Army’s Strategic Support Force conducts offensive cyber operations.

The Thousand Talents Plan, for example, then offers Chinese researchers financial incentives to transfer proprietary information to American institutions. By investing in and partnering with ostensibly private companies, state-owned enterprises gain access to sensitive technologies.

Export Controls Lag Behind Reality

The export control regime designed to prevent China from accessing advanced chips has proven inadequate in the face of Beijing’s evasion tactics. The Commerce Department’s Bureau of Industry and Security has repeatedly updated restrictions, most recently imposing sweeping controls in October 2023 on AI chips and semiconductor manufacturing equipment.

The recent Texas case shed light on how these smugglers operate. There was more to it than simply shipping; they used crypto payments and paper-only shell companies to conceal the money trail. To pass customs, they even removed the Nvidia labels from the chips. By the time those processors reached China, they had been bounced through so many different countries that the original paper trail was basically gone.

“Export controls are not a complete solution to IP theft or technology diffusion. They are best understood as a time-buying and friction-imposing tool,” Wheat observed. “If the objective is to prevent all leakage, that is unrealistic; if the objective is to slow adversary capability development, shape supply chains, and increase acquisition cost and risk, they can be effective when paired with enforcement and complementary measures.”

The chip industry, analysts caution, is facing a structural nightmare. We’re restricting technology that’s already been stolen and studied. The $160 million operation out of Texas proved just how easy it is to game the system — they lied on customs forms hundreds of times over several months, and it still took nearly a year for authorities to notice anything was wrong.

Defending at Machine Speed

Security experts are calling this the most significant tech transfer in history, and it isn’t happening by accident. By stacking insider theft, cyberattacks, recruitment programs, and smuggling on top of each other, China has found a way to leapfrog ahead in AI. They don’t have the domestic factories to build high-end chips yet, so they’ve bypassed the need for ‘original’ innovation by taking what they need. It’s a massive operation that’s making traditional defense strategies look obsolete.

“The realistic U.S. approach is not to match China operator-for-operator. It is to win by asymmetry, such as scaling defense through automation, hardening the most valuable targets, and using public-private coordination to reduce attacker dwell time and increase attacker cost,” Wray said in his testimony.

Castellanos emphasized that defending against AI-enabled attacks requires matching the adversary’s capabilities.

“To have any hope to defend against this, we have to multiply effectiveness through automation and AI, so basically fight fire with fire,” he underscored. “Doing this requires significant investment, new skills, and perhaps most challenging, trust in autonomous defensive AI at a time when many organizations are still learning basic cyber hygiene.”

To prevent adversaries from acquiring sensitive technologies, the U.S. Government has, in recent years, implemented targeted responses, such as the Disruptive Technology Strike Force in 2023. Yet, even as FBI investigations increase and new indictments are filed, the fundamental challenge persists. Chinese intelligence services use unlimited resources, legal compulsion over Chinese nationals, and long-term strategic patience to operate in an open society with porous institutional boundaries.

“It’s a challenge for policy makers; a multi-layered response and defense in depth is needed to protect the US AI technology base better,” Castellanos added. “Harden insider threat programs, accelerate public and private intelligence sharing, modernize export controls and enforcement, increase the costs or impose costs for the offenders of these attacks and lastly innovate faster to ensure even if China steals today’s tech, the breakthrough is already in the pipeline for tomorrow.”

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

THE KREMLIN FILES / COLUMN — Ask any Russian intelligence officer about “naruzhka,” and you’ll see them nod knowingly. It’s the term for physical, trailing surveillance: watchers on the street who follow targets, track meetings, and report patterns. The Russians are experts at it, and they have been for centuries, dating back to the Tsarist Secret police, the Okhrana, and even further to Ivan the Terrible’s oprichniki, the brutal enforcers of his regime. Surveillance is a subject that dominates Russian society and Russian espionage, and it also dictates how Russian intelligence officers (RIOs) conduct counter-surveillance and surveillance detection. The Russian intelligence services (RIS) still lean heavily on surveillance as both a protective and offensive tool. Given such an all-compassing presence in Russian society, the term "surveillance" and its connotations in Russia are worth exploring to better understand Russia, its state, society, and our adversaries.

Russians have a saying, “the walls have ears,” and sometimes follow it with “and the streets have eyes.” Studying in Russia in the early 1990s as an exchange student, I was repeatedly warned by my friends with this expression. It was their way of telling our group of American students that no matter how welcome we felt— and Russians have some of the best hospitality in the world when you are welcomed by them— the state was still suspicious. We came to understand very quickly that there were minders among us: Russian students and professors who reported on us back to the FSB, the successor of the KGB.

Some of our group of students were even “soft-pitched.” For example, in one case, a fellow student with a military background was asked whether he would like to meet with the FSB to discuss how interesting the Russian internal security service was (not exactly a soft approach, really). These blunt and clumsy attempts went unanswered, but the point was clear: the state was not just watching; they were operationally targeting our group of future soldiers, researchers, academics, and in at least one case, a future CIA officer.

Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Anyone who has studied or lived in Russia over the past three decades no doubt has had similar experiences. But the bar of intimidation has risen dramatically in recent years. With dissidents, journalists, and even athletes targeted for intimidation, beatings, arrest, and even murder, there is no safe haven in Russia any longer for foreign citizens. They are used as targets to be entrapped for hostage exchanges with the West. The goal is to swap civilians for RIOs for the latter to escape their failings when arrested and convicted abroad.

Russians live in a state of constant fear, especially with the war in Ukraine, since opposition to the war, in any form, is now threatened by jail time. Anyone who may be a threat to the regime is subjected to overwhelming surveillance of their person, electronic communications, and contacts. The FSB has many resources at its disposal, including access to all ISPs and phone companies by law. In the early 2000s, the Russian Duma quietly passed laws giving the FSB access to all communication companies in Russia without the need for any warrants. It was the first step in creating their modern surveillance state and an early sign under Putin that democracy was dying.

Inside Russia, surveillance teams from the FSB number in the many thousands. Their origins lie in the old KGB 7th directorate. Still, their mission remains the same: monitor diplomats, suspected foreign intelligence officers, journalists, NGO workers, businesspeople, and ordinary Russians who cross the regime’s lines. The teams are, unfortunately, among the very best in the world at surveillance, given their long history of practice.

Surveillance schools in Leningrad (St. Petersburg), in particular, were known as the best in the Soviet Union during the Cold War. Young surveillance team members from the KGB, GRU, and other services of the Soviet Union were trained in the art of on-foot and vehicle surveillance, effective radio communications, and spotting intelligence tells of possible espionage operations. Today, it is no different. The FSB, in particular, devotes considerable resources to surveillance work in Moscow and across Russia in every major city of its vast surveillance apparatus. They are increasingly assisted by technology and a vast array of cameras across the country.

In Russia, all universities, think tanks, and defense contractors, have assigned security officers, what the Russians call an “OB,” who monitor the foreign contacts, make Russians report on their foreign friends, and even many of their Russian ones. The OB is usually an FSB officer, but if not, they are a cooptee of the service, reporting directly to a UFSB or a regional office across Russia. The OBs, in turn, enlist networks of agent-reporters who are only too eager to report on the travel, potential misdeeds, disloyalty to the regime, or other offenses of all those they monitor. Russia today has a network of informers to rival Stasi East Germany, Nazi Germany under the Gestapo, or any other despotic regime, including North Korea and China of today (both of whom, admittedly, may also contend for the gold and silver on despotic modern surveillance states, together with Russia).

The all-encompassing nature of the Russian surveillance state, which includes monitoring by city cameras (supplemented by drones now too), communications, and in-person surveillance, makes it clear that RIS surveillance is not confined to diplomats or foreigners suspected of intelligence affiliation. Academics, journalists, and corporate leaders can find themselves under observation or pressure when Moscow sees strategic value in them. Awareness of surveillance indicators—and how to respond—remains essential.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Unfortunately, for decades, Westerners traveling to Russia as academics, athletes, NGO workers, and others have been naïve on this score. The refrain is frequently that “I am no one of interest, they’ll leave me alone.” The RIS never did and never will. The pressure for the Russian services, in particular the FSB, to prove worthy of their giant bureaucracy and corrupt budget means they will manufacture spy cases when they can’t find real ones.

