June 17, 2024 at 08:30AM A suspected China-linked cyber espionage actor conducted a prolonged attack on an East Asian organization for three years, using legacy F5 BIG-IP appliances for internal command-and-control. Sygnia identified the threat, named Velvet Ant, as sophisticated and innovative, utilizing PlugX and DLL side-loading. The attack also involved disabling endpoint security software … Read more
June 12, 2024 at 05:15AM China-backed threat actors accessed 20,000 Fortinet FortiGate systems globally by exploiting a critical vulnerability, with the operation impacting Western governments, international organizations, and defense companies. The attackers deployed a backdoor to maintain remote access and spread malware, highlighting the increasing trend of targeting edge devices for cyber attacks. For more … Read more
May 6, 2024 at 10:05AM A cyber espionage campaign dubbed ArcaneDoor targeted perimeter network devices from various vendors, possibly linked to China. The attacks involved deploying custom malware and exploiting flaws in Cisco devices. The threat actor’s interest in Microsoft Exchange servers and other vendor devices suggests a Chinese involvement. Additionally, a malware known as … Read more
November 14, 2023 at 03:31PM Chinese state-sponsored actors have become adept at exploiting zero-day vulnerabilities to conduct espionage, posing a significant and persistent threat to global organizations. Recent reports indicate that these actors are increasingly targeting public-facing devices, including firewalls, hypervisors, and email security tools. The success of these attacks is facilitated by threat sharing … Read more