Consult With Lawyers

TALK TO OUR EXPERT

Unit 42 Exposes Global ‘Shadow Campaigns’ Espionage Targeting 70 Government Agencies

Background and Timeline: On February 9, 2026, researchers from Unit 42 exposed a sophisticated, coordinated hacking campaign that has operated globally since late 2024. The operation, dubbed the “Shadow Campaigns,” successfully compromised dozens of government and critical infrastructure organizations. Forensic analysis confirmed that the state-aligned intruders maintained persistent access for over a year before detection in early 2026.

Modus Operandi: The state-aligned group TGR-STA-1030 used exploits for N-day vulnerabilities in products like Atlassian Crowd and SAP Solution Manager to gain initial access. They deployed a complex toolset including Linux rootkits like ShadowPad and DarkNimbus, and custom web shells such as Godzilla and Behinder. To conceal outgoing traffic, the attackers used relay and proxy servers running tunneling software like GOST and FRPS.

Victims and Financial Impact: 70 government and critical infrastructure organizations across 37 countries, including ministries in India, were compromised. Confirmed victims include national-level law enforcement, border control entities, and departments of foreign affairs, finance, and energy. In one instance, the actor connected to e-passport and e-visa services, potentially exposing the travel data and identities of millions.

Investigation and Agencies Involved: Unit 42 mapped C2 servers hosted on virtual private servers (VPS) in the US, UK, and Germany to avoid geographical blocking. The investigation revealed the use of various other malware payloads and command-and-control frameworks, including Havoc, SparkRat, and Sliver. Security firms across multiple jurisdictions collaborated to identify shared TTPs that linked these global intrusions to the same coordinated threat cluster.

Arrests and Suspects: No arrests have been made as the campaign is attributed to a high-tier state intelligence-gathering actor operating out of Asia. The actors demonstrate high operational security, utilizing sophisticated tunneling to hide their origins. While individual suspects are not named, their technical signatures are closely aligned with historical state espionage operations targeting government continuity data.

Broader Implications and Trends: The targeting of travel and identity services indicates a strategic focus on global population tracking and international surveillance. The campaign highlights that government entities are highly vulnerable to N-day exploits if patch cycles for administrative software are not prioritized. This reflects a shift toward compromising the software supply chain to achieve maximum reach with minimal visibility.   

Benefits to choose service

A legal expert will draft a proper demand notice, which will strengthen your case and also invite a fruitful response. Adarsh Singhal and its Associates offers services for drafting and sending demand notices. You can easily find a lawyer at Adarsh Singhal and its Associates for your legal needs.
File Your Query Online

    Why we
    • Adarsh Singhal and Associates features experienced and solution-oriented lawyers dedicated to protecting your rights and fighting for your justice.
    • Your legal case is completely secure and confidential.
    • Hiring a lawyer with us is more affordable than other services.
    • Our services are timely, with prompt responses.
    • The process of hiring a lawyer is quick and simple.
    • Adarsh Singhal and Associates is a government-recognized service.

    • Our service proudly boasts of 100% satisfaction from over 1 lakh customers.

       
    Adarsh Singhal & Associates

    © 2025 Adarsh Singhal and Associates.
    All RIghts Reserved.

    Facebook-f Instagram Twitter Youtube
    Quick Links
    Policies
    Get In Touch
    Rajasthan High Court Jaipur – 302005

    Developed & Maintained by Adarsh Singhal & Associates