They map the routines of foreign officials, political or business leaders. Their goal is to decide if those targets are viable recruits, potentially, or targets for other operations, like extortion, “direct action,” or even assassination attempts in Russia and abroad. This leads to another underappreciated aspect of Russian intelligence and espionage that permeates their society: setups, tricks, and double-agent operations, which the Russians call “operational games.” (That will be the topic of a future “Kremlin Files” column in The Cipher Brief.)

On Russian surveillance, the warning remains clear, and the potential risks are stark. Unfortunately, for all the beauty to be found in Russian history, its cultural sites and heritage, and with their people, traveling to the Russian surveillance state under this corrupt and authoritarian regime holds incredible risk for foreigners, and even for Russian citizens themselves. It will not change until the RIS no longer has the dominant role in society. Laws and checks on power don’t exist in the Russian services. Surveillance, in fact, guides the functioning of the Russian state, and the streets continue to have eyes- everywhere.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Democratic countries have a smart-car problem. For those that don’t act quickly and decisively, it’s about to become a severe national security headache.

read more

The British government is investigating a “cyber incident” following news reports that hackers linked to China have gained access to thousands of confidential documents.

The post UK Government Acknowledges It Is Investigating Cyber Incident After Media Reports appeared first on SecurityWeek.

The hacking group has been using Group Policy to deploy cyberespionage tools on governmental networks.

The post Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments appeared first on SecurityWeek.

In the years following the September 11, 2001 attacks, a painful truth became unavoidable: the United States intelligence community entered the twenty-first century understaffed, undertrained, and culturally unprepared for the threats that ultimately materialized. Numerous post-incident investigations, including the 9/11 Commission Report, pointed to systemic shortfalls in language capacity, cultural expertise, and information-sharing structures.

read more

When the swap finally happened, Putin greeted Krasikov on the tarmac with a public embrace, an extraordinary display of presidential affection for a convicted murderer. Days later, the Kremlin confirmed his FSB status, praised his “service,” and even highlighted his past role as a presidential bodyguard. Putin’s message to his security services—and to the world—could not have been clearer: if you kill for Putin’s regime, the regime will protect you. Killing for the regime has always been a mission for Russia’s intelligence services (RIS).

State-directed murder was long embedded in the mission and culture of the RIS and their predecessors. The practice predates the Soviet Union, reaching back to the Czarist Okhrana, which routinely hunted down dissidents when exile to Siberia failed to silence them. After the 1905 revolution, Czar Nicholas II unleashed a wave of retributive assassinations that set a precedent for the violence institutionalized by the Cheka and later the KGB. He became known as “Bloody Nicholas.” The state security “organs” (as they are still known in Russia) elevated assassination into a professional craft, giving rise to the notorious phrase in Russian: vishaya mera nakazaniya — the highest measure of punishment. The term still carries its original meaning and dreaded connotation: death at the order of the state, whether by trial or extrajudicial killing.

There were many examples both at home and abroad for Soviet citizens to be afraid. Stalin’s plot to kill his arch-rival and fellow revolutionary, Leon Trotsky, was decades in the making and ended with an ice pick to Trotsky’s head while he was in Mexico City. His assassin, Ramon Mercader, was awarded the title Hero of the Soviet Union when he was released from prison and arrived back in the USSR.

Secret institutes like the infamous “Poison Factory,” known in the KGB as Laboratory 1 or “kamera” (for “the cell”), were set up during the early years of the Cold War to study chemical and biological agents that could be used to murder quietly. Laboratory 1 specialized in refining special toxins, like the ricin pellet the KGB provided to their Bulgarian allies, and used in the infamous assassination of Bulgarian dissident Georgi Markov on a London bridge in 1978.

Today is no different. Some assassinations are believed to be directly ordered by Putin in what the Russians call “direct action” (pryamoye deistviye, also known colloquially as mokroe delo, or wet work), while others are believed to be carried out with his implied approval. Poison factories continue to function inside of Russia. Today, the FSB uses a modern “kamera” which helped refine the nerve agent Novichok for use against the defector Sergei Skripal in the 2018 Salisbury UK attack. It was the same agent used against Russian Opposition leaders Alexei Navalny in a failed assassination attempt, prior to his death in a remote Russian prison, also likely wet work at the hands of the FSB.

Why does Putin let his Chekist assassins use such a well-known, state-only produced chemical weapon like Novichok to kill defectors or dissidents? The answer: because he wants the world to know the RIS were behind the attacks and that the tradition of the “highest measure” continues. Otherwise, he could certainly have his hitmen use a gun, ice pick, or other more deniable method. There is a track record now for decades, going back to the FSB defector Alexander Litvinenko and his death from polonium in the UK. The RIS will not hesitate to murder any intelligence or military defectors that the RIS can find and reach in the West. The lack of a formidable response from the UK and the U.S. to the Litvinenko poisoning only emboldened Putin and his henchmen (one of the assassins, Lugavoy, was praised so highly within Russia that he was eventually elected to the Russian duma).

Save your virtual seat now atThe Cyber Initiatives Group Winter Summit on December 10 from 1p – 4p ET for expert-led conversations on cyber, AI and the future of national security.

The Russian Record of Killing their Own: Disincentivizing Dissent

Putin and his RIS siloviki want all of their officers to know that the price for treason is death, and they don’t care what government may be offended or what international laws are broken. Otherwise, the incentive for those officers to betray Russia’s corrupt services and look to a better life for themselves and their families is too high. It matters not whether the execution is ordered by a secret court, or carried out on the street, the RIS consider it within their purview to decide how and when.

Two historical points illustrate this as practice within the RIS. For decades of the Cold War, and after, the rumor proliferated within the KGB and GRU that one or both of the first GRU spies to work for the United States, Pyotr Popov and Oleg Penkovskiy, were executed by being thrown into a furnace alive. Popov was uncovered and executed in 1960. Penkovskiy was arrested and executed in May 1963 after the vital role he played in providing intelligence to the United States during the Cuban Missile Crisis.

The practice during that time period, carried over from Stalin’s purges, was more likely a bullet to the back of the head up against a wall at the infamous Lubyanka prison. But the rumor, which was spread to the West by GRU defector Viktor Suvorov, was effective and garnered a lot of attention within the services; it still does. It was purposely spread, and taught, and continues to be, at the KGB Andropov Academy through the 1980s, now known as the modern SVR Foreign Service Academy (what they call the AVR). The same rumor is taught to officers at the GRU Military Diplomatic Academy. Defectors have confirmed for years that this rumor is whispered among classes at the academies, and as a warning against dissents—“you want to be thrown into a furnace alive, shut-up you idiot!” The very idea of being burned alive in a furnace is hard for young officers to forget.

There is another example from Cold War history that illustrates the same point. In 1985, the so-called “year of the spy,” while crypto-spy John Walker and his family ring were uncovered and arrested, CIA officer Ed Howard defected to Moscow, and many other espionage incidents took place. CIA traitor Rick Ames gave his “big dump” of classified holdings to the Soviets. Ames offered up roughly a dozen different U.S. cases to the Soviet services, including many penetrations of the KGB and GRU. Most of those assets were executed in short order, sending up a giant “CI flag” of counterintelligence warning to CIA/FBI and the entire U.S. intelligence community that something was amiss. A major mole hunt, which unfortunately took nine years, eventually led to Ames’ arrest. Ames himself commented after his arrest that he was astounded that the KGB/GRU had killed so many assets: why not keep them running as controlled cases, at least for a time, in order to protect him? It was an unprecedented, even reckless reaction.

Why did they do it?

