The Containment Era is here. →Explore

aviatrix logoAviatrix
Under Active Attack
Industry Category

Government Relations

Breach intelligence, attack campaigns, and threat reports targeting the Government Relations sector.

3 threat reports
Page 1 of 1

Explore Other Sectors

Accounting
Aerospace/Aviation
Agriculture
Airlines/Aviation
Animation
Apparel/Fashion
Architecture/Planning
Artificial Intelligence
Artificial Intelligence/Machine Learning
Arts/Crafts
Automotive
Aviation/Aerospace
Banking/Mortgage
Biotechnology/Greentech
Blockchain/Cryptocurrency
Broadcast Media
Broadcasting Media
Broadcasting/Media
Building Materials
Business Supplies/Equipment
Capital Markets/Hedge Fund/Private Equity
Chemical
Chemicals
Civic/Social Organization
Civil Engineering
Cloud Computing
Cloud Computing/SaaS
Cloud Services
Commercial Facilities
Commercial Real Estate
Computer Games
Computer Hardware
Computer Networking
Computer Software/Engineering
Computer/Network Security
Construction
Consulting
Consumer Electronics
Consumer Goods
Consumer Services
Cosmetics
Cosmetics
Critical Manufacturing
Cryptocurrencies
Customer Services
Cybersecurity
Dairy
Dating/Personal Services
Defense/Space
Design
E-Learning
Education Management
Electrical/Electronic Manufacturing
Emergency Services
Energy
Energy/Oil/Solar/Greentech
Entertainment/Movie Production
Environmental Services
Events Services
Facilities Services
Farming
Fashion/Apparel
Financial Services
Fine Art
Fishery
Food Production
Food/Beverages
Fortune 500 companies
Franchising
Fundraising
Gambling/Casinos
Gaming
Gaming/Casinos
Government Administration
Government Facilities
Government Relations
Graphic Design/Web Design
Health Care / Life Sciences
Higher Education/Acadamia
Hospitality
Human Resources/HR
Import/Export
Individual/Family Services
Industrial Automation
Information Services
Information Technology/IT
Insurance
International Affairs
International Trade/Development
Internet
Investment Banking/Venture
Investment Management/Hedge Fund/Private Equity
Judiciary
Law Enforcement
Law Practice/Law Firms
Legal Services
Legislative Office
Leisure/Travel
Logistics/Procurement
Luxury Goods/Jewelry
Machinery
Management Consulting
Manufacturing
Maritime
Marketing/Advertising/Sales
Mechanical or Industrial Engineering
Media Production
Medical Equipment
Medical Practice
Military Industry
Mining/Metals
Mobile
Museums/Institutions
Music
Newspapers/Journalism
Non-Profit/Volunteering
Oil/Energy/Solar/Greentech
Online Publishing
Outsourcing/Offshoring
Package/Freight Delivery
Parking
Pharmaceuticals
Philanthropy
Photography
Plastics
Political Organization
Primary/Secondary Education
Professional Training
Public Relations/PR
Public Safety
Publishing Industry
Railroad Manufacture
Real Estate/Mortgage
Recreational Facilities/Services
Religious Institutions
Renewables/Environment
Research Industry
Restaurants
Retail Industry
Robotics
Rural Healthcare
Security/Investigations
Semiconductors
Sporting Goods
Sports
Staffing/Recruiting
Supermarkets
Technology
Technology/IT
Telecommunications
Think Tanks
Toys and Games
Transportation
Travel/Tourism
Trucking/Freight
Utilities
Venture Capital/VC
Warehousing
Water and Wastewater
Water and Wastewater Systems
Water and Wastewater Treatment
Water, Waste, Steam, and Air Conditioning Services
Water/Wastewater Management
Water/Wastewater/Utilities
Wholesale
Wireless

Government Relations Threat Reports

Showing 13 / 3 reports
CRESCENTHARVEST Malware Campaign Exploits Iran Protests to Target Supporters
Impact· MEDIUM
Civic/Social Organization

