Lucene search
+L

44 matches found

schneier
schneier
added 2026/01/05 12:1 p.m.8 views

Telegram Hosting World’s Largest Darknet Market

Wired is reporting on Chinese darknet markets on Telegram. The ecosystem of marketplaces for Chinese-speaking crypto scammers hosted on the messaging service Telegram have now grown to be bigger than ever before, according to a new analysis from the crypto tracing firm Elliptic. Despite a brief...

6.9AI score
Exploits0
talosblog
talosblog
added 2025/08/15 10:0 a.m.22 views

UAT-7237 targets Taiwanese web hosting infrastructure

Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat APT group active since at least 2022, which has significant overlaps with UAT-5918. UAT-7237 conducted a recent intrusion targeting web infrastructure entities within Taiwan and relies heavily on the use of open-source...

8.7AI score
Exploits0
thn
thn
added 2025/05/25 7:36 a.m.31 views

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework. The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident...

7.9AI score
Exploits0
rapid7blog
rapid7blog
added 2025/05/22 12:0 p.m.41 views

NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign

Co-authored byAnna Širokova and Ivan Feigl Executive summary Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in memory and gives attackers remote...

7.8AI score
Exploits0
talosblog
talosblog
added 2025/05/22 10:0 a.m.38 views

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Cisco Talos has observed exploitation of CVE-2025-0994, a remote-code-execution vulnerability in Cityworks, a popular asset management system. The Cybersecurity and Infrastructure Security Agency CISA and Trimble have both released advisories pertaining to this vulnerability, with Trimble's...

9.8CVSS8.9AI score0.28261EPSS
Exploits1
talosblog
talosblog
added 2025/04/17 10:0 a.m.16 views

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed an existing distributed denial-of-service DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the United States from Nov. 2023 to Feb. 2025. Th...

8.5AI score
Exploits0
thn
thn
added 2025/02/27 1:4 p.m.13 views

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic aka ToxicPanda, indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors' ongoin...

6.9AI score
Exploits0
trendmicroblog
trendmicroblog
added 2025/02/07 12:0 a.m.7 views

Chinese-Speaking Group Manipulates SEO with BadIIS

This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment...

7.3AI score
Exploits0
thn
thn
added 2025/02/06 2:34 p.m.17 views

Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking...

7.5AI score
Exploits0
hackread
hackread
added 2024/09/11 6:38 p.m.15 views

Chinese DragonRank Hackers Exploit Global Windows Servers in SEO Fraud

DragonRank, a Chinese-speaking hacking group, has compromised 30+ Windows servers globally. They exploit IIS vulnerabilities to manipulate SEO…...

7.4AI score
Exploits0
talosblog
talosblog
added 2024/09/10 4:0 a.m.22 views

DragonRank, a Chinese-speaking SEO manipulator service provider

Key Takeaways Cisco Talos is disclosing a new threat called "DragonRank" that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization SEO rank manipulation. DragonRank exploits targets' web application services to deploy a web shell and...

8.4AI score
Exploits0
thn
thn
added 2024/09/09 5:30 a.m.24 views

TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is...

7.5AI score
Exploits0
thn
thn
added 2024/08/30 6:17 a.m.18 views

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems...

8.4AI score
Exploits0
talosblog
talosblog
added 2024/06/21 12:0 p.m.37 views

SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...

7AI score
Exploits0
trendmicroblog
trendmicroblog
added 2024/06/19 12:0 a.m.18 views

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer MSI files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are...

7.3AI score
Exploits0
thn
thn
added 2024/06/13 6:25 a.m.23 views

New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara...

8.2AI score
Exploits0
trendmicroblog
trendmicroblog
added 2024/06/11 12:0 a.m.6 views

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime...

7.3AI score
Exploits0
trendmicroblog
trendmicroblog
added 2024/06/11 12:0 a.m.25 views

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime...

7.3AI score
Exploits0
thn
thn
added 2023/12/20 10:20 a.m.48 views

Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country...

6.4AI score
Exploits0
hivepro
hivepro
added 2023/12/05 7:41 a.m.14 views

SugarGh0st RAT A Customized Gh0st Variant in Cyber Espionage

Summary: A malicious campaign deploying the customized SugarGh0st RAT, likely orchestrated by a Chinese-speaking threat actor targeting the Uzbekistan Ministry of Foreign Affairs and South Korean users. SugarGh0st, a variant of Gh0st RAT, exhibits advanced features for remote control, keylogging,...

7.4AI score
Exploits0
Rows per page
Query Builder