The kit, named DarkSword, has a variety of possible implications, the research from iVerify, Lookout and Google suggests.

Sean Cairncross said the idea rather is to collaborate with the private sector in a way that helps the U.S. government take the battle to its adversaries.

It’s been difficult early on to separate signal from noise, even if the attack on the medical device maker looks like a qualified success for the attackers.

Mike Duffy, acting federal CISO

Deputy Assistant Secretary and Assistant Director of the Diplomatic Security Service for Cyber & Technology Security Bureau of Diplomatic Security

Researchers traced the kit moving from a spyware vendor’s customer to Russian hackers to Chinese cybercriminals.

Brett Leatherman is running the bureau's most public cyber campaign yet, pushing basic security hygiene while quietly preparing industry for stepped-up Chinese threats.

OpenAI said a Chinese law enforcement agency uploaded reports to ChatGPT that details a worldwide digital operation to track and silence regime critics at home and abroad. 

The average time from intrusion to network movement in 2025 was 29 minutes, a 65% increase in speed from the year prior.

Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt.