Iran, Russia, China Target Water Systems for Sabotage
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
Nation State reporting covers malware, threat actors, infrastructure, reported incidents, disruption efforts, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Nation-state activity is cyber activity conducted, directed, or supported by a government, including espionage, disruption, or theft of sensitive information. The label can also cover suspected government-linked actors; attribution is often uncertain and may reflect intelligence assessment rather than publicly proven control.
For practitioners, reporting under this tag can indicate risks to government, critical-infrastructure, research, or strategic commercial networks, particularly through exposed systems, stolen credentials, or exploitation of unpatched vulnerabilities. Useful responses include prioritizing vulnerability remediation on internet-facing assets, enforcing strong authentication, limiting access to sensitive systems, and retaining logs that support investigation. Threat intelligence can help assess whether observed infrastructure or malware resembles activity associated with a state, but defensive decisions should rely on the technical evidence and the affected organization’s risk, not attribution alone.
Weekly headline count for the current query.
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.
North Korea's gross domestic product (GDP) has grown, in part because of the nation's state-sponsored cybercrime groups, which target financial firms and other businesses.
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group.
The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.
Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations.
Nation-state malware is being sold on the Dark Web and leaked to GitHub; and ordinary organizations might not stand much of a chance of defending themselves.
Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.
The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.
A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.
Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors’ networks.
State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.
Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out last July.
The upcoming Winter Games in the Italian Alps are attracting both hacktivists looking to reach billions of people and state-sponsored cyber-spies targeting the attending glitterati.
A state-sponsored threat group tracked as "Kimsuky" sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions.
The tech giant has been beset by a deluge of state-sponsored North Korean operatives, showcasing the sheer scale of the IT worker scam problem.
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.
Iran's top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game.
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.
Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices.