A Major Leak Spills a Chinese Hacking Contractor’s Tools and Targets

Plus: State-sponsored AI hacking is here, Google hosts a CBP face recognition app, and more of the week’s top security news...

National Nuclear Security Administration Systems Breached in SharePoint Cyberattack

National Nuclear Security Administration and National Institutes of Health targeted in global Microsoft SharePoint vulnerability exploitation. Chinese hacking groups suspected in widespread data breaches...

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox aka Void...

The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking

Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more...

Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows

Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks...

On the Cyber Safety Review Board

When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrikes faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to t...

Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack

The Police of Finland aka Poliisi has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the...

A Mysterious Leak Exposed Chinese Hacking Secrets

Plus: Scammers try to dupe Apple with 5,000 fake iPhones, Avast gets fined for selling browsing data, and researchers figure out how to clone fingerprints from your phone screen...

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway ESG appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which i...

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches

The U.S. Federal Bureau of Investigation FBI is warning that Barracuda Networks Email Security Gateway ESG appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective"...

Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems

Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of...

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunication...

Chinese Hacking of US Critical Infrastructure

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection...

Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China

The advanced persistent threat APT group referred to as Evasive Panda has been observed targeting an international non-governmental organization NGO in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribut...

Revealing the Tonto Team’s Latest Hacks and Menaces

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Tonto Team, a Chinese hacking group, has been linked to attacks on various Asian and Eastern European organizations. In June 2022, an advanced persistent threat APT attempted to hack a cybersecurity...

State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns

Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key...

Researchers Find New Malware Attacks Targeting Russian Government Entities

An unknown advanced persistent threat APT group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. "The campaigns ... are designed to implant a Remote Access Trojan RAT that can be used to...

The Story of the 2011 RSA Hack

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come...

FBI adds 5 Chinese APT41 hackers to its Cyber's Most Wanted List

The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking more than 100 companies throughout the world. Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and...

New Book! The Best of TaoSecurity Blog, Volume 2

I published a new book! The Best of TaoSecurity Blog, Volume 2: Network Security Monitoring, Technical Notes, Research, and China and the Advanced Persistent Threat It's in the Kindle Store, and if you're Unlimited it's free. Print edition to follow. The book lists as having 413 pages for the...