The answer, as some senior Russian officers including former Line KR (kontrarazvedka or CI) Chief Viktor Cherkashin would later confirm (he wrote a book that was translated in the West) was that the Soviet services had no choice. The KGB and GRU had to take drastic steps to stop the flood of espionage and leaks in the Soviet services—too many traitors! An example had to be set.

Cherkashin would know since he ran both Ames and FBI spy Robert Hanssen when he served in the Washington D.C. Residency (station) of the KGB. Reportedly, the issue went to the highest ranks of the KGB/GRU and then on to the Central Committee of the Communist Party. For all their feared security prowess in the Soviet Union, the vaunted KGB had no idea that the CIA was running so many cases under their noses, literally, in Moscow and around the world. Since their own counterintelligence, the 2nd Chief Directorate of the KGB, had failed so miserably, the decision was made to execute them all (or nearly all, a previous few escaped death in the Gulag). There had to be a hard line drawn for the tens of thousands of other Soviet intelligence officers not to betray the regime - the highest measure would be the warning.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Murder by Order or Murder to Impress the Boss?

The FSB is no less of a counterintelligence failure than their KGB predecessors. They cannot turn the tide against the U.S., our intelligence services, and those of our allies. Instead they arrest innocent civilians like those used to barter for the 2024 swap. That is why Putin likely continues to order death to all intelligence defectors. That is why he will greet a killer like Krasikov at the airport in Moscow in front of the cameras. But Putin’s RIS don’t just kill defectors and Chechen separatists. The RIS were almost certainly behind many political hits in Russia like Navalny, Boris Nemtsov and many others “falling out of windows” from Putin’s own government in recent years. Here it is important to recall that under President Yeltsin, Russia abolished the death penalty. So what were once judicial executions, ordered by the state, have become extra-judicial killings in the Putin era. But for the RIS, there is no distinction.

There have been many assaults and killings of journalists like Anna Politkovskaya. The question often arises—does Putin know about and order all of these murders? Perhaps, but there may be something else at play as well, an effort to impress “the boss.” This could also explain some of the more reckless acts of sabotage playing out in Europe at the hands of the RIS. Mafia families work in the same way - they surprise the boss with new income streams or take out a threat to the family with a hit, to earn one’s “button” and become a “made man.”

Indeed, the RIS function within mob-like cultures, fostered by patronage relationships, and corruption at every level. Officers are encouraged to pay bribes up the chain of command, and frauds of all kinds at every level infect their services. Putin has no doubt told aspiring leaders in the SVR, GRU and especially the FSB, his favorite service, to surprise him with new and inventive operations meant to hit back against the West, particularly regarding Ukraine. This has led to a cascading series of actions by the RIS, including sabotage, exploding parcels, and, yet again, like earlier in their history, attempted assassinations. The most brazen plot uncovered so far was the GRU plot that was unraveled in Germany in 2024 to assassinate the CEO of Rheinmetall, a leading provider of arms to Ukraine. GRU unit 29155 is likely behind that plot, just as they were behind the Skripal attack, and others.

The RIS attack dogs in Putin’s services are simply continuing a tradition of state-directed violence. Yet in the West, we often hesitate to assign blame, waiting for courtroom-quality evidence. But the evidence is already written across decades of Russian intelligence tradecraft, and reinforced by independent investigations.

Open-source teams like Bellingcat have repeatedly identified the GRU and FSB officers behind some of Moscow’s most feral operations - from the Skripal poisoning in Salisbury to the attempted assassination of Alexei Navalny. Still, conclusive proof of Kremlin authorization often appears only when an insider defects with hard intelligence. Those who contemplate such a step know they will be protected and given a new life in the West. They also know the stakes, however, if caught.

The absence of courtroom proof in every case of murder, poisoning, or a fall from a window should not silence the West. Putin’s record speaks for itself. His regime has presided over the killings of journalists, opposition figures, exiles abroad, and tens of thousands of Ukrainian civilians. He operates as a modern bloody czar, no different in impulse from Nicholas II—ordering assassinations, reprisals, and revenge killings with impunity. And the pattern is escalating. It is only a matter of time before Russian intelligence pushes further, testing its reach against U.S. and allied targets. The warning signs are unmistakable. The question is no longer whether the threat exists, but what the West intends to do about it.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Last week, AI company Anthropic reported with ‘high confidence’ that a Chinese state-sponsored hacking group had weaponized Anthropic’s own AI tools to run a largely automated cyberattack on several technology firms and government agencies. According to the company, the September operation is the first publicly known case of an AI system conducting target reconnaissance with only minimal human direction.

read more

DEEP DIVE — From stolen military credentials to AI-generated personas seamlessly breaching critical infrastructure, digital identity fraud is rapidly escalating into a frontline national security threat. This sophisticated form of deception allows adversaries to bypass traditional defenses, making it an increasingly potent weapon.

The 2025 Identity Breach Report, published by AI-driven identity risk firm Constella Intelligence, reveals a staggering increase in the circulation of stolen credentials and synthetic identities. The findings warn that this invisible epidemic, meaning it's harder to detect than traditional malware, or it blends in with legitimate activity, is no longer just a commercial concern—it now poses a serious threat to U.S. national security.

“Identity verification is the foundation of virtually all security systems, digital and physical, and AI is making it easier than ever to undermine this process,” Mike Sexton, a Senior Policy Advisor for AI & Digital Technology at national think tank Third Way, tells The Cipher Brief. “AI makes it easier for attackers to simulate real voices or hack and steal private credentials at unprecedented scale. This is poised to exacerbate the cyberthreats the United States faces broadly, especially civilians, underscoring the danger of Donald Trump’s sweeping job cuts at the Cybersecurity and Infrastructure Security Agency.”

The Trump administration’s proposed Fiscal Year 2026 budget would eliminate 1,083 positions at CISA, reducing staffing by nearly 30 percent from roughly 3,732 roles to around 2,649.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

The Industrialization of Identity Theft

The Constella report, based on analysis of 80 billion breached records from 2016 to 2024, highlights a growing reliance on synthetic identities—fake personas created from both real and fabricated data. Once limited to financial scams, these identities are now being used for far more dangerous purposes, including espionage, infrastructure sabotage, and disinformation campaigns.

State-backed actors and criminal groups are increasingly using identity fraud to bypass traditional cybersecurity defenses. In one case, hackers used stolen administrator credentials at an energy sector company to silently monitor internal communications for more than a year, mapping both its digital and physical operations.

“In 2024, identity moved further into the crosshairs of cybercriminal operations,” the report states. “From mass-scale infostealer infections to the recycling of decade-old credentials, attackers are industrializing identity compromise with unprecedented efficiency and reach. This year’s data exposes a machine-scale identity threat economy, where automation and near-zero cost tactics turn identities into the enterprise’s most targeted assets.”

Dave Chronister, CEO of Parameter Security and a prominent ethical hacker, links the rise in identity-based threats to broader social changes.

“Many companies operate with teams that have never met face-to-face. Business is conducted over LinkedIn, decisions authorized via messaging apps, and meetings are held on Zoom instead of in physical conference rooms,” he tells The Cipher Brief. “This has created an environment where identities are increasingly accepted at face value, and that’s exactly what adversaries are exploiting.”

When Identities Become Weapons

This threat isn’t hypothetical. In early July, a breach by the China-linked hacking group Volt Typhoon exposed Army National Guard network diagrams and administrative credentials. U.S. officials confirmed the hackers used stolen credentials and “living off the land” techniques—relying on legitimate admin tools to avoid detection.

In the context of cybersecurity, “living off the land” refers to attackers (like the China-linked hacking group Volt Typhoon) don't bring their own malicious software or tools into a compromised network. Instead, they use the legitimate software, tools, and functionalities that are already present on the victim's systems and within their network.

“It’s far more difficult to detect a fake worker or the misuse of legitimate credentials than to flag malware on a network,” Chronister explained.

Unlike traditional identity theft, which hijacks existing identities, synthetic identity fraud creates entirely new ones using a blend of real and fake data—such as Social Security numbers from minors or the deceased. These identities can be used to obtain official documents, government benefits, or even access secure networks while posing as real people.

