#APT41

Cellebrite got into Trump shooter’s Samsung device in just 40 minutes

by

July 21, 2024 at 11:56PM The FBI utilized Cellebrite’s digital forensics tools to access the Samsung smartphone of the deceased Trump shooter. Despite manufacturers’ opposition, Cellebrite’s unreleased software cracked the device within 40 minutes. Meanwhile, critical vulnerabilities in Oracle’s July security advisory demand immediate patching. The US government has sanctioned cyber criminals associated with Russia’s … Read more

China’s APT41 Targets Global Logistics, Utilities Companies

by

July 19, 2024 at 10:05AM APT41, a Chinese threat group, has launched a cyber espionage campaign targeting organizations in shipping, logistics, media, entertainment, technology, and automotive industries across multiple countries. The group, known for supply chain attacks, has successfully infiltrated and maintained access to victim networks. APT41 is using custom cyber espionage tools and has … Read more

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.

by

July 19, 2024 at 04:33AM Summary: Global shipping, logistics, media, technology, and automotive organizations in various countries are targeted by China-based APT41 hacking group, using web shells, custom droppers, and publicly available tools for unauthorized access and data exfiltration. Meanwhile, another threat group, GhostEmperor, is using a variant of the Demodex rootkit in a cyber … Read more

China’s APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

by

July 11, 2024 at 09:38PM APT41, a Chinese government-backed cyber espionage group, has added DodgeBox loader and MoonWalk backdoor to their malware toolbox. Zscaler’s ThreatLabz team attributes these new tools to APT41, indicating financially motivated crimes. DodgeBox exhibits advanced capabilities and evasive techniques, with MoonWalk using Google Drive for command-and-control communication. More details on MoonWalk … Read more

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

by

July 11, 2024 at 08:40AM APT41, a China-linked APT group, is suspected of using an advanced version of StealthVector to deliver a new backdoor named MoonWalk, utilizing Google Drive for C2 communication. This threat actor has been active since 2007 and has been linked to various cyber intrusions and attacks targeting U.S. and Taiwanese entities. … Read more

Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

by

June 5, 2024 at 07:54AM A high-profile government organization in Southeast Asia became the target of a lengthy Chinese state-sponsored cyber espionage campaign named Crimson Palace. The operation aimed to maintain network access for espionage, focusing on accessing critical systems, gathering sensitive information, and deploying various malware. The attackers utilized an array of tools and … Read more

Newly Detected Chinese Group Targeting Military, Government Entities

by

May 23, 2024 at 07:22AM A Chinese threat group known as Unfading Sea Haze has been targeting military and government entities in the South China Sea for over six years, utilizing sophisticated tools and tactics including spear-phishing, backdoors, and commercially available remote monitoring and management tools. The group’s activities align with Beijing’s interests, indicating potential … Read more

Chinese hackers hide on military and govt networks for 6 years

by

May 22, 2024 at 09:32AM “Unfading Sea Haze,” a previously unknown threat actor, is targeting military and government entities in the South China Sea region, displaying alignment with Chinese geo-political interests. Their attacks involve abusing MSBuild for fileless malware and deploying various tools such as custom keyloggers and info-stealers. To counter these attacks, organizations require … Read more

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

by

April 2, 2024 at 01:54AM Summary: Earth Freybug actors are using dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to avoid being monitored by a new malware called UNAPIMON. The malware prevents child processes from being monitored, enabling malicious activity to go undetected. Security measures such as restricting admin privileges and frequent password … Read more

Sandman Cyberespionage Group Linked to China

by

December 12, 2023 at 08:48AM Sandman, an APT actor recently identified, is linked to China, as per a report by SentinelOne, Microsoft, and PwC. Their sophisticated modular backdoor, LuaDream, was highlighted in attacks on telecom providers in the Middle East, Europe, and South Asia. The report links Sandman to China-based threat actor STORM-0866/Red Dev 40 … Read more