Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's Tactics, Techniques, and Procedures in critical governmental entities in the Middle East,...

Tropic Trooper spies on government entities in the Middle East

Executive summary Tropic Trooper also known as KeyBoy and Pirate Panda is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has...

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name...

New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims'...

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations networks with...

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and sensiti...

What is a web shell?

Editors note: The Need to Know is a new series from Talos, which focuses on cybersecurity terms, threats, tools and tactics that are discussed in our broader threat research. Think of this as a living encyclopedia of security terms and trends. Cisco Talos Incident Response recently released our...

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through...

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through...

Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization

An advanced persistent threat APT actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report...

Elusive ToddyCat APT Targets Microsoft Exchange Servers

An advanced persistent threat APT group, dubbed ToddyCat, is believed behind a series of attacks targeting Microsoft Exchange servers of high-profile government and military installations in Asia and Europe. The campaigns, according to researchers, began in December 2020, and have been largely...

New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers

An advanced persistent threat APT actor codenamed ToddyCat has been linked to a string of attacks aimed at government and military entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft...

[updated]Unpatched Atlassian Confluence vulnerability is actively exploited

Researchers found a vulnerability in Atlassian Confluence by conducting an incident response investigation. Atlassian rates the severity level of this vulnerability as critical. Atlassian has issued a security advisory and is working on a fix for the affected products. This qualifies the...

Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being...

New Cyber Espionage Group Targeting Ministries of Foreign Affairs

Cybersecurity researchers on Thursday took the wraps off a new cyber espionage group that has been behind a series of targeted attacks against diplomatic entities and telecommunication companies in Africa and the Middle East since at least 2017. Dubbed "BackdoorDiplomacy," the campaign involves...

This Week in Security News - April 30, 2021

Hacktivism’s reemergence explained and Hello ransomware uses updated China Chopper web shell...

Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability

We discuss the technical features of a Hello ransomware attack, including its exploitation of CVE-2019-0604 and the use of a modified version of the China Chopper web shell...

Prometei Botnet Could Fire Up APT-Style Attacks

A heretofore little-seen botnet dubbed Prometei is taking a page from advanced persistent threat APT cyberattackers: The malware is exploiting two of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon, in order to drop a Monero cryptominer on its targets. It’s also highly...

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate...

CISA and CNMF Analysis of SolarWinds-related Malware

CISA and the Department of Defense DoD Cyber National Mission Force CNMF have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network...