November 23, 2024 at 07:24AM Storm-2077, a new Chinese state-sponsored cyber threat actor, targets U.S. government and NGOs, along with global industries. They utilize phishing and exploits to access sensitive data. Concurrently, Google’s TAG exposed GLASSBRIDGE, a pro-China influence operation using fake news sites to promote state narratives, undermining legitimate news sources. ### Meeting Takeaways … Read more
November 22, 2024 at 12:17PM A China-linked group, TAG-112, compromised Tibetan media and university websites, delivering the Cobalt Strike toolkit via malicious JavaScript. Visitors were tricked into downloading disguised malware, highlighting ongoing cyber-espionage targeting Tibet. Although linked to a more advanced group (TAG-102), TAG-112 exhibits less sophistication in its attacks. ### Meeting Takeaways – Nov … Read more
November 8, 2024 at 04:49AM Earth Estries utilizes two distinct attack chains, exploiting vulnerabilities especially in Microsoft Exchange servers. The first chain employs CAB-delivered tools like PsExec and Cobalt Strike for lateral movement. The second chain uses web shells and backdoors like Zingdoor for data exfiltration. Continuous updates confirm their persistent threat. ### Meeting Takeaways … Read more
November 7, 2024 at 09:34PM Criminals are exploiting game-related apps to deploy Winos4.0 malware, granting full control over infected Windows systems. This sophisticated framework, reminiscent of Gh0strat, targets education sectors. The attack includes multiple encrypted communications, collecting sensitive information, and establishing a persistent backdoor for ongoing control and monitoring of victims’ activities. ### Meeting Takeaways … Read more
September 22, 2024 at 09:10PM A China-linked cyber-espionage group dubbed Earth Baxia has targeted Taiwanese government agencies, the Philippine and Japanese military, and energy companies in Vietnam. The group primarily uses spear-phishing and a custom backdoor called EagleDoor, as well as exploiting a vulnerability in the open source GeoServer software. The majority of the group’s … Read more
September 1, 2024 at 11:13PM Unknown attackers have utilized Tencent’s cloud for a phishing campaign targeting Chinese entities, as uncovered by Securonix. The campaign involves delivering Cobalt Strike payloads through phishing emails, establishing persistence and remaining undetected within systems. The attack methodically targets specific Chinese business or government sectors, using advanced exploitation frameworks such as … Read more
August 30, 2024 at 02:42AM Chinese-speaking users are being targeted in a sophisticated cyber espionage campaign called SLOW#TEMPEST, using phishing emails to infect Windows systems with Cobalt Strike payloads. The attackers established persistence within systems, conducted reconnaissance, and set up remote access, allowing them to move laterally across networks undetected. The campaign appears to be … Read more
August 26, 2024 at 06:04PM An ongoing campaign in southeast Asia is using two innovative stealth techniques to infect high-level organizations. “GrimResource” executes arbitrary code in the Microsoft Management Console, while “AppDomainManager Injection” uses malicious DLLs to load a custom configuration file. These techniques were recently used to drop Cobalt Strike onto IT systems belonging … Read more
August 2, 2024 at 03:46PM China-linked APT41 compromised a Taiwanese research institute in July 2023, deploying various malware tools including the ShadowPad RAT and Cobalt Strike tool. The group, known for cyber espionage and financially motivated attacks, targeted a valuable source of proprietary technology. The attack involved stealing documents and deploying sophisticated techniques to evade … Read more
August 2, 2024 at 12:42PM A Taiwanese research institute specializing in computing was breached by China-affiliated threat actors, delivering backdoors and malware like ShadowPad and Cobalt Strike. Cisco Talos discovered the activity in August 2023 and attributed it to APT41. The attackers used various techniques to evade detection and exfiltrated documents from the network. This … Read more