Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

September 26, 2024 at 12:57AM Nation-state threat actors backed by Beijing penetrated several U.S. internet service providers as part of a cyber espionage campaign, aimed at accessing sensitive information and gaining persistent access to target networks. The attacks, attributed to a group known as GhostEmperor, targeted Southeast Asian entities and an unnamed client compromised in … Read more

Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident

July 24, 2024 at 12:06PM The GhostEmperor threat group, initially identified by Kaspersky in 2021, saw a potential resurgence in a 2023 compromise investigated by Sygnia. They associated the new compromise with similarities in infection chains and the use of the Demodex rootkit. However, uncertainty remains whether this represents the return of GhostEmperor or a … Read more

Notorious Chinese Hacker Gang GhostEmperor Re-Emerges After 2 Years

July 19, 2024 at 11:36AM The sophisticated Chinese hacking group GhostEmperor has reappeared after a two-year hiatus with updated and advanced tactics, as revealed by cybersecurity firm Sygnia. The group targeted telecommunications and government entities in Southeast Asia, using customized malware and evasion methods. The recent intrusion involved an evolved attack chain and indicated the … Read more

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.

July 19, 2024 at 04:33AM Summary: Global shipping, logistics, media, technology, and automotive organizations in various countries are targeted by China-based APT41 hacking group, using web shells, custom droppers, and publicly available tools for unauthorized access and data exfiltration. Meanwhile, another threat group, GhostEmperor, is using a variant of the Demodex rootkit in a cyber … Read more