SpearSpecter: Sophisticated Cyber-Espionage Campaign Targets High-Value Officials

Researchers from the Israel National Digital Agency (INDA) have uncovered a sophisticated cyber-espionage campaign named SpearSpecter. The campaign, linked to state-aligned threat actors, uses social engineering and a fileless PowerShell backdoor called TAMECAT to target high-value government and defense officials. The attackers build trust over weeks through WhatsApp conversations before delivering malicious links disguised as conference documents. The malware leverages legitimate cloud infrastructure and employs multi-channel command-and-control frameworks, including Telegram and Discord. TAMECAT's capabilities include data exfiltration, credential harvesting, and screenshot capture. The campaign demonstrates a deep understanding of Windows internals and human behavior, representing a significant escalation in cyber-espionage tradecraft.

Latest mentioned: 11-18

Earliest mentioned: 11-14

Sources

gbhackers.com securityonline.info thehackernews.com

Also Read

Yurei Ransomware Emerges: Double-Extortion Model Threatens Corporations

Security researchers at AhnLab have identified Yurei, a new ransomware group operating since September 2025. Yurei uses a double-extortion model, encrypting data and demanding ransom for stolen information. Unlike many modern ransomware groups, Yurei operates independently without relying on Ransomware-as-a-Service (RaaS) ecosystems. The malware, written in Go, performs encryption with minimal preparation and uses a dual-layer cryptographic model. Yurei's attacks have impacted various industries, including transportation, IT software, marketing, and food and beverage.

11-17Read more →