State actor targets 155 countries in “Shadow Campaigns”espionage op

A state-aligned cyberespionage threat group, tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the 'Shadow Campaigns,' targeting government infrastructure in 155 countries. The group has been active since at least January 2024 and is believed to operate from Asia. The attacks focus on government ministries, law enforcement, border control, finance, trade, energy, mining, immigration, and diplomatic agencies. Unit 42 researchers confirmed compromises of at least 70 organizations across 37 countries, including entities in the Americas, Europe, Australia, and Taiwan. The threat group uses highly tailored phishing emails and exploits known vulnerabilities to gain initial access, employing a custom Linux kernel eBPF rootkit called 'ShadowGuard' to evade detection.