November 15, 2024 at 04:43AM The Chinese APT group APT41 has expanded its LightSpy malware to a Windows surveillance framework named DeepData, enhancing its cross-platform espionage capabilities. This new tool focuses on information theft across various communication platforms and includes features like audio recording, keylogging, and system data gathering. The development began in mid-2022. ### … Read more
November 13, 2024 at 05:58PM China’s APT41 threat group has developed a sophisticated Windows-based malware toolkit, “DeepData Framework,” targeting South Asian organizations. The toolkit includes 12 modular plug-ins for data theft, including communications and system information. Analysts emphasize the need for heightened security measures against APT41’s ongoing cyber-espionage campaigns. ### Meeting Takeaways: 1. **APT41 Threat … Read more
October 21, 2024 at 10:02AM APT41, a Chinese state-sponsored cyber actor, conducted a sophisticated nine-month attack on the gambling and gaming industry, stealthily gathering sensitive data and evading detection by adapting strategies. Utilizing custom malware and exploiting credentials, they established persistence in the compromised network, targeting devices specifically within a designated VPN subnet. ### Meeting … Read more
September 22, 2024 at 09:10PM A China-linked cyber-espionage group dubbed Earth Baxia has targeted Taiwanese government agencies, the Philippine and Japanese military, and energy companies in Vietnam. The group primarily uses spear-phishing and a custom backdoor called EagleDoor, as well as exploiting a vulnerability in the open source GeoServer software. The majority of the group’s … Read more
August 26, 2024 at 06:04PM An ongoing campaign in southeast Asia is using two innovative stealth techniques to infect high-level organizations. “GrimResource” executes arbitrary code in the Microsoft Management Console, while “AppDomainManager Injection” uses malicious DLLs to load a custom configuration file. These techniques were recently used to drop Cobalt Strike onto IT systems belonging … Read more
August 14, 2024 at 02:03AM Earth Baku, a China-backed threat actor, has expanded its targeting to Europe, the Middle East, and Africa, including countries like Italy, Germany, U.A.E., and Qatar. The group has updated its tactics, using public-facing applications for entry points and deploying sophisticated malware. Their attacks involve various post-exploitation tools and data exfiltration … Read more
August 13, 2024 at 01:33PM A China-backed threat group known as APT41 is expanding its cyber espionage reach from Asia to Europe, the Middle East, and Africa. Their spinoff group, Earth Baku, has been targeting organizations in Italy, Germany, UAE, and Qatar, using new malware and living-off-the-land techniques. APT41’s evolving and sophisticated threat profile poses … Read more
August 4, 2024 at 10:07PM Scammers used Google’s ad system to push a fake version of Google Authenticator, tricking users into downloading malware. AI-written emails now make up 40% of business email compromise cases. CISA appointed its first chief artificial intelligence officer, Lisa Einstein. Vulnerabilities in ServiceNow and Acronis Cyber Infrastructure were flagged by CISA. … Read more
August 2, 2024 at 03:46PM China-linked APT41 compromised a Taiwanese research institute in July 2023, deploying various malware tools including the ShadowPad RAT and Cobalt Strike tool. The group, known for cyber espionage and financially motivated attacks, targeted a valuable source of proprietary technology. The attack involved stealing documents and deploying sophisticated techniques to evade … Read more
August 2, 2024 at 12:42PM A Taiwanese research institute specializing in computing was breached by China-affiliated threat actors, delivering backdoors and malware like ShadowPad and Cobalt Strike. Cisco Talos discovered the activity in August 2023 and attributed it to APT41. The attackers used various techniques to evade detection and exfiltrated documents from the network. This … Read more