CyberNews: 08/02/2026 Edition

Published by Dunateo on 2026-02-08

Today’s roundup

  • State actor targets 155 countries in 'Shadow Campaigns' espionage op
  • DKnife toolkit abuses routers to spy and deliver malware since 2019
  • Italian university La Sapienza still offline to mitigate recent cyber attack

    • Summary

    A state-aligned cyberespionage group, tracked as TGR-STA-1030/UNC6619, has launched a global operation dubbed "Shadow Campaigns." This sophisticated campaign has targeted government infrastructure across 155 countries, aiming for large-scale information gathering and intelligence collection.

    Cisco Talos researchers have uncovered "DKnife," a powerful Linux toolkit used in cyber-espionage attacks since at least 2019. The framework abuses routers and edge devices to conduct deep-packet inspection, manipulate network traffic, and deliver malware like ShadowPad and DarkNimbus. DKnife specifically targets Chinese-speaking users, disrupts antivirus software, monitors user activity, and is linked with high confidence to China-nexus threat actors. Its command and control infrastructure remained active as of January 2026, comprising seven Linux ELF components.

    Rome's La Sapienza University has remained offline since February 2 following a cyberattack that severely disrupted student services and operational systems. Initial reports indicate a ransomware attack, specifically utilizing the Bablock strain, and is being attributed to a new Russian cybercrime group named Femwar02. The university proactively shut down its IT infrastructure to mitigate the spread of the threat, with the Italian National Cybersecurity Agency (ACN) and law enforcement actively involved in the ongoing investigation.

    Want to dig deeper?

    Malware Families

    Global GLOBAL GROUP