CyGym: a Simulation-Based Game-Theoretic Analysis Framework for Cybersecurity

We introduce a novel cybersecurity encounter simulator between a network defender and an attacker designed to facilitate game-theoretic modeling and analysis while maintaining many significant features of real cyber defense. Our simulator, built within the OpenAI Gym framework, incorporates...

Chinese Volt Typhoon Hackers Infiltrated US Electric Utility for Nearly a Year

Dragos reveals Volt Typhoon hackers infiltrated a US electric utility for 300 days, collecting sensitive data. Learn how this cyberattack threatens infrastructure...

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an entity in the region. "During this attack, the threat actor used as a lure the upcoming World Expo, which will be...

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

The U.S. Federal Bureau of Investigation FBI has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed...

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

China's National Computer Virus Emergency Response Center CVERC has doubled down on claims that the threat actor known as Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went ...

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the...

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet...

U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks

The U.S. Environmental Protection Agency EPA said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country. "In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the...

CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity

Today, CISA, the National Security Agency NSA, Federal Bureau of Investigation FBI, and other U.S. and international partners are issuing a joint fact sheet, People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders. Partners of this publication includ...

Attacks, Vulnerabilities and Actors 12 to 18 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eight attacks were executed, five vulnerabilities were uncovered, and three active adversaries we...

Attacks, Vulnerabilities and Actors 5 to 11 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of five attacks were executed, six vulnerabilities were uncovered, and two active adversaries were...

How 3 Million ‘Hacked’ Toothbrushes Became a Cyber Urban Legend

Plus: China’s Volt Typhoon hackers lurked in US systems for years, the Biden administration’s crackdown on spyware vendors ramps up, and a new pro-Beijing disinformation campaign gets exposed...

FBI and CISA publish guide to Living off the Land techniques

The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, Federal Bureau of Investigation FBI, and other authoring agencies have released a joint guidance about common living off the land LOTL techniques and common gaps in cyber defense capabilities. Living Off The...

Volt Typhoon: A Cyber Threat to U.S. Critical Infrastructure

Summary: State-sponsored cyber actors from the People’s Republic of China, known as Volt Typhoon, are actively targeting critical infrastructure in the United States, employing sophisticated tactics like pre-compromise reconnaissance and living off-the-land techniques. Threat Level - Red | Attack...

Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade

The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and...

CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance

Today, CISA, the National Security Agency NSA, and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory CSA, PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and...

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

Actions to take today to mitigate Volt Typhoon activity: 1. Apply patches for internet-facing systems. Prioritize patching critical vulnerabilities in appliances known to be frequently exploited by Volt Typhoon. 2. Implement phishing-resistant MFA. 3. Ensure logging is turned on for application,...

FBI removes malware from hundreds of routers across the US

The FBI has used a court order to remove malware from hundreds of routers across the US, and alter the routers’ settings to prevent reinfection. The routers are malware-infected NetGear and Cisco small office/home office SOHO devices that no longer receive updates because they have reached their...

FBI Disrupts Chinese State-Backed Volt Typhoon’s KV Botnet

By Waqas The KV Botnet, a Chinese state-sponsored threat actor group gained widespread attention for compromising hundreds of U.S.-based small office/home office SOHO routers. This is a post from HackRead.com Read the original post: FBI Disrupts Chinese State-Backed Volt Typhoons KV Botnet...

U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers

The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office SOHO routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of t...