“Insider threats, whether fully synthetic or stolen identities, are among the most dangerous types of attacks an organization can face, because they grant adversaries unfettered access to sensitive information and systems,” Chronister continued.

Insider threats involve attacks that come from individuals with legitimate access, such as employees or fake identities posing as trusted users, making them harder to detect and often more damaging.

Constella reports these identities are 20 times harder to detect than traditional fraud. Once established with a digital history, a synthetic identity can even appear more trustworthy than a real person with limited online presence.

“GenAI tools now enable foreign actors to communicate in pitch-perfect English while adopting realistic personas. Deepfake technology makes it possible to create convincing visual identities from just a single photo,” Chronister said. “When used together, these technologies blur the line between real and fake in ways that legacy security models were never designed to address.”

Washington Lags Behind

U.S. officials acknowledge that the country remains underprepared. Multiple recent hearings and reports from the Department of Homeland Security and the House Homeland Security Committee have flagged digital identity as a growing national security vulnerability—driven by threats from China, transnational cybercrime groups, and the rise of synthetic identities.

The committee has urged urgent reforms, including mandatory quarterly “identity hygiene” audits for organizations managing critical infrastructure, modernized authentication protocols, and stronger public-private intelligence sharing.

Meanwhile, the Defense Intelligence Agency’s 2025 Global Threat Assessment warns:

“Advanced technology is also enabling foreign intelligence services to target our personnel and activities in new ways. The rapid pace of innovation will only accelerate in the coming years, continually generating means for our adversaries to threaten U.S. interests.”

An intelligence official not authorized to speak publicly told The Cipher Brief that identity manipulation will increasingly serve as a primary attack vector to exploit political divisions, hijack supply chains, or infiltrate democratic processes.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Private Sector on the Frontline

For now, much of the responsibility falls on private companies—especially those in banking, healthcare, and energy. According to Constella, nearly one in three breaches last year targeted sectors classified as critical infrastructure.

“It's never easy to replace a core technology, particularly in critical infrastructure sectors. That’s why these systems often stay in place for many years if not decades,” said Chronister.

Experts warn that reacting to threats after they’ve occurred is no longer sufficient. Companies must adopt proactive defenses, including constant identity verification, behavioral analytics, and zero-trust models that treat every user as untrusted by default.

However, technical upgrades aren’t enough. Sexton argues the United States needs a national digital identity framework that moves beyond outdated systems like Social Security numbers and weak passwords.

“The adherence to best-in-class identity management solutions is critical. In practice for the private sector, this means relying on trusted third parties like Google, Meta, Apple, and others for identity verification,” he explained. “For the U.S. government, these are systems like REAL ID, ID.me, and Login.gov. We must also be mindful that heavy reliance on these identity hubs creates concentration risk, making their security a critical national security chokepoint.”

Building a National Identity Defense

Some progress is underway. The federal Login.gov platform is expanding its fraud prevention capabilities, with plans to incorporate Mobile Driver’s Licenses and biometric logins by early 2026. But implementation remains limited in scale, and many agencies still rely on outdated systems that don’t support basic protections like multi-factor authentication.

“I would like to see the US government further develop and scale solutions like Login.gov and ID.me and then interoperate with credit agencies and law enforcement to respond to identity theft in real time,” Sexton said. “While securing those systems will always be a moving target, users’ data is ultimately safer in the hands of a well-resourced public entity than in those of private firms already struggling to defend their infrastructure.”

John Dwyer, Deputy CTO of Binary Defense and former Head of Research at IBM X-Force, agreed that a unified national system is needed.

“The United States needs a national digital identity framework—but one built with a balance of security, privacy, and interoperability,” Dwyer told The Cipher Brief. “As threat actors increasingly target digital identities to compromise critical infrastructure, the stakes for getting identity right have never been higher.”

He emphasized that any framework must be built on multi-factor authentication, phishing resistance, cryptographic proofs, and decentralized systems—not centralized databases.

“Public-private collaboration is crucial: government agencies can serve as trusted identity verification sources (e.g., DMV, passport authorities), while the private sector can drive innovation in delivery and authentication,” Dwyer added. “A governance board with cross-sector representation should oversee policy and trust models.”

Digital identities are no longer just a privacy concern—they’re weapons, vulnerabilities, and battlegrounds in 21st-century conflict. As foreign adversaries grow more sophisticated and U.S. defenses lag behind, the question is no longer if, but how fast America can respond.

The question now is whether the United States can shift fast enough to keep up.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

EXPERT PERSPECTIVE -- In the middle of the night, with no witnesses, a single ship flagged out of Hong Kong drags its anchor across the Baltic Sea. In silence, it severs a vital gas pipeline and the digital cables that link northern capitals. By morning, millions lose connectivity, financial transactions stall, and energy grids flicker on the edge.

The culprit vanishes behind flags of convenience, leaving blame circulating in diplomatic circles while Moscow and others look on, exploiting maritime ambiguity and the vulnerabilities of Europe's lifelines.

Meanwhile, in Warsaw and Vilnius, shoppers flee as flames engulf two of the largest city malls. Investigators soon discover the arsonists are teenagers recruited online, guided by encrypted messages, and paid by actors connected to hostile state agencies. The chaos sows fear, erodes social trust, and sends shockwaves through European communities—proxy sabotage that destabilizes societies while providing plausible deniability to those orchestrating the acts.

Thousands of kilometers away, Chinese dredgers and coast guard vessels silently transform disputed reefs into fortified islands in the South China Sea. With no declaration of war and no pitched battles, new airstrips and bases appear, steadily shifting maritime boundaries and economic interests. Each construction project redraws the strategic realities of an entire region, forcing neighbors and distant powers alike to reckon with incremental, shadowy coercion and efforts to change the status quo.

In early 2024, Chinese state-sponsored hackers, known as "Volt Typhoon," penetrated U.S data repositories and embedded themselves deep within the control systems of U.S. critical infrastructure, including communication networks, energy grids, and water treatment facilities.

Then-FBI Director Christopher Wray described it as a pre-positioning of capabilities by China that can be turned on whenever Beijing wanted - wreaking havoc and causing real-world harm to American citizens and communities. China has denied any connection to these attacks on U.S. sovereignty.

And just weeks ago, around 20 Russian drones violated Poland’s airspace. Russia’s denials were predictable and since then, Russian drones and jets have violated airspace in Romania, Estonia, and over the Baltic Sea.

Were these threats, tests of capability and resolve, provocations, or demonstrations—or maybe all of the above? Just as NATO will develop a set of lessons-learned for future incursions, it’s also likely that Russia learned from these episodes and will recalibrate future incursions.

Threaded almost invisibly through all of these gray zone activities, and countless others like them, is cognitive warfare—a persistent tool of our adversaries. It is an assault on cognition. The information and decision spaces are flooded with weaponized narratives, AI-powered disinformation, synthetic realities, and the coercive use of redlines and intimidation.

The goal is clear—deceive, change how we see the world, fracture societies, destroy faith in institutions and partnerships, erode trust, challenge and replace knowledge and belief, coerce and intimidate; and perhaps most importantly; undermine decision autonomy. It is here, in the crowded intersection of AI; cyber; traditional tools such as narratives and storytelling; and cognition; that today’s most urgent battles are fought.

These are all operations in the gray zone. We all use somewhat different terms for this, but let me share the definition of the gray zone that I think works well.

The gray zone is the geopolitical space between peace and war where adversaries work to advance their own national interests while attacking and undermining the interests of their adversaries and setting the conditions for a future war without triggering a military response.

We might refer to attacks in the gray zone as gray warfare. It is the domain of ambiguity, deniability, and incremental aggression calculated to limit deterrence and discourage persuasive response.

The 2026 Cipher Brief HONORS Awards are open for nominations. Find out more at www.cipherbriefhonors.com

Today, it is the space where global competition, particularly great power competition, is playing out.

Why are we seeing more gray zone activity today?

