Hacking group Jewelbug shifts focus to European government targets, using novel C2 infrastructure
The threat group known as Jewelbug, also tracked by Check Point Research as Ink Dragon, has intensified its attacks against government targets in Europe since July 2025. Although the actor, aligned with China and active since at least March 2023, continues to attack entities in Southeast Asia and South America, its focus has expanded significantly. Check Point Research has detailed the operations of this hacking group, highlighting its combination of solid software engineering, disciplined operational playbooks, and the reuse of native platform tools to blend into normal company telemetry. These tactics make their intrusions “effective and stealthy.” ...