December 10, 2024 at 07:48AM Chinese hackers are utilizing Visual Studio Code tunnels to maintain persistent remote access to compromised IT service providers in Southern Europe, in a campaign dubbed ‘Operation Digital Eye.’ Initiating access through SQL injection and employing various techniques, these activities were detected by SentinelLabs, raising alarms about this emerging threat. ### … Read more
December 10, 2024 at 06:03AM Chinese hackers nearly infiltrated critical European supply chain companies by disguising attacks within Microsoft tools during a three-week span. This operation, called “Operation Digital Eye,” involved SQL injections and the use of Visual Studio Code for persistent access, complicating attribution and demonstrating a sophisticated approach to cyber-espionage. ### Meeting Takeaways … Read more
December 5, 2024 at 06:24AM A suspected Chinese threat actor targeted a large U.S. organization between April and August 2024, compromising multiple computers and potentially exfiltrating email data. The attack used tactics, such as DLL side-loading and open-source tools. Previous links to another Chinese hacking group were also noted. Specific intrusion details remain unclear. **Meeting … Read more
December 4, 2024 at 06:05PM Chinese state hackers, identified as Salt Typhoon, have compromised telecommunications firms in multiple countries, including eight in the U.S., with possible breaches lasting one to two years. Although classified communications remain secure, federal agencies recommend using encrypted messaging to protect against future intrusions. CISA and FBI released guidance for enhanced … Read more
November 16, 2024 at 12:53PM T-Mobile confirmed it was hacked amid a series of telecom breaches by Chinese state-sponsored group Salt Typhoon, targeting private communications and call records. Although T-Mobile stated that its systems were not significantly impacted, the U.S. government noted that customer data was stolen across multiple telecommunications companies. This marks T-Mobile’s ninth … Read more
November 14, 2024 at 07:53AM CISA and the FBI reported that Chinese hackers breached telecommunications networks to conduct espionage on targeted individuals, highlighting ongoing cybersecurity threats. **Meeting Takeaways:** 1. **Confirmation of Cybersecurity Breach**: CISA (Cybersecurity and Infrastructure Security Agency) and the FBI have confirmed that Chinese hackers successfully compromised the networks of telecommunications companies. 2. … Read more
November 13, 2024 at 05:37PM CISA and the FBI confirmed that Chinese hackers breached U.S. broadband networks, compromising private communications of some government officials and stealing data, including customer call records. The group, known as Salt Typhoon, had prolonged access, while Canada reported similar attacks targeting government entities. Another group, Volt Typhoon, also infiltrated ISP … Read more
November 13, 2024 at 07:21AM A Chinese state-sponsored hacking group has compromised two Tibetan community websites to install malware on users’ computers, according to a cybersecurity group. The attack highlights ongoing cybersecurity threats targeting specific communities. ### Meeting Notes Takeaways: 1. **Incident Overview**: – A hacking group, suspected to be state-sponsored by China, has compromised … Read more
November 4, 2024 at 07:30AM The FBI is requesting information regarding Chinese cyber threat actors who are attempting to compromise Sophos edge devices, impacting both private and government organizations. The alert highlights ongoing cybersecurity concerns related to these hackers’ activities. **Meeting Takeaways:** 1. **Key Topic:** The FBI is actively seeking information regarding cyber threats posed … Read more
October 31, 2024 at 11:10AM British EDR vendor Sophos describes a prolonged conflict with advanced Chinese government-backed hackers. The company employed custom implants to monitor these hackers, who were targeting vulnerabilities in firewall zero-day exploits. **Meeting Takeaways:** 1. **Company Involvement**: British EDR vendor, Sophos, is actively engaged in cybersecurity efforts, particularly in relation to threats … Read more