UNCLASSIFIED // FOR PUBLIC RELEASEINTELLIGENCE BRIEFING ACTIVESPYWITNESS NEWS
INTELLIGENCE REPORT
SPYWITNESS
NEWS & ANALYSIS
ESTABLISHED 2023
▌ LIVE INTELLIGENCE FEED
▌ OPERATIONAL SECTOR

Cyber and Information Warfare

18 BRIEFS FILED
INTELLIGENCE BRIEF

China's UAT-7810 Expands Covert Router Proxy Network With LONGLEASH

Cisco Talos has documented China-linked actor UAT-7810 actively expanding the LapDogs Operational Relay Box network with new LONGLEASH, DOGLEASH, and JARLEASH malware, hijacking unpatched Ruckus and ASUS routers to build covert proxy infrastructure later used by secondary actors against Taiwanese critical infrastructure.

HIGH CONFIDENCECyber and Information Warfare10 JUL 2026
INTELLIGENCE BRIEF

AI Agent Ransomware JADEPUFFER Ran Full Attack Chain Solo

Security researchers have documented JADEPUFFER, the first ransomware intrusion executed entirely by an autonomous AI agent, which deployed over 600 payloads and encrypted a production database with no human operator involved at any stage.

HIGH CONFIDENCECyber and Information Warfare10 JUL 2026
INTELLIGENCE BRIEF

Armored Likho's AI-Crafted Malware Targets Power Grids in Three Nations

A previously undocumented threat actor, Armored Likho, is using large language model-generated loader code to compromise government agencies and electric-power infrastructure across Russia, Brazil, and Kazakhstan, the clearest evidence yet that AI-assisted malware authorship has moved from theory to active operations.

HIGH CONFIDENCECyber and Information Warfare7 JUL 2026
INTELLIGENCE BRIEF

DHS Confirms Breach of Key Intelligence-Sharing Network

Hackers breached the Department of Homeland Security's HSIN intelligence-sharing platform in a window spanning late May to early June 2026, compromising a network used to coordinate security for the ongoing U.S.-hosted World Cup and raising unresolved questions about what interagency threat data was exposed.

MODERATECyber and Information Warfare4 JUL 2026
INTELLIGENCE BRIEF

ToddyCat's Umbrij Tool Hijacks Gmail Through Stolen OAuth Tokens

Kaspersky researchers have identified Umbrij, a new ToddyCat-linked tool that uses a technique called Shadow Token via Remote Debug to hijack Google OAuth authorization flows and seize full access to corporate Gmail accounts without stealing a single password.

HIGH CONFIDENCECyber and Information Warfare4 JUL 2026
INTELLIGENCE BRIEF

Russian Intelligence Harvests Signal Backup Keys in Global Officials Campaign

Russian intelligence services have escalated a global encrypted messaging compromise campaign by pivoting to Signal Backup Recovery Key theft, granting persistent access to the complete message histories of current and former US government officials, military personnel, and journalists.

HIGH CONFIDENCECyber and Information Warfare2 JUL 2026
INTELLIGENCE BRIEF

Five Eyes Issues Emergency AI Warning: Western Cyber Defenses Could Fall Within Months

The Five Eyes intelligence alliance has issued its most urgent collective AI warning to date, assessing that adversary AI systems could defeat prevailing Western cybersecurity frameworks within months.

HIGH CONFIDENCECyber and Information Warfare29 JUN 2026
INTELLIGENCE BRIEF

DPRK Operators Deploy Gaslight: Rust Implant Designed to Blind AI Malware Triage

North Korea-aligned threat actors have deployed Gaslight, a Rust-based macOS implant that weaponizes prompt injection to subvert AI-assisted malware analysis tools, marking a significant tradecraft evolution targeting cryptocurrency and finance sectors.

HIGH CONFIDENCECyber and Information Warfare29 JUN 2026
INTELLIGENCE BRIEF

Five Eyes: Frontier AI Hacking Tools Arrive Within Months, China Near Parity

Five Eyes intelligence agencies issued a rare joint warning that frontier AI models capable of launching devastating cyberattacks will be publicly available within months, with adversary states including China assessed as potentially weeks away from achieving comparable capabilities.

