Tuesday , July 14 2026
compromised government

TGR-STA-1030 likely compromised Gov.t and CII in 37 Countries with Bangladesh 

According to Palo Alto Networks, a state-backed hacking group compromised government and critical infrastructure systems worldwide. The security firm identifies the threat actor as TGR-STA-1030, and their recent activity is dubbed as the Shadow Campaign.

Palo Alto Networks expressed high confidence that it’s a nation-state group operating out of Asia based on the use of regional tools and services, language preferences, targets, and operational infrastructure located in the region. The security firm hasn’t named a specific country for Shadow Campaign, but its activities suggest it resembles a Chinese threat actor.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

“Palo Alto Networks Unit 42 confirmed that the threat actor successfully accessed and exfiltrated sensitive data from victim email servers,” Unit 42 Director of National Security Programs Pete Renals told The Register. “This included financial negotiations and contracts, banking and account information, and critical military-related operational updates.”

“The Cybersecurity and Infrastructure Security Agency is aware of the hacking group identified as TGR-STA-1030 by Palo Alto Networks,” a CISA spokesperson told The Register. “We are working with our government, industry, and international partners to rapidly detect and mitigate any exploitation of the vulnerabilities identified in the report.”

Palo Alto researchers found that TGR-STA-1030 has hacked at least 70 organizations in 37 countries. The hackers have also been surveying government systems in 155 countries.

Targets included national law enforcement, border control agencies, finance ministries, and government departments related to trade, natural resources, and diplomacy.

“This group compromised one nation’s parliament and a senior elected official of another. It also compromised national-level telecommunications companies and several national police and counter-terrorism organizations,” Palo Alto Networks said.

It added, “While this group might be pursuing espionage objectives, its methods, targets and scale of operations are alarming, with potential long-term consequences for national security and key services.”

The security firm has tracked TGR-STA-1030 since early 2025, initially targeting European governments, but evidence indicates it may have been active since January 2024.

Initial access, malware, and vulnerability exploitation:

Hackers gained entry to targeted organizations using advanced email phishing tactics to convince recipients to install malware. The malware loader in the Shadow Campaign checks for only five security products, unlike many loaders that check for many. This helps it evade detection.

The threat actor employs various tools, with the most significant being ShadowGuard, a Linux kernel rootkit identified by Palo Alto. It allows attackers to alter system data and stay undetected.

Palo Alto has observed attempts to exploit known vulnerabilities in products from Microsoft, SAP, Atlassian, D-Link, Apache, Commvault, and several Chinese vendors, but there’s no evidence of zero-day vulnerabilities being exploited.

Indicators of Compromise:

IP Addresses
138.197.44[.]208
142.91.105[.]172
146.190.152[.]219
157.230.34[.]45
157.245.194[.]54
159.65.156[.]200
159.203.164[.]101
178.128.60[.]22
178.128.109[.]37
188.127.251[.]171
188.166.210[.]146
208.85.21[.]30

Palo Alto Networks found that the group uses various command-and-control (C2) frameworks typical for their region to move laterally and maintain access in compromised systems.

8.7 billion records leaked: Inside the huge Chinese data breach

Check Also

Apple

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can …