CyberNews: 27/06/2026 Edition

Published by Dunateo on 2026-06-27

Today’s roundup

  • FBI: Russian hackers now target Signal backup recovery keys
  • Cybersecurity firms targeted by fraudulent OpenAI organization invites
  • New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
  • Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware
  • The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials

    • Summary

    The FBI and CISA have issued a warning regarding an evolving phishing campaign by Russian intelligence services. This campaign, initially targeting Signal users, now aims to steal Signal Backup Recovery Keys. Successful exploitation allows attackers to access victims' entire historical message archives.

    Threat actors are observed targeting cybersecurity firms with fraudulent OpenAI organization invites. Attackers create fake OpenAI tenants impersonating legitimate companies to lure employees into joining, with the objective of tricking them into revealing sensitive company information through chats and projects.

    A new cyberattack campaign, dubbed StrikeShark by Kaspersky, is deploying an undocumented malware family named SharkLoader. This loader is designed to deliver Cobalt Strike Beacon to compromised hosts. The campaign has specifically targeted a diplomatic organization in Indonesia and government organizations in Taiwan.

    A Chinese-speaking Advanced Persistent Threat (APT) group, tracked as CL-STA-1062 by Palo Alto Networks Unit 42 (also known as UAT-7237), has expanded its operations since mid-2025 to target Southeast Asian government entities and state-owned critical energy infrastructure. The group employs a hybrid toolkit, including common open-source tools and a newly discovered custom C# backdoor named TinyRCT. TinyRCT allows for arbitrary command execution, file exfiltration, and screenshot capture, while employing evasion techniques such as checking its execution path and incorporating Simplified Chinese in its code. Delivery occurs via DLL sideloading through a modified `chrome_setup.zip` archive.

    The Pentagon has initiated an investigation into a data exposure involving the private group "Dialog" due to concerns that it could unmask national security officials. The exposed records reportedly contained personal information pertaining to a senior White House intelligence official and an active-duty special operations officer.

    Want to dig deeper?

    Malware Families

    Cobalt Strike Agentemis BEACON CobaltStrike cobeacon