Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users

A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application...

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October...

Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers

The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social...

State-backed hacking group from China is targeting the Russian military

In an unexpected turn of events, research has surfaced about a Chinese APT advanced persistent threat group targeting the Russian military in recent cyberattacks. Tracked as Bronze President, Mustang Panda, RedDelta, and TA416, the group has focused mainly on Southeast Asian targets—and more...

Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector

A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps...

Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

A China-linked government-sponsored threat actor observed striking European diplomatic entities in March may have been targeting Russian government officials with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks...

New PlugX variant “Talisman” used by famous Chinese APT

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here PlugX is a well-known malware family with samples dating back to as early as 2008. A Chinese state-backed threat actor, RedFoxtrot group, is discovered to use a new variant of the PlugX malware, Talisman. The threat actor grou...

PlugX: A Talisman to Behold

PlugX: A Talisman to Behold By Max Kersten, Marc Elias, Leandro Velasco, and Alexandre Mundo Alguacil · March 28, 2022 For over a decade, the PlugX malware has been observed internationally with different variants found around the world. This blog covers a PlugX variant that we have named Talisma...

PlugX: A Talisman to Behold

PlugX: A Talisman to Behold By Max Kersten, Marc Elias, Leandro Velasco, and Alexandre Mundo Alguacil · March 28, 2022 For over a decade, the PlugX malware has been observed internationally with different variants found around the world. This blog covers a PlugX variant that we have named Talisma...

Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection

The Chinese advanced persistent threat APT Mustang Panda a.k.a. Temp.Hex, HoneyMyte, TA416 or RedDelta has upgraded its espionage campaign against diplomatic missions, research entities and internet service providers ISPs – largely in and around Southeast Asia. For one thing, the APT has deployed...

Mustang Panda targets European diplomats using enhanced PlugX backdoor

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...

Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan RAT on compromised systems. Attributing the intrusions to a threat actor...

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti or APT41, Positive Technologies dated the first...

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 advanced persistent threat APT actor is back with a vengeance: After a month of inactivity, the group was spotted launching spear-phishing attacks with a never-before-seen Golang variant of its PlugX malware loader. TA416, which is also known as “Mustang Panda” and “RedDelta,” was spott...

Hackers Continue Cyberattacks Against Vatican, Catholic Orgs

A state-sponsored threat group linked to China has been engaged in a five-month long cyberattack against the Vatican and other Catholic Church-related organizations. Attacks have come in the form of spear phishing emails laced with the PlugX remote access tool RAT as the payload. Researchers with...

MalConfScan - Volatility Plugin For Extracts Configuration Data Of Known Malware

MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function ...

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders

The Chinese-language cyber-espionage group known as APT10 has apparently added to its malware bag of tricks, with two never-before-seen malware loader variants used in April campaigns against government and private organizations in Southeast Asia. Also, the campaigns featured modified versions of...

The Advanced Persistent Threat files: APT10

We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...

PlugX Controller Stack Overflow Exploit

This Metasploit module exploits a Stack buffer overflow in the PlugX Controller C2 server. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'PlugX Controller Stack Overflow',...

PlugX Controller Stack Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'PlugX Controller Stack Overflow', 'Description' = %q This module exploits a Stack buffer overflow in the PlugX Controller C2 server...