Lucene search
K

21 matches found

The Hacker News
The Hacker News
added 2026/07/06 10:58 a.m.15 views

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/21 2:17 p.m.23 views

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux systems, capable...

9.8CVSS7.4AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2026/05/05 2:19 p.m.11 views

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat APT group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302 ,...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/05 10:0 a.m.12 views

UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat APT group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made...

8.8CVSS7.4AI score0.28261EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/03/26 1:0 p.m.21 views

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

Executive overview The strategic positioning of covert access within the world’s telecommunication networks A months-long investigation by Rapid7 Labs has uncovered evidence of an advanced China-nexus threat actor, Red Menshen, placing some of the stealthiest digital sleeper cells the team has ev...

6.2AI score
Exploits0
Talos Blog
Talos Blog
added 2026/02/05 11:0 a.m.15 views

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

Cisco Talos uncovered "DKnife," a fully featured gateway-monitoring and adversary-in-the-middle AitM framework comprising seven Linux-based implants that perform deep-packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Based on the artifact metadata, DKnife ha...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/15 11:0 a.m.11 views

UAT-8837 targets critical infrastructure sectors in North America

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat APT actor based on overlaps in tactics, techniques, and procedures TTPs with those of other known China-nexus threat actors. Based on UAT-8837's TTPs and...

9CVSS7.6AI score0.30809EPSS
Exploits3
Talos Blog
Talos Blog
added 2026/01/08 11:0 a.m.13 views

UAT-7290 targets high value telecommunications infrastructure in South Asia

Cisco Talos is disclosing a sophisticated threat actor we track as UAT-7290, who has been active since at least 2022. UAT-7290 is tasked with gaining initial access as well as conducting espionage focused intrusions against critical infrastructure entities in South Asia. UAT-7290's arsenal includ...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/18 4:10 a.m.5 views

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat APT actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The networking...

10CVSS7.1AI score0.2906EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/12/05 2:10 p.m.13 views

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components RSC within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 CVSS score: 10.0, aka React2Shell, which allows unauthenticated remot...

10CVSS9.5AI score0.99562EPSS
Exploits393
The Hacker News
The Hacker News
added 2025/08/25 6:11 p.m.4 views

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing's strategic interests. "This multi-stage attack chain leverages advanced social engineering including valid code signing...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/11 6:30 a.m.43 views

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager EPM, including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 CVSS score: 10.0 - A deserialization of...

10CVSS9.1AI score0.88955EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/08/26 2:33 p.m.26 views

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 CVSS score: 9.3, has been described as an improper access contr...

7.2AI score0.15593EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/07/27 6:9 a.m.26 views

French Authorities Launch Operation to Remove PlugX Malware from Infected Systems

French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/17 11:59 a.m.53 views

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/22 11:5 a.m.64 views

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment NERVE...

9.1CVSS9.7AI score0.99999EPSS
Exploits23
The Hacker News
The Hacker News
added 2023/09/25 6:45 a.m.37 views

New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims'...

8.4AI score
Exploits0
hivepro
hivepro
added 2023/01/23 3:34 a.m.109 views

New BOLDMOVE Backdoor uses FortiOS vulnerability for initial access

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A suspected China-nexus campaign has exploited a vulnerability in Fortinets FortiOS SSL-VPN, known as CVE-2022-42475. The exploitation was believed to have occurred as early as October 2022 and the targe...

2.7AI score0.99474EPSS
Exploits11
FireEye
FireEye
added 2019/10/15 2:15 p.m.23 views

LOWKEY: Hunting for the Missing Volume Serial ID

In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. This blog...

7.4AI score
Exploits0References6
FireEye
FireEye
added 2019/08/19 12:0 a.m.256 views

GAME OVER: Detecting and Stopping an APT41 Operation

In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. APT41 is...

10CVSS0.4AI score0.99913EPSS
Exploits20References9
Rows per page
Query Builder