CRESCENTHARVEST Malware Campaign Exploits Iran Protests to Target Supporters

In early January 2026, a cyberespionage campaign named CRESCENTHARVEST emerged, targeting individuals supporting Iran's anti-government protests. Attackers distributed malicious archive files containing authentic protest media and Farsi-language reports, alongside disguised Windows shortcut (.LNK) files. When executed, these shortcuts deployed a remote access trojan (RAT) capable of executing commands, logging keystrokes, and exfiltrating sensitive data. The campaign's sophistication suggests alignment with Iranian state interests, aiming for long-term surveillance and information theft. This incident underscores the increasing use of geopolitical events as lures in cyberattacks, highlighting the need for heightened vigilance among activists, journalists, and dissidents. The campaign's reliance on social engineering and legitimate-looking media emphasizes the importance of verifying the authenticity of received files, especially those related to sensitive political contexts.

4 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(high)
LM
Lateral Movement(medium)
C&C
Command & Control(high)
E
Exfiltration(high)
I
Impact(medium)
Read Report
LOTUSLITE Backdoor: How Mustang Panda Targeted U.S. Policy Organizations in 2026
Impact· low
Government Administration

LOTUSLITE Backdoor: How Mustang Panda Targeted U.S. Policy Organizations in 2026

In January 2026, researchers revealed a spear phishing campaign targeting US government and policy organizations utilizing geopolitical lures themed around US intervention in Venezuela. Attackers distributed a malicious ZIP archive containing a DLL file using side-loading techniques to deploy the LOTUSLITE backdoor. The campaign, attributed to the Chinese state-linked Mustang Panda group, leveraged reliable execution flows such as DLL sideloading, beaconed over WinHTTP APIs, enabled remote command execution, and exfiltrated data. While the exact scope of any successful compromise remains unclear, the operation demonstrates a focused cyber espionage effort using proven tactics for initial access and persistence. This campaign highlights the ongoing trend where threat actors employ familiar, effective tradecraft combined with timely or provocative lures. It underscores the continued risk posed to policy organizations from geopolitical-themed spear phishing as attackers adapt their delivery but rely on consistent, operationally sound techniques.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(low)
C&C
Command & Control(high)
E
Exfiltration(medium)
I
Impact(low)
Read Report
Iranian Nation-State Hackers Target John Bolton’s Email in 2021 Security Breach
Impact· high
Government Administration

Iranian Nation-State Hackers Target John Bolton’s Email in 2021 Security Breach

In July 2021, former U.S. National Security Adviser John Bolton's personal email account was compromised by cyber actors believed to be linked to the Islamic Republic of Iran. The attackers gained unlawful access, extracted emails containing potentially sensitive information, and leveraged these materials to threaten and attempt to coerce Bolton, including by referencing classified content and threatening public disclosure. The FBI became aware when Bolton’s representative reported the intrusion and subsequent extortion attempts, with the threat actor referencing previous high-profile leaks to amplify pressure. It remains unclear if any sensitive materials were publicly disseminated, but the incident elevated concerns around the exposure of classified or sensitive government information through personal communication channels. This incident highlights a persistent risk from nation-state actors targeting senior government officials, leveraging cyber-intrusions for espionage and psychological operations. With the proliferation of similar tactics against political, governmental, and critical infrastructure targets globally, this attack reflects an urgent need for heightened security controls on personal communications of high-profile public figures.

5 months ago

Kill Chain

IC
Initial Compromise(medium)
PE
Privilege Escalation(low)
LM
Lateral Movement(low)
C&C
Command & Control(medium)
E
Exfiltration(high)
I
Impact(high)
Read Report
[ INCIDENT RESPONSE // UNDER ATTACK? ]

Stop Active Cloud Data Exfiltration

Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.

Under Attack

Looking for threats in a different sector?

Browse All Threat Reports