First, great power competition is intensifying. This includes great powers, middle powers, and impacts almost every other nation. Almost every nation has a role to play, even if involuntary: competitor, ally and supporter, enabler, spoiler, surrogate, or innocent bystander and victim. Like the African proverb says, “When elephants fight, it is the grass that suffers.”

But great powers will go to great lengths to avoid 21^st Century superpower conflict, primarily because of the fear of unintended losses and damage to national power that could take decades to recover. The catastrophic damage to nations and militaries from WWII are distant—but still vivid—reminders of the impact of a war of great powers.

Today, just look at the unprecedented loss of national power by Russia in indirect superpower conflict. Superpower conflict has consequences. Given these strategic considerations, the gray zone and gray warfare provide an effective strategic alternative to conventional war. Our adversaries have calculated that there are more gains than risks in the gray zone, and that any risks they do face are acceptable.

Second, technology levels the playing field, creating new opportunities for gray zone attacks. Cyberattacks, even those that are disrupted, lead to more effective cyber capabilities by our adversaries. AI-driven cognitive warfare now delivers persuasive content with unprecedented global access and immediacy. Small kinetic drones can be wielded by state and non-state actors to pose both kinetic and cognitive threats. Technology also enables adversaries to conceal their operations and increase non-attribution. Even simple technologies have the potential to generate strategic effects in the gray zone.

Third, surrogates and proxies offer expanded reach, ambiguity, and impact

Little Green Men, hired criminals, ghost ships, unknown assassins and saboteurs, and shadowy companies that help evade sanctions blur attribution, providing bad actors with a veneer of deniability while increasing their reach, impact, and lethality. On a broader scale, Houthi attacks on global shipping and North Korean soldiers fighting Ukraine elevate the effects of this ambiguous warfare to a higher level. This trend is likely to intensify in the future.

Fourth, it is important to address the direct impacts of Russia’s war on Ukraine on an increase in gray zone attacks. Russia’s significant loss of national power and limited battlefield gains have created pressure on the Kremlin to reassert relevance, project power, and potentially punish antagonists. This dynamic almost certainly means a continued escalation of gray zone activities targeting Europe and aimed at destabilizing the continent. Many experts believe the Baltics and the Balkans may be particularly vulnerable.

That Russian gray bullseye is crowded—the U.S. is also a traditional target, and more Russia activity to undermine and weaken the U.S. is coming, despite Putin’s offers of renewed diplomatic and economic cooperation.

Finally, there are more gray zone attacks because real deterrence and persuasive responses to gray attacks are challenging, and our adversaries know it. In other words, gray zone attacks in most cases are relatively low cost, often effective, provide a level of deniability, and frustrate efforts at deterrence and response.

Our adversaries have calculated that they can hide behind ambiguity and deniability to violate sovereignty, ignore national laws and international norms, and engage in activities such as political coercion, sabotage, and even assassinations without triggering an armed response.

This “no limits” approach exploits the openness, legal norms, and ethical standards of democratic societies, making coordinated, timely, and effective response more difficult.

So, what can we do?

The most important outcome of our actions is to change the risk calculation of our adversaries. Gray zone attacks that go unanswered reward our adversaries and reinforce the idea that there are more gains than risk in the gray zone and encourage more attacks. Further, our adversaries calculate, often accurately, that our reasonable concerns for avoiding escalation will lead to indecision, weak responses, or the acceptance of false choices.

We need improved and shared gray zone intelligence to see through the fog of disinformation, synthetic realities, false risks and threats, and an overload of information by our adversaries to understand what is taking place in the gray zone. This not only strengthens our operations to counter gray zone attacks but it helps our citizens, communities, and countries to understand, recognize, reject, and remain resilient in the face of gray zone attacks.

We have to employ “strategic daylighting” to expose and put into context the gray zone activity by our adversaries—stripping away deniability and laying bare nefarious and illegal actions—knowing that our adversaries will go to great lengths to conceal, defend, and attack our efforts to expose their activities.

We have to speak frankly and convincingly to our adversaries and of course, we have to back up our words with persuasive action. Empty warnings and rhetoric will fall short. Changing the risk calculation of our adversaries means real consequences across a broad spectrum—public, diplomatic, economic, legal, informational, or even kinetic. It means a strategy on how to respond - not just a series of hasty responses. Real deterrence will result from planning and strategy; not decisions in the moment based on immediate circumstances.

Finally, we need to think of deterrence and response as a team sport - an “Article 5 mindset.” Our adversaries will seek to divide and isolate. Collective, unified action and resolve can form a powerful deterrent.

Of course, none of this is new. All of us need a solid understanding of the problems and the likely best solutions and implementation remains the greatest challenge.

We can go a long way with a good strategy, good partners, and resolve which seems like a reasonable place to start.

This Cipher Brief expert perspective by Dave Pitts is adapted from a speech he recently delivered in Sarajevo. Comments have been lightly edited for clarity. All statements of fact, opinion, or analysis expressed are my own and do not reflect the official positions or views of the US Government. Nothing in my remarks should be construed as asserting or implying US Government authentication of information or endorsement.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

In March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough.

The malicious links were personalized and extremely short-lived to avoid detection. However, Kaspersky’s technologies successfully identified a sophisticated zero-day exploit that was used to escape Google Chrome’s sandbox. After conducting a quick analysis, we reported the vulnerability to the Google security team, who fixed it as CVE-2025-2783.

Acknowledgement for finding CVE-2025-2783 (excerpt from the security fixes included into Chrome 134.0.6998.177/.178)

We dubbed this campaign Operation ForumTroll because the attackers sent personalized phishing emails inviting recipients to the Primakov Readings forum. The lures targeted media outlets, universities, research centers, government organizations, financial institutions, and other organizations in Russia. The functionality of the malware suggests that the operation’s primary purpose was espionage.

We traced the malware used in this attack back to 2022 and discovered more attacks by this threat actor on organizations and individuals in Russia and Belarus. While analyzing the malware used in these attacks, we discovered an unknown piece of malware that we identified as commercial spyware called “Dante” and developed by the Italian company Memento Labs (formerly Hacking Team).

Similarities in the code suggest that the Operation ForumTroll campaign was also carried out using tools developed by Memento Labs.

In this blog post, we’ll take a detailed look at the Operation ForumTroll attack chain and reveal how we discovered and identified the Dante spyware, which remained hidden for years after the Hacking Team rebrand.

Attack chain

Operation ForumTroll attack chain

In all known cases, infection occurred after the victim clicked a link in a spear phishing email that directed them to a malicious website. The website verified the victim and executed the exploit.

When we first discovered and began analyzing this campaign, the malicious website no longer contained the code responsible for carrying out the infection; it simply redirected visitors to the official Primakov Readings website.

Therefore, we could only work with the attack artifacts discovered during the first wave of infections. Fortunately, Kaspersky technologies detected nearly all of the main stages of the attack, enabling us to reconstruct and analyze the Operation ForumTroll attack chain.

Phishing email

Example of a malicious email used in this campaign (translated from Russian)

The malicious emails sent by the attackers were disguised as invitations from the organizers of the Primakov Readings scientific and expert forum. These emails contained personalized links to track infections. The emails appeared authentic, contained no language errors, and were written in the style one would expect for an invitation to such an event. Proficiency in Russian and familiarity with local peculiarities are distinctive features of the ForumTroll APT group, traits that we have also observed in its other campaigns. However, mistakes in some of those other cases suggest that the attackers were not native Russian speakers.

Validator

The validator is a relatively small script executed by the browser. It validates the victim and securely downloads and executes the next stage of the attack.

The first action the validator performs is to calculate the SHA-256 of the random data received from the server using the WebGPU API. It then verifies the resulting hash. This is done using the open-source code of Marco Ciaramella’s sha256-gpu project. The main purpose of this check is likely to verify that the site is being visited by a real user with a real web browser, and not by a mail server that might follow a link, emulate a script, and download an exploit. Another possible reason for this check could be that the exploit triggers a vulnerability in the WebGPU API or relies on it for exploitation.

