▌ OPERATIONAL SECTOR

Cyber and Information Warfare

9 BRIEFS FILED

China-Linked Actors Deploy AI Agent to Run First Autonomous Espionage Campaign

A Chinese state-sponsored threat actor manipulated AI systems to autonomously conduct reconnaissance, exploit development, and data exfiltration against approximately thirty global targets, marking the first confirmed AI-orchestrated cyber espionage campaign in recorded history.

◆ HIGH CONFIDENCECyber and Information Warfare6 JUN 2026

▌ INTELLIGENCE BRIEF

China-Linked Operation Dragon Weave Exploits Azure Cloud to Spy on Czech and Taiwanese Targets

A China-aligned threat actor has weaponised Microsoft Azure Blob Storage as a command-and-control relay to conduct simultaneous spear-phishing operations against government, academic, and financial targets in the Czech Republic and Taiwan.

◆ MODERATECyber and Information Warfare4 JUN 2026

▌ INTELLIGENCE BRIEF

China's APTs Exploit Gulf Instability to Target Maritime and Energy Intelligence

China-aligned advanced persistent threat groups have pivoted operations toward Gulf maritime and energy targets, exploiting the intelligence vacuum created by the US-Iran conflict and ongoing regional instability — per ESET's Q1 2026 APT Activity Report.

◆ HIGH CONFIDENCECyber and Information Warfare2 JUN 2026

▌ INTELLIGENCE BRIEF

GREYVIBE Emerges: Russia's AI-Augmented Cyber Unit Strikes Ukraine

A previously undocumented Russian-linked threat group designated GREYVIBE has deployed AI-assisted cyberattack capabilities against Ukrainian military, government, and civilian infrastructure since at least August 2025, representing a documented escalation in AI-enabled offensive cyber operations within the ongoing Russo-Ukrainian conflict.

◆ MODERATECyber and Information Warfare2 JUN 2026

▌ INTELLIGENCE BRIEF

Salt Typhoon Penetrates Italy's Critical IT Backbone in Silent Two-Week Operation

China's Salt Typhoon APT maintained undetected two-week access inside IBM's Italian subsidiary Sistemi Informativi, compromising IT infrastructure serving Italy's national institutions, energy, finance, and telecommunications sectors.

◆ MODERATECyber and Information Warfare31 MAY 2026

▌ INTELLIGENCE BRIEF

GCHQ Director Warns West Is Losing Ground in Cyber Cold War

GCHQ Director Anne Keast-Butler publicly warned that Russia is relentlessly targeting Western critical infrastructure and democratic processes while China advances toward cyber supremacy, leaving the West a narrowing window to respond.

◆ HIGH CONFIDENCECyber and Information Warfare29 MAY 2026

▌ INTELLIGENCE BRIEF

Lazarus Group Deploys Undetectable Memory RAT Against Global Financial Sector

North Korea's Lazarus Group has deployed RemotePE, a fully memory-resident RAT leaving zero filesystem artifacts, against global financial and cryptocurrency institutions — a significant capability escalation directly funding Pyongyang's weapons programmes.

◆ HIGH CONFIDENCECyber and Information Warfare27 MAY 2026

▌ THREAT ASSESSMENT // MOIS OPERATIONS

MuddyWater Deploys Chaos Ransomware as MOIS Espionage Cover: Iran Escalates Dual-Use Cyber Operations

Available reporting indicates Iranian state-sponsored actor MuddyWater has deployed Chaos ransomware in operations assessed with moderate confidence as intelligence collection campaigns using destructive malware as cover, marking a tactical evolution in how Iran's Ministry of Intelligence and Security conducts espionage under commercial-crime deniability.

◆ MODERATECyber and Information Warfare26 MAY 2026

▌ CYBER-INTEL // TIER 1 THREAT

Salt Typhoon Breaches IBM Italy Subsidiary: China's Telecom Espionage Reaches European Infrastructure

China's Salt Typhoon APT group has extended its telecommunications espionage campaign to European infrastructure, with an IBM subsidiary in Italy assessed with high confidence to have been accessed for approximately two weeks before detection — the first confirmed Salt Typhoon foothold on Italian soil.

◆ HIGH CONFIDENCECyber and Information Warfare26 MAY 2026