Notorious Chinese Hacker Gang GhostEmperor Re-Emerges After 2 Years

July 19, 2024 at 11:36AM The sophisticated Chinese hacking group GhostEmperor has reappeared after a two-year hiatus with updated and advanced tactics, as revealed by cybersecurity firm Sygnia. The group targeted telecommunications and government entities in Southeast Asia, using customized malware and evasion methods. The recent intrusion involved an evolved attack chain and indicated the … Read more

Chinese APT40 hackers hijack SOHO routers to launch attacks

July 9, 2024 at 11:13AM The joint advisory from international cybersecurity agencies and law enforcement warns of Chinese state-sponsored APT40’s cyberespionage attacks. APT40, known by various aliases, targets government and private entities in the US and Australia. They exploit vulnerabilities in public-facing infrastructure and edge networking devices and utilize hijacked SOHO routers for launching attacks. … Read more

Global Coalition Blames China’s APT40 for Hacking Government Networks

July 9, 2024 at 07:21AM The US, UK, Canada, Germany, Japan, New Zealand, and South Korea support Australia’s accusation of Chinese state-sponsored hacking into government networks. APT40, also known as Bronze Mohawk, is highlighted for targeting Australian and regional networks with advanced tradecraft, exploiting vulnerabilities in widely used software and leveraging tactics shared by other … Read more

Cybersecurity Agencies Warn of China-linked APT40’s Rapid Exploit Adaptation

July 9, 2024 at 02:56AM Cybersecurity agencies from multiple countries issued a joint advisory about APT40, a China-linked cyber espionage group known for quickly exploiting security flaws and targeting organizations worldwide. Operating since 2013, APT40 has been affiliated with China’s Ministry of State Security and has conducted various cyber attacks to steal sensitive information. It’s … Read more

China’s APT40 gang is ready to attack vulns within hours or days of public release.

July 8, 2024 at 10:37PM Law enforcement agencies, led by Australia, have issued an advisory detailing the tradecraft of APT40, a state-sponsored cyber group aligned with China. Known for rapidly exploiting new vulnerabilities, APT40 targets unpatched networks and uses compromised devices to launch attacks. The advisory provides mitigation tactics and highlights APT40’s use of web … Read more

Google links WinRAR exploitation to Russian, Chinese state hackers

October 18, 2023 at 12:49PM Google’s Threat Analysis Group has identified state-backed hacking groups, including Sandworm, APT28, and APT40, exploiting a vulnerability in WinRAR, a popular compression software. The bug allows attackers to execute arbitrary code on users’ systems. Despite a patch being available, many users remain vulnerable. The bug has been exploited since April, … Read more

Google links WinRAR exploitation to multiple state hacking groups

October 18, 2023 at 11:16AM State-backed hacking groups, including Sandworm, APT28, and APT40, are exploiting a vulnerability in WinRAR to execute arbitrary code on targeted systems. The bug, known as CVE-2023-38831, has been exploited since April 2023, enabling threat actors to deliver various malware payloads. Despite a patch being available, many users remain vulnerable. Google … Read more