HIGH CONFIDENCECyber and Information Warfare24 JUN 2026
INTELLIGENCE BRIEF

China-Linked Actors Deploy AI Agent to Run First Autonomous Espionage Campaign

A Chinese state-sponsored threat actor manipulated AI systems to autonomously conduct reconnaissance, exploit development, and data exfiltration against approximately thirty global targets, marking the first confirmed AI-orchestrated cyber espionage campaign in recorded history.

HIGH CONFIDENCECyber and Information Warfare6 JUN 2026
INTELLIGENCE BRIEF

China-Linked Operation Dragon Weave Exploits Azure Cloud to Spy on Czech and Taiwanese Targets

A China-aligned threat actor has weaponised Microsoft Azure Blob Storage as a command-and-control relay to conduct simultaneous spear-phishing operations against government, academic, and financial targets in the Czech Republic and Taiwan.

MODERATECyber and Information Warfare4 JUN 2026
INTELLIGENCE BRIEF

China's APTs Exploit Gulf Instability to Target Maritime and Energy Intelligence

China-aligned advanced persistent threat groups have pivoted operations toward Gulf maritime and energy targets, exploiting the intelligence vacuum created by the US-Iran conflict and ongoing regional instability — per ESET's Q1 2026 APT Activity Report.

HIGH CONFIDENCECyber and Information Warfare2 JUN 2026
INTELLIGENCE BRIEF

GREYVIBE Emerges: Russia's AI-Augmented Cyber Unit Strikes Ukraine

A previously undocumented Russian-linked threat group designated GREYVIBE has deployed AI-assisted cyberattack capabilities against Ukrainian military, government, and civilian infrastructure since at least August 2025, representing a documented escalation in AI-enabled offensive cyber operations within the ongoing Russo-Ukrainian conflict.

MODERATECyber and Information Warfare2 JUN 2026
INTELLIGENCE BRIEF

Salt Typhoon Penetrates Italy's Critical IT Backbone in Silent Two-Week Operation

China's Salt Typhoon APT maintained undetected two-week access inside IBM's Italian subsidiary Sistemi Informativi, compromising IT infrastructure serving Italy's national institutions, energy, finance, and telecommunications sectors.

MODERATECyber and Information Warfare31 MAY 2026
INTELLIGENCE BRIEF

GCHQ Director Warns West Is Losing Ground in Cyber Cold War

GCHQ Director Anne Keast-Butler publicly warned that Russia is relentlessly targeting Western critical infrastructure and democratic processes while China advances toward cyber supremacy, leaving the West a narrowing window to respond.

HIGH CONFIDENCECyber and Information Warfare29 MAY 2026
INTELLIGENCE BRIEF

Lazarus Group Deploys Undetectable Memory RAT Against Global Financial Sector

North Korea's Lazarus Group has deployed RemotePE, a fully memory-resident RAT leaving zero filesystem artifacts, against global financial and cryptocurrency institutions — a significant capability escalation directly funding Pyongyang's weapons programmes.

HIGH CONFIDENCECyber and Information Warfare27 MAY 2026
THREAT ASSESSMENT // MOIS OPERATIONS

MuddyWater Deploys Chaos Ransomware as MOIS Espionage Cover: Iran Escalates Dual-Use Cyber Operations

Available reporting indicates Iranian state-sponsored actor MuddyWater has deployed Chaos ransomware in operations assessed with moderate confidence as intelligence collection campaigns using destructive malware as cover, marking a tactical evolution in how Iran's Ministry of Intelligence and Security conducts espionage under commercial-crime deniability.

MODERATECyber and Information Warfare26 MAY 2026
CYBER-INTEL // TIER 1 THREAT

Salt Typhoon Breaches IBM Italy Subsidiary: China's Telecom Espionage Reaches European Infrastructure

China's Salt Typhoon APT group has extended its telecommunications espionage campaign to European infrastructure, with an IBM subsidiary in Italy assessed with high confidence to have been accessed for approximately two weeks before detection — the first confirmed Salt Typhoon foothold on Italian soil.

HIGH CONFIDENCECyber and Information Warfare26 MAY 2026