December 4, 2024 at 02:15AM A joint advisory from Australia, Canada, New Zealand, and the U.S. warns of a Chinese cyber espionage campaign targeting telecommunications. The group, known as Salt Typhoon, has been active since 2020, with ongoing intrusions. Cybersecurity guidance emphasizes strengthening network defenses to mitigate associated risks amid escalating U.S.-China trade tensions. **Meeting … Read more
August 27, 2024 at 12:33PM Chinese instant messaging app users are targeted by HZ RAT, a backdoor malware on Apple macOS replicating Windows version. Distributed via RTF documents and software installers, it connects to C2 server for instructions, likely for credential harvesting and reconnaissance. Recent sample impersonates OpenVPN, collecting user data, with most C2 servers … Read more
June 24, 2024 at 04:24AM Between November 2023 and April 2024, a China-linked state-sponsored threat actor named RedJuliett conducted a cyber espionage campaign targeting government, academic, and diplomatic organizations in Taiwan. They utilized various techniques, including deploying web shells and exploiting vulnerabilities, with a focus on collecting intelligence related to Taiwan’s economic policy and diplomatic … Read more
April 29, 2024 at 10:00AM Since October 2019, a new cyber threat, Muddling Meerkat, has used DNS activities to evade security measures and conduct network reconnaissance worldwide. Linked to China, the threat exploits DNS open resolvers and manipulates DNS queries from Chinese IP space. This sophisticated threat involves false MX record responses and may be … Read more
March 22, 2024 at 06:07PM Chinese spies exploited critical-severity bugs in F5 and ConnectWise equipment to gain access to US defense organizations, UK government agencies, and other entities, according to Mandiant. The exploits were attributed to a group known as UNC5174, who also targeted other vulnerabilities and used custom software and a remote command-and-control framework … Read more
February 4, 2024 at 12:19PM The U.S. government neutralized the China-linked Volt Typhoon botnet hijacking U.S.-based SOHO routers vulnerable due to end-of-life status. The botnet facilitated covert data transfer through compromised routers and VPN hardware, impacting critical infrastructure sectors. Law enforcement efforts aimed to disrupt the botnet’s activities, emphasizing the need for secure-by-design practices in … Read more