Hackers Breach Government Systems Worldwide

News

1. Hackers Breach Government Systems Worldwide

2. Cyber Risk Rises to the Top of India Inc Worry List

3. India, Malaysia Bet on Semiconductors to Deepen Ties

4. Sarvam AI Bets on Stability With Bulbul V3 Speech Model

5. India to Shape AI Summit Around Shared Resources, Safety

6. AI Is Turning Cloud Break-Ins Into a Race Against the Clock

A newly tracked, state-aligned cyber-espionage group operating out of Asia has compromised government bodies and critical infrastructure organizations across at least 37 countries over the past year, according to a new investigation by Palo Alto Networks’ threat-intelligence unit, Unit 42.

The group, tracked as TGR-STA-1030, breached at least 70 organizations and carried out large-scale reconnaissance against government-linked infrastructure associated with 155 countries between November and December 2025, Unit 42 said. 

The activity spans the Americas, Europe, Asia, Africa and Oceania, highlighting what researchers describe as a broad and persistent global espionage campaign.

Unit 42 said it assesses with high confidence that the group is state-aligned and Asia-based, but it has not publicly attributed the activity to a specific government. 

Targets were overwhelmingly governmental, including ministries of finance, foreign affairs and interior, national police and border-control agencies, parliaments, telecommunications providers and entities linked to energy, mining and trade.

In one case, investigators said the group compromised a national parliament. In another, it accessed the systems of a senior elected official.

While Unit 42’s public report does not name individual countries affected, The Economic Times reported that India was among the countries breached, citing interviews with senior officials involved in the investigation.

According to the newspaper, the activity detected in India was brief and contained, lasting less than a week.

“In India’s case, the activity we saw was short and contained quickly,” The Economic Times quoted Pete Renals, director of national security programs at Unit 42, as saying. Renals added that India’s government systems appeared more modern and resilient than many others examined during the investigation.

The campaign, dubbed “Shadow Campaigns,” first came to light in early 2025 when investigators uncovered phishing operations targeting European governments. Those attacks relied on lures tied to bureaucratic or ministerial reorganizations and delivered malware through files hosted on legitimate cloud services.

Since then, the group has expanded its tactics, pairing reconnaissance with the exploitation of known vulnerabilities in widely used enterprise and government software.

Unit 42 said it did not observe the use of zero-day exploits. Instead, attackers chained together existing weaknesses in products from vendors including Microsoft and SAP.

The group’s toolkit includes established command-and-control frameworks such as Cobalt Strike, alongside VShell, web shells and tunnelling tools that enable lateral movement and long-term persistence within compromised networks.

More significantly, Unit 42 identified a previously undocumented Linux kernel rootkit, dubbed ShadowGuard, which uses extended Berkeley Packet Filter (eBPF) technology to conceal processes and files at the kernel level.

The technique makes detection difficult and points to a focus on stealth and sustained intelligence collection rather than immediate disruption.

The breadth and timing of the activity suggest strategic intent. Unit 42 said the group appears to prioritize countries involved in, or considering, economic partnerships in sectors such as energy, mining, trade and infrastructure development.

In several regions, spikes in cyber activity closely followed diplomatic engagements, trade negotiations or politically sensitive events.

Palo Alto Networks said it has shared indicators of compromise with affected organizations and industry partners under responsible-disclosure protocols.