cyberespionage

China’s APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

by

July 11, 2024 at 09:38PM APT41, a Chinese government-backed cyber espionage group, has added DodgeBox loader and MoonWalk backdoor to their malware toolbox. Zscaler’s ThreatLabz team attributes these new tools to APT41, indicating financially motivated crimes. DodgeBox exhibits advanced capabilities and evasive techniques, with MoonWalk using Google Drive for command-and-control communication. More details on MoonWalk … Read more

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

by

July 11, 2024 at 08:40AM APT41, a China-linked APT group, is suspected of using an advanced version of StealthVector to deliver a new backdoor named MoonWalk, utilizing Google Drive for C2 communication. This threat actor has been active since 2007 and has been linked to various cyber intrusions and attacks targeting U.S. and Taiwanese entities. … Read more

Chinese APT40 hackers hijack SOHO routers to launch attacks

by

July 9, 2024 at 11:13AM The joint advisory from international cybersecurity agencies and law enforcement warns of Chinese state-sponsored APT40’s cyberespionage attacks. APT40, known by various aliases, targets government and private entities in the US and Australia. They exploit vulnerabilities in public-facing infrastructure and edge networking devices and utilize hijacked SOHO routers for launching attacks. … Read more

Cybersecurity Agencies Warn of China-linked APT40’s Rapid Exploit Adaptation

by

July 9, 2024 at 02:56AM Cybersecurity agencies from multiple countries issued a joint advisory about APT40, a China-linked cyber espionage group known for quickly exploiting security flaws and targeting organizations worldwide. Operating since 2013, APT40 has been affiliated with China’s Ministry of State Security and has conducted various cyber attacks to steal sensitive information. It’s … Read more

‘CloudSorcerer’ Leverages Cloud Services in Cyber-Espionage Campaign

by

July 8, 2024 at 05:43PM A new cyber espionage actor, “CloudSorcerer,” is targeting Russian government organizations with sophisticated malware, leveraging public cloud services for C2 and purposes. The group’s primary malware tool has multiple functions including covert monitoring and data collection, and it dynamically adapts its behavior based on its execution context, posing a challenge … Read more

New APT Group “CloudSorcerer” Targets Russian Government Entities

by

July 8, 2024 at 12:34PM A new cyber espionage group called CloudSorcerer has been detected targeting Russian government entities using cloud services for command-and-control (C2) and data exfiltration. The group’s innovative tactics and use of cloud resources, including Microsoft Graph, Yandex Cloud, Dropbox, and GitHub, demonstrates a sophisticated approach to cyber espionage and data collection. … Read more

Kaspersky Flags Cyberespionage APT ‘CloudSorcerer’ Targeting Russian Government

by

July 8, 2024 at 11:48AM Kaspersky has reported a new advanced persistent threat (APT) actor named CloudSorcerer targeting Russian government entities for cyberespionage. The actor exfiltrates data using Dropbox, Microsoft Graph, and Yandex Cloud, while utilizing public cloud services for command-and-control infrastructure. This technique is different from that of the CloudWizard APT, leading Kaspersky to … Read more

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

by

July 2, 2024 at 02:08AM Velvet Ant, a Chinese cyber espionage group, has exploited a zero-day flaw in Cisco NX-OS Software to deliver custom malware and gain control over compromised Cisco Nexus devices. This vulnerability, CVE-2024-20399, allows an attacker with administrator credentials to execute commands as root. The impacted devices include various Nexus switches. Additionally, … Read more

Cisco warns of NX-OS zero-day exploited to deploy custom malware

by

July 1, 2024 at 01:48PM Cisco patched an NX-OS zero-day vulnerability used in April attacks to install new malware on susceptible switches. Sygnia attributed the attacks to a Chinese state-sponsored group called Velvet Ant. The exploit allowed the threat actors to gain access, upload files, and execute malicious code. Cisco advises monitoring and changing administrative … Read more

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data

by

June 28, 2024 at 12:51PM The North Korea-linked threat actor Kimsuky has been using a new malicious Google Chrome extension, codenamed TRANSLATEXT, to conduct cyber espionage targeting South Korean academia. This extension gathers sensitive information and is designed to bypass security measures, capture browser screenshots, and exfiltrate stolen data. Kimsuky is known for orchestrating cyber … Read more