Shadow Campaigns: Modern State-Sponsored Cyber Espionage

The search results reveal an intensifying landscape of state-sponsored cyber espionage campaigns in 2024-2026, with three major threat actors emerging:

North Korea's Lazarus Group

Between January-July 2025, Lazarus Group deployed 234 malicious packages across npm and PyPI repositories, targeting developers through compromised open source software[^1]. Their "BeaverTail" malware used sophisticated multi-stage loading techniques to steal credentials and maintain persistent access.

Earth Freybug APT

Operating as an offshoot of APT41, Earth Freybug conducts espionage against government agencies, defense contractors, and critical infrastructure[^4]. Their "Shadowhammer" malware specifically targets software supply chains, using stealth techniques to remain undetected within compromised systems.

Russia's GRU Campaign

Russia's military intelligence (GRU) nearly tripled its sabotage and subversion attacks in Europe between 2023-2024[^3]. Their operations targeted:

• Transportation (27% of attacks)
• Government facilities (27%)
• Critical infrastructure (21%)
• Industrial targets (21%)

The GRU campaign uses multiple attack vectors including explosives (35%), physical tools like anchors to cut undersea cables (27%), and electronic attacks (15%)[^3].

[^{1]: [Sonatype - Global Espionage: Lazarus Group Targets OSS Ecosystems](https://www.sonatype.com/blog/sonatype-uncovers-global-espionage-campaign-in-open-source-ecosystems) [}3]: CSIS - Russia's Shadow War Against the West [^4]: Cyber Centaurs - Shadow Ops – Unveiling the Stealth Tactics of Earth Freybug