Lucene search
K

52 matches found

The Hacker News
The Hacker News
added 2023/09/12 10:18 a.m.85 views

Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign

A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/09 1:43 p.m.49 views

China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign

Hackers associated with China's Ministry of State Security MSS have been linked to attacks in 17 different countries in Asia, Europe, and North America from 2021 to 2023. Cybersecurity firm Recorded Future attributed the intrusion set to a nation-state group it tracks under the name RedHotel...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/18 12:58 p.m.64 views

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunication...

6.7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/07/14 12:0 a.m.59 views

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad

We recently found that an MSI installer built by the National Information Technology Board NITB, a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack...

7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/07/14 12:0 a.m.9 views

Possible Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad

We recently found that a modified installer of the E-Office app used by the Pakistani government delivered a Shadowpad sample, suggesting a possible supply-chain attack...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/15 10:17 a.m.47 views

Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign

Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023. Symantec, by Broadcom Software, is tracking the...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/22 7:19 a.m.64 views

NAPLISTENER: New Malware in REF2924 Group's Arsenal for Bypassing Detection

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C and is designed to evade "network-based forms of...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/22 7:19 a.m.2 views

NAPLISTENER: New Malware in REF2924 Group's Arsenal for Bypassing Detection

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C and is designed to evade "network-based forms of...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/14 9:39 a.m.4 views

Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America. The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147 , describing the activity as an "expansion of the group's...

10CVSS9.4AI score0.99999EPSS
Exploits22
The Hacker News
The Hacker News
added 2023/02/14 9:39 a.m.128 views

Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America. The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147, describing the activity as an "expansion of the group's...

10CVSS0.8AI score0.99999EPSS
Exploits22
The Hacker News
The Hacker News
added 2023/02/13 7:58 a.m.2 views

Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails

The advanced persistent threat APT actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's als...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/23 9:28 a.m.122 views

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries

Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chai...

7.8CVSS1.1AI score0.68464EPSS
Exploits8
The Hacker News
The Hacker News
added 2022/10/27 2:19 p.m.48 views

Researchers Expose Over 80 ShadowPad Malware C2 Servers

As many as 85 command-and-control C2 servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit TAU, which studied three ShadowPad variants using TCP, UDP, an...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/13 10:34 a.m.30 views

Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks

Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. "A notable feature of these attacks is that the attackers leveraged a wide rang...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/28 11:30 a.m.199 views

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October...

9.8CVSS2.2AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2022/05/03 5:32 a.m.28 views

Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector

A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/08 4:59 p.m.31 views

Chinese Hacker Groups Continue to Target Indian Power Grid Assets

China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/15 2:6 p.m.29 views

Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA

Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/01/18 8:2 a.m.21 views

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/20 3:44 p.m.30 views

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors,...

1.7AI score
Exploits0
Rows per page
Query Builder