Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia

Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and…...

Chinese PlushDaemon APT Targets S. Korean IPany VPN with Backdoor

Cybersecurity firm ESET uncovers PlushDaemon, a previously unknown APT group targeting South Korea, deploying a SlowStepper backdoor. This…...

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust,...

Americans urged to use encrypted messaging after large, ongoing cyberattack

A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with. Speaking to Reuters, a senior US official said the attack telecommunicatio...

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

The China-aligned advanced persistent threat APT actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples...

Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed

Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat APT group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor's activity reveals long-term...

CISA: Disconnect vulnerable Ivanti products TODAY

In an emergency directive, the Cybersecurity and Infrastructure Security Agency CISA has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti...

Chinese APT Posing as Cloud Services to Spy on Cambodian Government

By Deeba Ahmed Palo Alto's Unit 42 Reveals Chinese APT Spying on 24 Cambodian Government Entities as Part of Long-Term Cyberespionage. This is a post from HackRead.com Read the original post: Chinese APT Posing as Cloud Services to Spy on Cambodian Government...

Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign

A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the...

Chinese APT Slid Fake Signal and Telegram Apps onto Official App Stores

By Habiba Rashid Key Findings Cybersecurity researchers have warned of fake Signal and Telegram apps that have been distributed through the… This is a post from HackRead.com Read the original post: Chinese APT Slid Fake Signal and Telegram Apps onto Official App Stores...

Microsoft: Chinese APT Flax Typhoon uses legit tools for cyber espionage

By Deeba Ahmed Researchers believe that this time instead of cyber espionage, Chinese threat actors may have opted for more complex information ops. This is a post from HackRead.com Read the original post: Microsoft: Chinese APT Flax Typhoon uses legit tools for cyber espionage...

Chinese Espionage Malware Targets European Healthcare via USB Drives

By Waqas The malware campaign has been attributed to the Chinese APT group Mustang Panda, also known as Camaro Dragon. This is a post from HackRead.com Read the original post: Chinese Espionage Malware Targets European Healthcare via USB Drives...

Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign

Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023. Symantec, by Broadcom Software, is tracking the...

WIP19 targets IT service providers and telcos with custom malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary WIP19, a Chinese APT group is using legitimate and stolen certificates to sign malware, such as SQLMaggie, ScreenCap, and a credential dumper which it then used to target telecommunications and IT service...

Experts Uncover New 'CosmicStrand' UEFI Firmware Rootkit Used by Chinese Hackers

An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated Unified Extensible Firmware Interface UEFI firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are...

Bronze Starlight uses loader malware to deploy ransomware

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Bronze Starlight, a Chinese APT, is deploying ransomware LockFile, AtomSilo, Rook, Night Sky, and Pandora via the HUI loader malware to carry out double extortion...

Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity

A sophisticated Chinese advanced persistent threat APT actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implemented an interesting web...

Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks

A Chinese advanced persistent threat APT known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "difficult-to-detect" backdoor is notable for its use...

Chinese "Override Panda" Hackers Resurface With New Espionage Attacks

A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. "The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as 'Viper,'" Cluster25 said i...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...