We’ve launched an exclusive WhatsApp group with local chapters in New York, Dubai, Saudi - and more coming soon. Join our WhatsApp Group here: LINK

Unit 42 has identified a large-scale, state-aligned cyber espionage operation tracked as TGR-STA-1030, dubbed the Shadow Campaigns, actively compromising government and critical infrastructure organizations around the world. Over at least the past year, this group has breached at least 70 entities across 37 countries, making this one of the most extensive espionage efforts reported since SolarWinds-era campaigns.

The group’s operations are characterised by phishing-based initial access, exploitation of common vulnerabilities, and deployment of stealthy tools to maintain persistence, including a custom Linux rootkit. Targets include national law enforcement, finance, immigration, trade, and energy ministries - systems fundamental to governance and economic decision-making.

Reconnaissance activity against systems in 155 countries suggests far broader interest and preparatory probing for future operations. Unit 42 has shared indicators with industry partners and affected entities, and emphasises the importance of enhanced phishing detection, proactive vulnerability management, and cooperation with threat intelligence communities to counter sophisticated espionage campaigns.

Key Points

LINK: https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/

Ivanti Zero-Day Flaws Actively Exploited: U.S. officials warned that multiple zero-day vulnerabilities in Ivanti Endpoint Manager Mobile are being actively exploited, urging organizations to apply mitigations as attackers target mobile device management infrastructure. https://cyberscoop.com/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit/

Hugging Face Abused to Distribute Android Malware: Threat actors abused Hugging Face repositories to host thousands of malicious Android apps, demonstrating how trusted AI and developer platforms are increasingly leveraged in malware campaigns. https://www.bleepingcomputer.com/news/security/hugging-face-abused-to-spread-thousands-of-android-malware-variants/

Google Looker Vulnerabilities Disclosed: Researchers revealed vulnerabilities in Google Looker that could enable unauthorized access if exploited, prompting renewed scrutiny of SaaS analytics platforms embedded deeply within enterprise environments. https://www.helpnetsecurity.com/2026/02/04/google-looker-vulnerabilities-cve-2025-12743/

CISA Warns of Exploited GitLab Flaw: CISA added a five-year-old GitLab vulnerability to its Known Exploited Vulnerabilities catalog after confirming active exploitation, highlighting the persistent risk posed by unpatched legacy flaws. https://www.bleepingcomputer.com/news/security/cisa-warns-of-five-year-old-gitlab-flaw-exploited-in-attacks/

Conduent Data Breach Grows to Millions More Victims: Govtech provider Conduent disclosed that a previously reported cyber incident affected millions more Americans than initially believed, expanding the scope of exposed personal and government-linked data across public sector clients. https://techcrunch.com/2026/02/conduent-data-breach

Romanian Oil Pipeline Operator Confirms Cyberattack: Romania’s state pipeline operator acknowledged a cyberattack after ransomware actors claimed data theft, raising concerns over energy sector resilience despite assurances that fuel transport operations were not disrupted. https://therecord.media/romanias-oil-pipeline-operator-confirms-cyberattack

Substack Warns Users After Hacker Claims Breach: Substack notified customers of a potential data breach following dark web claims by a hacker, highlighting persistent risks to creator platforms holding subscriber and payment-related information. https://therecord.media/substack-warns-customers-data-breach

Notepad++ Supply Chain Attack Identified: Researchers uncovered a supply-chain attack involving a trojanized version of Notepad++, underscoring how trusted software updates remain a prime vector for large-scale malware distribution. https://securelist.com/notepad-supply-chain-attack/118708/

Qilin Ransomware Hits Romanian Pipeline Firm Conpet: Conpet disclosed it was targeted by the Qilin ransomware group, with attackers claiming data exfiltration as regulators assess potential impacts on critical infrastructure security. https://www.bleepingcomputer.com/news/security/romanian-oil-pipeline-operator-conpet

AI-Driven Cloud Takeover Executed in Eight Minutes: Security researchers demonstrated how attackers used AI-assisted techniques to hijack cloud environments in under ten minutes, illustrating how automation is accelerating breach timelines. https://hackread.com/8-minute-takeover-ai-hijack-cloud-access/