The validator sends the infection identifier, the result of the WebGPU API check and the newly generated public key to the C2 server for key exchange using the Elliptic-curve Diffie–Hellman (ECDH) algorithm. If the check is passed, the server responds with an AES-GCM key. This key is used to decrypt the next stage, which is hidden in requests to bootstrap.bundle.min.js and .woff2 font files. Following the timeline of events and the infection logic, this next stage should have been a remote code execution (RCE) exploit for Google Chrome, but it was not obtained during the attack.

Sandbox escape exploit

List of in-the-wild 0-days caught and reported by Kaspersky

Over the years, we have discovered and reported on dozens of zero-day exploits that were actively used in attacks. However, CVE-2025-2783 is one of the most intriguing sandbox escape exploits we’ve encountered. This exploit genuinely puzzled us because it allowed attackers to bypass Google Chrome’s sandbox protection without performing any obviously malicious or prohibited actions. This was due to a powerful logical vulnerability caused by an obscure quirk in the Windows OS.

To protect against bugs and crashes, and enable sandboxing, Chrome uses a multi-process architecture. The main process, known as the browser process, handles the user interface and manages and supervises other processes. Sandboxed renderer processes handle web content and have limited access to system resources. Chrome uses Mojo and the underlying ipcz library, introduced to replace legacy IPC mechanisms, for interprocess communication between the browser and renderer processes.

The exploit we discovered came with its own Mojo and ipcz libraries that were statically compiled from official sources. This enabled attackers to communicate with the IPC broker within the browser process without having to manually craft and parse ipcz messages. However, this created a problem for us because, to analyze the exploit, we had to identify all the Chrome library functions it used. This involved a fair amount of work, but once completed, we knew all the actions performed by the exploit.

In short, the exploit does the following:

• Resolves the addresses of the necessary functions and code gadgets from dll using a pattern search.
• Hooks the v8_inspector::V8Console::Debug function. This allows attackers to escape the sandbox and execute the desired payload via a JavaScript call.
• Starts executing a sandbox escape when attackers call console.debug(0x42, shellcode); from their script.
• Hooks the ipcz::NodeLink::OnAcceptRelayedMessage function.
• Creates and sends an ipcz message of the type RelayMessage. This message type is used to pass Windows OS handles between two processes that do not have the necessary permissions (e.g., renderer processes). The exploit retrieves the handle returned by the GetCurrentThread API function and uses this ipcz message to relay it to itself. The broker transfers handles between processes using the DuplicateHandle API function.
• Receives the relayed message back using the ipcz::NodeLink::OnAcceptRelayedMessage function hook, but instead of the handle that was previously returned by the GetCurrentThread API function, it now contains a handle to the thread in the browser process!
• Uses this handle to execute a series of code gadgets in the target process by suspending the thread, setting register values using SetThreadContext, and resuming the thread. This results in shellcode execution in the browser process and subsequent installation of a malware loader.

So, what went wrong, and how was this possible? The answer can be found in the descriptions of the GetCurrentThread and GetCurrentProcess API functions. When these functions are called, they don’t return actual handles; rather, they return pseudo handles, special constants that are interpreted by the kernel as a handle to the current thread or process. For the current process, this constant is -1 (also equal to INVALID_HANDLE_VALUE, which brings its own set of quirks), and the constant for the current thread is -2. Chrome’s IPC code already checked for handles equal to -1, but there were no checks for -2 or other undocumented pseudo handles. This oversight led to the vulnerability. As a result, when the broker passed the -2 pseudo handle received from the renderer to the DuplicateHandle API function while processing the RelayMessage, it converted -2 into a real handle to its own thread and passed it to the renderer.

Shortly after the patch was released, it became clear that Chrome was not the only browser affected by the issue. Firefox developers quickly identified a similar pattern in their IPC code and released an update under CVE-2025-2857.

When pseudo handles were first introduced, they simplified development and helped squeeze out extra performance – something that was crucial on older PCs. Now, decades later, that outdated optimization has come back to bite us.

Could we see more bugs like this? Absolutely. In fact, this represents a whole class of vulnerabilities worth hunting for – similar issues may still be lurking in other applications and Windows system services.

To learn about the hardening introduced in Google Chrome following the discovery of CVE-2025-2783, we recommend checking out Alex Gough’s upcoming presentation, “Responding to an ITW Chrome Sandbox Escape (Twice!),” at Kawaiicon.

Persistent loader

Persistence is achieved using the Component Object Model (COM) hijacking technique. This method exploits a system’s search order for COM objects. In Windows, each COM class has a registry entry that associates the CLSID (128-bit GUID) of the COM with the location of its DLL or EXE file. These entries are stored in the system registry hive HKEY_LOCAL_MACHINE (HKLM), but can be overridden by entries in the user registry hive HKEY_CURRENT_USER (HKCU). This enables attackers to override the CLSID entry and run malware when the system attempts to locate and run the correct COM component.

COM hijacking in a nutshell

The attackers used this technique to override the CLSID of twinapi.dll {AA509086-5Ca9-4C25-8F95-589D3C07B48A} and cause the system processes and web browsers to load the malicious DLL.

This malicious DLL is a loader that decrypts and executes the main malware. The payload responsible for loading the malware is encoded using a simple binary encoder similar to those found in the Metasploit framework. It is also obfuscated with OLLVM. Since the hijacked COM object can be loaded into many processes, the payload checks the name of the current process and only loads the malware when it is executed by certain processes (e.g., rdpclip.exe). The main malware is decrypted using a modified ChaCha20 algorithm. The loader also has the functionality to re-encrypt the malware using the BIOS UUID to bind it to the infected machine. The decrypted data contains the main malware and a shellcode generated by Donut that launches it.

LeetAgent

LeetAgent is the spyware used in the Operation ForumTroll campaign. We named it LeetAgent because all of its commands are written in leetspeak. You might not believe it, but this is rare in APT malware. The malware connects to one of its C2 servers specified in the configuration and uses HTTPS to receive and execute commands identified by unique numeric values:

• 0xC033A4D (COMMAND) – Run command with cmd.exe
• 0xECEC (EXEC) – Execute process
• 0x6E17A585 (GETTASKS) – Get list of tasks that agent is currently executing
• 0x6177 (KILL) – Stop task
• 0xF17E09 (FILE \x09) – Write file
• 0xF17ED0 (FILE \xD0) – Read file
• 0x1213C7 (INJECT) – Inject shellcode
• 0xC04F (CONF) – Set communication parameters
• 0xD1E (DIE) – Quit
• 0xCD (CD) – Change current directory
• 0x108 (JOB) – Set parameters for keylogger or file stealer

In addition to executing commands received from its C2, it runs keylogging and file-stealing tasks in the background. By default, the file-stealer task searches for documents with the following extensions: *.doc, *.xls, *.ppt, *.rtf, *.pdf, *.docx, *.xlsx, *.pptx.

The configuration data is encoded using the TLV (tag-length-value) scheme and encrypted with a simple single-byte XOR cipher. The data contains settings for communicating with the C2, including many settings for traffic obfuscation.

In most of the observed cases, the attackers used the Fastly.net cloud infrastructure to host their C2. Attackers frequently use it to download and run additional tools such as 7z, Rclone, SharpChrome, etc., as well as additional malware (more on that below).

The number of traffic obfuscation settings may indicate that LeetAgent is a commercial tool, though we have only seen ForumTroll APT use it.

Finding Dante

In our opinion, attributing unknown malware is the most challenging aspect of security research. Why? Because it’s not just about analyzing the malware or exploits used in a single attack; it’s also about finding and analyzing all the malware and exploits used in past attacks that might be related to the one you’re currently investigating. This involves searching for and investigating similar attacks using indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs), as well as identifying overlaps in infrastructure, code, etc. In short, it’s about finding and piecing together every scrap of evidence until a picture of the attacker starts to emerge.

