February 6, 2024 at 12:17PM Dutch authorities have attributed an attempted cyberattack on the Ministry of Defense to Chinese state-sponsored hackers, uncovering a previously unseen malware named Coathanger. The remote access trojan was specifically designed to target Fortinet’s FortiGate firewalls and was difficult to detect using traditional methods. The attackers’ wide and opportunistic scans exploited … Read more
February 1, 2024 at 04:06AM U.S. officials disrupted a state-backed Chinese cyberattack targeting civilian infrastructure, aiming to cause harm during a potential conflict. FBI Director Wray warned of China’s plans to disrupt American lives. The operation targeted routers and critical infrastructure, with concerns about Chinese hackers infiltrating U.S.-based systems. The U.S. aims to counter such … Read more
February 1, 2024 at 04:06AM The US government conducted a major takedown of a botnet using end-of-life Cisco and Netgear routers that were exploited by Chinese state-backed hackers. The botnet, linked to the Chinese APT Volt Typhoon, targeted various sectors, and the FBI remotely seized control of infected routers. The operation aimed to delete malware … Read more
January 31, 2024 at 12:50PM The FBI disrupted the KV Botnet, used by Chinese state hackers to target U.S. critical infrastructure, by hijacking small home office devices, including routers and IP cameras. This enabled the hackers to evade detection and launch attacks. The FBI’s operation, authorized by a court order, cut off the compromised devices … Read more
January 30, 2024 at 01:24PM The US Justice Department and FBI reportedly thwarted Chinese state-sponsored hackers targeting American critical infrastructure by obtaining a court order to remotely disable aspects of the Chinese hacking campaign. The hackers used vulnerable Internet-facing devices to access networks and steal sensitive data, prompting concerns about potential disruption of US critical … Read more
January 19, 2024 at 11:38AM Summary: A Chinese hacking group exploited a vCenter Server vulnerability (CVE-2023-34048) as a zero-day since late 2021, using it to breach targets’ servers, escalate privileges, and exfiltrate files. The group, UNC3886, also targeted Fortinet firewall devices with a zero-day. Its preferred targets include defense, government, telecom, and tech sectors in … Read more
January 10, 2024 at 08:03PM Volexity warned of Chinese hackers exploiting zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure VPN. It affected fully patched appliances, with pre-patch mitigations provided. The attackers used these exploits to execute commands, steal data, and gain access to network systems. Volexity discovered and described the attacker’s methods. From the … Read more
November 29, 2023 at 12:09PM JAXA was hacked, risking sensitive space-tech data. The breach involved the agency’s Active Directory server, and the extent of damage is under investigation. JAXA was previously targeted by Chinese hackers, Tick. Concerns arise as Japan-US agencies warn of ongoing Chinese cyberattacks on networks. (50 words) Meeting Takeaways: 1. The Japan … Read more