Flickr Investigates Potential User Data Exposure: Flickr warned users of a possible data breach that may have exposed names and email addresses, highlighting ongoing risks for legacy consumer platforms with large historical datasets. https://www.bleepingcomputer.com/news/security/flickr-discloses-potential-data-breach-exposing-users-names-emails/

Coinbase Confirms Insider Breach Linked to Support Tools: Coinbase confirmed an internal security incident after screenshots from customer support tools were leaked, allegedly by an insider, raising concerns over employee access governance and insider risk management at major crypto platforms. https://www.theverge.com/2024/coinbase-insider-breach

Russian Hackers Breach Messenger Used by Ukrainian Soldiers: Russian threat actors reportedly compromised a messaging service used by Ukrainian military personnel, potentially enabling surveillance and intelligence collection during active conflict, underscoring the cyber risks tied to battlefield communications platforms. https://lenta.ru/news/2026/02/

California City Shuts Down Flock Cameras Over Data Misuse: A California city disabled its Flock Safety license-plate reader system after learning the vendor shared collected data without authorization, reigniting debates over surveillance technology, vendor accountability, and law enforcement data governance. https://therecord.media/california-city-turns-off-flock-cameras

Russian Inspector Satellites Suspected of Intercepting EU Communications: Western analysts suspect Russian “inspector” satellites may be capable of intercepting European communications, raising alarms about space-based espionage and the growing cyber-physical attack surface in orbit. https://www.tomshardware.com/tech-industry/russian-inspector-satellites-suspected

Spyware Maker Uses ‘Reputation Laundering’ Strategy: An investigation found a spyware vendor attempting to rehabilitate its public image through rebranding and legal processes, highlighting how controversial surveillance firms adapt amid mounting regulatory and ethical scrutiny. https://therecord.media/spyware-maker-pall-mall-process-reputation

Global Espionage Campaigns Exposed by Unit 42: Palo Alto Networks’ Unit 42 detailed coordinated espionage campaigns spanning multiple regions, linking advanced persistent threats to long-term intelligence collection operations targeting governments, telecoms, and critical infrastructure. https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/

Germany Warns of Signal Account Hijacking: German authorities warned that senior officials are being targeted in Signal account hijacking campaigns, emphasizing growing risks to encrypted messaging platforms through phishing, SIM-swapping, and account takeover techniques. https://www.bleepingcomputer.com/news/security/germany-warns-of-signal-account-hijacking-targeting-senior-figures/

UK Cyber Strategy Needs Reset, RUSI Warns: A new RUSI report argues the UK must modernize its cyber strategy to address systemic threats, improve coordination, and better integrate cyber capabilities into national security planning. https://www.rusi.org/explore-our-research/publications/insights-papers/rebooting-uks-cyber-strategy

Europe Shifts Cyber Strategy From Defense to Offense: Analysts say European and allied governments are increasingly embracing offensive cyber capabilities as part of deterrence strategies, marking a shift in long-standing defensive postures. https://bindinghook.com/how-european-and-allied-cybersecurity-strategies-are-shifting-from-defence-to-offence/

Industry Pushes to Roll Back Cyber Rules Ahead of CISA Renewal: U.S. industry groups are lobbying lawmakers to scale back cybersecurity regulations as Congress debates renewing CISA authorities, raising concerns among security experts. https://cyberscoop.com/sean-cairncross-industry-cut-cybersecurity-regulations-renew-cisa/

Canada Warns of Rising Ransomware Threats Through 2027: Canada’s national cyber agency warned ransomware will remain a dominant threat through 2027, citing increased targeting of critical infrastructure and public services. https://www.cyber.gc.ca/en/guidance/ransomware-threat-outlook-2025-2027

Norway Releases National Threat Assessment 2026: Norway’s security service warned of heightened cyber espionage, sabotage risks, and hybrid threats in its 2026 national threat assessment, citing state and criminal actors. https://www.pst.no/wp-content/uploads/2026/02/National-Threat-Assessment-2026.pdf

Generative AI is transforming cybersecurity at unprecedented speed. For UK organisations, it represents a powerful opportunity to modernise Security Operations Centres (SOCs) through intelligent automation, predictive threat detection, and faster decision-making.

At the same time, it is enabling a new class of highly sophisticated cyber threats, AI-driven phishing, adaptive malware, and LLM-engineered exploits that challenge traditional defences.

REGISTER HERE

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected]

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.