We traced the first use of LeetAgent back to 2022 and discovered more ForumTroll APT attacks on organizations and individuals in Russia and Belarus. In many cases, the infection began with a phishing email containing malicious attachments with the following names:

• Baltic_Vector_2023.iso (translated from Russian)
• DRIVE.GOOGLE.COM (executable file)
• Invitation_Russia-Belarus_strong_partnership_2024.lnk (translated from Russian)
• Various other file names mentioning individuals and companies

In addition, we discovered another cluster of similar attacks that used more sophisticated spyware instead of LeetAgent. We were also able to track the first use of this spyware back to 2022. In this cluster, the infections began with phishing emails containing malicious attachments with the following names:

• SCAN_XXXX_<DATE>.pdf.lnk
• <DATE>_winscan_to_pdf.pdf.lnk
• Rostelecom.pdf.lnk (translated from Russian)
• Various others

The attackers behind this activity used similar file system paths and the same persistence method as the LeetAgent cluster. This led us to suspect that the two clusters might be related, and we confirmed a direct link when we discovered attacks in which this much more sophisticated spyware was launched by LeetAgent.

Connection between LeetAgent and commercial spyware called Dante

After analyzing this previously unknown, sophisticated spyware, we were able to identify it as commercial spyware called Dante, developed by the Italian company Memento Labs.

The Atlantic Council’s Cyber Statecraft Initiative recently published an interesting report titled “Mythical Beasts and where to find them: Mapping the global spyware market and its threats to national security and human rights.” We think that comparing commercial spyware to mythical beasts is a fitting analogy. While everyone in the industry knows that spyware vendors exist, their “products” are rarely discovered or identified. Meanwhile, the list of companies developing commercial spyware is huge. Some of the most famous are NSO Group, Intellexa, Paragon Solutions, Saito Tech (formerly Candiru), Vilicius Holding (formerly FinFisher), Quadream, Memento Labs (formerly Hacking Team), negg Group, and RCS Labs. Some are always in the headlines, some we have reported on before, and a few have almost completely faded from view. One company in the latter category is Memento Labs, formerly known as Hacking Team.

Hacking Team (also stylized as HackingTeam) is one of the oldest and most famous spyware vendors. Founded in 2003, Hacking Team became known for its Remote Control Systems (RCS) spyware, used by government clients worldwide, and for the many controversies surrounding it. The company’s trajectory changed dramatically in 2015 when more than 400 GB of internal data was leaked online following a hack. In 2019, the company was acquired by InTheCyber Group and renamed Memento Labs. “We want to change absolutely everything,” the Memento Labs owner told Motherboard in 2019. “We’re starting from scratch.” Four years later, at the ISS World MEA 2023 conference for law enforcement and government intelligence agencies, Memento Labs revealed the name of its new surveillance tool – DANTE. Until now, little was known about this malware’s capabilities, and its use in attacks had not been discovered.

Excerpt from the agenda of the ISS World MEA 2023 conference (the typo was introduced on the conference website)

The problem with detecting and attributing commercial spyware is that vendors typically don’t include their copyright information or product names in their exploits and malware. In the case of the Dante spyware, however, attribution was simple once we got rid of VMProtect’s obfuscation and found the malware name in the code.

Dante spyware name in the code

Dante

Of course, our attribution isn’t based solely on the string “Dante” found in the code, but it was an important clue that pointed us in the right direction. After some additional analysis, we found a reference to a “2.0” version of the malware, which matches the title of the aforementioned conference talk. We then searched for and identified the most recent samples of Hacking Team’s Remote Control Systems (RCS) spyware. Memento Labs kept improving its codebase until 2022, when it was replaced by Dante. Even with the introduction of the new malware, however, not everything was built from scratch; the later RCS samples share quite a few similarities with Dante. All these findings make us very confident in our attribution.

Why did the authors name it Dante? This may be a nod to tradition, as RCS spyware was also known as “Da Vinci”. But it could also be a reference to Dante’s poem Divine Comedy, alluding to the many “circles of hell” that malware analysts must pass through when detecting and analyzing the spyware given its numerous anti-analysis techniques.

First of all, the spyware is packed with VMProtect. It obfuscates control flow, hides imported functions, and adds anti-debugging checks. On top of that, almost every string is encrypted.

VMProtect anti-debugging technique

To protect against dynamic analysis, Dante uses the following anti-hooking technique: when code needs to execute an API function, its address is resolved using a hash, its body is parsed to extract the system call number, and then a new system call stub is created and used.

Dante anti-hooking technique (simplified)

In addition to VMProtect’s anti-debugging techniques, Dante uses some common methods to detect debuggers. Specifically, it checks the debug registers (Dr0–Dr7) using NtGetContextThread, inspects the KdDebuggerEnabled field in the KUSER_SHARED_DATA structure, and uses NtQueryInformationProcess to detect debugging by querying the ProcessDebugFlags, ProcessDebugPort, ProcessDebugObjectHandle, and ProcessTlsInformation classes.

To protect itself from being discovered, Dante employs an interesting method of checking the environment to determine if it is safe to continue working. It queries the Windows Event Log for events that may indicate the use of malware analysis tools or virtual machines (as a guest or host).

The strings Dante searches for in the event logs

It also performs several anti-sandbox checks. It searches for “bad” libraries, measures the execution times of the sleep() function and the cpuid instruction, and checks the file system.

Some of these anti-analysis techniques may be a bit annoying, but none of them really work or can stop a professional malware analyst. We deal with these techniques on an almost daily basis.

After performing all the checks, Dante does the following: decrypts the configuration and the orchestrator, finds the string “DANTEMARKER” in the orchestrator, overwrites it with the configuration, and then loads the orchestrator.

The configuration is decrypted from the data section of the malware using a simple XOR cipher. The orchestrator is decrypted from the resource section and poses as a font file. Dante can also load and decrypt the orchestrator from the file system if a newer, updated version is available.

The orchestrator displays the code quality of a commercial product, but isn’t particularly interesting. It is responsible for communication with C2 via HTTPs protocol, handling modules and configuration, self-protection, and self-removal.

Modules can be saved and loaded from the file system or loaded from memory. The infection identifier (GUID) is encoded in Base64. Parts of the resulting string are used to derive the path to a folder containing modules and the path to additional settings stored in the registry.

An example of Dante’s paths derivation

The folder containing modules includes a binary file that stores information about all downloaded modules, including their versions and filenames. This metadata file is encrypted with a simple XOR cipher, while the modules are encrypted with AES-256-CBC, using the first 0x10 bytes of the module file as the IV and the key bound to the machine. The key is equal to the SHA-256 hash of a buffer containing the CPU identifier and the Windows Product ID.

To protect itself, the orchestrator uses many of the same anti-analysis techniques, along with additional checks for specific process names and drivers.

If Dante doesn’t receive commands within the number of days specified in the configuration, it deletes itself and all traces of its activity.

At the time of writing this report, we were unable to analyze additional modules because there are currently no active Dante infections among our users. However, we would gladly analyze them if they become available. Now that information about this spyware has been made public and its developer has been identified, we hope it won’t be long before additional modules are discovered and examined. To support this effort, we are sharing a method that can be used to identify active Dante spyware infections (see the Indicators of compromise section).

Although we didn’t see the ForumTroll APT group using Dante in the Operation ForumTroll campaign, we have observed its use in other attacks linked to this group. Notably, we saw several minor similarities between this attack and others involving Dante, such as similar file system paths, the same persistence mechanism, data hidden in font files, and other minor details. Most importantly, we found similar code shared by the exploit, loader, and Dante. Taken together, these findings allow us to conclude that the Operation ForumTroll campaign was also carried out using the same toolset that comes with the Dante spyware.

Conclusion

This time, we have not one, but three conclusions.

1) DuplicateHandle is a dangerous API function. If the process is privileged and the user can provide a handle to it, the code should return an error when a pseudo-handle is supplied.

2) Attribution is the most challenging part of malware analysis and threat intelligence, but also the most rewarding when all the pieces of the puzzle fit together perfectly. If you ever dreamed of being a detective as a child and solving mysteries like Sherlock Holmes, Miss Marple, Columbo, or Scooby-Doo and the Mystery Inc. gang, then threat intelligence might be the right job for you!

3) Back in 2019, Hacking Team’s new owner stated in an interview that they wanted to change everything and start from scratch. It took some time, but by 2022, almost everything from Hacking Team had been redone. Now that Dante has been discovered, perhaps it’s time to start over again.

Full details of this research, as well as future updates on ForumTroll APT and Dante, are available to customers of the APT reporting service through our Threat Intelligence Portal.

Contact: intelreports@kaspersky.com

Indicators of compromise

Kaspersky detections
Exploit.Win32.Generic
Exploit.Win64.Agent
Trojan.Win64.Agent
Trojan.Win64.Convagent.gen
HEUR:Trojan.Script.Generic
PDM:Exploit.Win32.Generic
PDM:Trojan.Win32.Generic
UDS:DangerousObject.Multi.Generic

TTP detection rules in Kaspersky NEXT EDR Expert
suspicious_drop_dll_via_chrome
This rule detects a DLL load within a Chrome process, initiated via Outlook. This behavior is consistent with exploiting a vulnerability that enables browser sandbox bypass through the manipulation of Windows pseudo-handles and IPC.

possible_com_hijacking_by_memento_labs_via_registry
This rule detects an attempt at system persistence via the COM object hijacking technique, which exploits peculiarities in the Windows COM component resolution process. This feature allows malicious actors to create custom CLSID entries in the user-specific registry branch, thereby overriding legitimate system components. When the system attempts to instantiate the corresponding COM object, the malicious payload executes instead of the original code.

cve_exploit_detected
This generic rule is designed to detect attempts by malicious actors to exploit various vulnerabilities. Its logic is based on analyzing a broad set of characteristic patterns that reflect typical exploitation behavior.

Folder with modules
The folder containing the modules is located in %LocalAppData%, and is named with an eight-byte Base64 string. It contains files without extensions whose names are also Base64 strings that are eight bytes long. One of the files has the same name as the folder. This information can be used to identify an active infection.

Loader
7d3a30dbf4fd3edaf4dde35ccb5cf926
3650c1ac97bd5674e1e3bfa9b26008644edacfed
2e39800df1cafbebfa22b437744d80f1b38111b471fa3eb42f2214a5ac7e1f13

LeetAgent
33bb0678af6011481845d7ce9643cedc
8390e2ebdd0db5d1a950b2c9984a5f429805d48c
388a8af43039f5f16a0673a6e342fa6ae2402e63ba7569d20d9ba4894dc0ba59

Dante
35869e8760928407d2789c7f115b7f83
c25275228c6da54cf578fa72c9f49697e5309694
07d272b607f082305ce7b1987bfa17dc967ab45c8cd89699bcdced34ea94e126

Hacktivism and geopolitically motivated APT groups have become a significant threat to many regions of the world in recent years, damaging infrastructure and important functions of government, business, and society. In late 2022 we predicted that the involvement of hacktivist groups in all major geopolitical conflicts from now on will only increase and this is what we’ve been observing throughout the years. With regard to the Ukrainian-Russian conflict, this has led to a sharp increase of activities carried out by groups that identify themselves as either pro-Ukrainian or pro-Russian.

The rise in cybercrime amid geopolitical tensions is alarming. Our Kaspersky Cyber Threat Intelligence team has been observing several geopolitically motivated threat actors and hacktivist groups operating in various conflict zones. Through collecting and analyzing extensive data on these groups’ tactics, techniques, and procedures (TTPs), we’ve discovered a concerning trend: hacktivists are increasingly interconnected with financially motivated groups. They share tools, infrastructure, and resources.

This collaboration has serious implications. Their campaigns may disrupt not only business operations but also ordinary citizens’ lives, affecting everything from banking services to personal data security or the functioning of the healthcare system. Moreover, monetized techniques can spread exponentially as profit-seeking actors worldwide replicate and refine them. We consider these technical findings a valuable resource for global cybersecurity efforts. In this report, we share observations on threat actors who identify themselves as pro-Ukrainian.

About this report

The main goal of this report is to provide technical evidence supporting the theory we’ve proposed based on our previous research: that most of the groups we describe here actively collaborate, effectively forming three major threat clusters.

This report includes:

• A library of threat groups, current as of 2025, with details on their main TTPs and tools.
• A technical description of signature tactics, techniques, procedures, and toolsets used by these groups. This information is intended for practical use by SOC, DFIR, CTI, and threat hunting professionals.

What this report covers

This report contains information on the current TTPs of hacktivists and APT groups targeting Russian organizations particularly in 2025, however they are not limited to Russia as a target. Further research showed that among some of the groups’ targets, such as CloudAtlas and XDSpy, were assets in European, Asian, and Middle Eastern countries. In particular, traces of infections were discovered in 2024 in Slovakia and Serbia. The report doesn’t include groups that emerged in 2025, as we didn’t have sufficient time to research their activity. We’ve divided all groups into three clusters based on their TTPs:

• Cluster I combines hacktivist and dual-purpose groups that use similar tactics, techniques, and tools. This cluster is characterized by:
• Shared infrastructure
• A unique software suite
• Identical processes, command lines, directories, and so on
• Distinctive TTPs
• Cluster II comprises APT groups that have different TTPs from the hacktivists. Among these, we can distinguish simple APTs (characterized by their use of third-party utilities, scripts that carry out all the malicious logic, shared domain registrars, and concealing their real infrastructure behind reverse proxy systems – for example, using Cloudflare services), and more sophisticated ones (distinguished by their unique TTPs).
• Cluster III includes hacktivist groups for which we’ve observed no signs of collaboration with other groups described here.

Example: Cyberthreat landscape in Russia in 2025

Hacktivism remains the key threat to Russian businesses and businesses in other conflict areas today, and the scale and complexity of these attacks keep growing. Traditionally, the term “hacktivism” refers to a blend of hacking and activism, where attackers use their skills to achieve social or political goals. Over the past few years, these threat actors have become more experienced and organized, collaborating with one another and sharing knowledge and tools to achieve common objectives.

Additionally, a new phenomenon known as “dual-purpose groups” has appeared in the Russian threat landscape in recent years. We’ve detected links between hacktivists and financially motivated groups. They use the same tools, techniques, and tactics, and even share common infrastructure and resources. Depending on the victim, they may pursue a variety of goals: demanding a ransom to decrypt data, causing irreparable damage, or leaking stolen data to the media. This suggests that these attackers belong to a single complex cluster.

Beyond this, “traditional” categories of attackers continue to operate in Russia and other regions: groups engaged in cyberespionage and purely financially motivated threat actors also remain a significant problem. Like other groups, geopolitically motivated groups are cybercriminals who undermine the secure and trustworthy use of digitalization opportunities and they can change and adapt their target regions depending on political developments.

That is why it is important to also be aware of the TTPs used by threat actors who appear to be attacking other targets. We will continue to monitor geopolitically motivated threat actors and publish technical reports about their TTPs.

Recommendations

To defend against the threats described in this report, Kaspersky experts recommend the following:

• Provide your SOC teams with access to up-to-date information on the latest attacker tactics, techniques, and procedures (TTPs). Threat intelligence feeds from reliable providers, like Kaspersky Threat Intelligence, can help with this.
• Use a comprehensive security solution that combines centralized monitoring and analysis, advanced threat detection and response, and security incident investigation tools. The Kaspersky NEXT XDR platform provides this functionality and is suitable for medium and large businesses in any industry.
• Protect every component of modern and legacy industrial automation systems with specialized OT security solutions. Kaspersky Industrial CyberSecurity (KICS) — an XDR-class platform — ensures reliable protection for critical infrastructure in energy, manufacturing, mining, and transportation.
• Conduct regular security awareness training for employees to reduce the likelihood of successful phishing and other social engineering attacks. Kaspersky Automated Security Awareness Platform is a good option for this.

The report is available for our partners and customers. If you are interested, please contact report@kaspersky.com