December 2, 2024 at 11:52AM A prototype UEFI bootkit, linked to a South Korean university’s BoB program, targets specific Ubuntu setups. Named Bootkitty, it uses the LogoFAIL exploit to bypass Secure Boot protections. Discovered by ESET, this research project showcases potential security risks, with indications it is still under development, not an active threat. ### … Read more
November 27, 2024 at 06:54PM The China-linked Salt Typhoon gang, known for targeting U.S. telecommunications, has expanded globally since 2023, affecting over 20 organizations across various sectors. Their toolkit includes new malware called GhostSpider and the Demodex rootkit. Their tactics involve exploiting server vulnerabilities and using legitimate tools for stealthy infiltration and espionage. ### Meeting … Read more
November 26, 2024 at 03:23PM Salt Typhoon, a Chinese advanced persistent threat (APT), has been spying on high-value government and telecommunications organizations globally since 2023, deploying new malware like GhostSpider. Known for its sophisticated strategies, the group uses various attack methods, including exploiting vulnerabilities in Internet-facing devices, to infiltrate networks and access sensitive information. ### … Read more
November 26, 2024 at 06:18AM The Chinese threat actor Earth Estries has been targeting Southeast Asian telecommunications and government networks using a new backdoor, GHOSTSPIDER, along with MASOL RAT. Compromising over 20 entities globally, they exploit various vulnerabilities for cyber espionage, showcasing advanced tactics and a sophisticated operational structure. Recent attacks indicate a significant evolution … Read more
November 26, 2024 at 03:32AM Trend Micro reports a new spear-phishing campaign by Earth Kasha targeting Japan, using tactics involving the backdoor ANEL and the malware NOOPDOOR. This operation shifts focus from enterprises to individuals in sensitive sectors. The campaign employs sophisticated infection vectors and evasion techniques, necessitating ongoing vigilance and threat intelligence monitoring. ### … Read more
November 25, 2024 at 11:14AM The Chinese state-sponsored hacking group Salt Typhoon is using a new “GhostSpider” backdoor to target telecommunication service providers, indicating an escalation in their cyber-attack strategies. ### Meeting Takeaways: 1. **Threat Actor Identified**: The hacking group known as Salt Typhoon, which is state-sponsored by China, is actively conducting cyberattacks. 2. **New … Read more
November 25, 2024 at 03:34AM Earth Estries, a Chinese APT group, has been targeting critical sectors globally since 2023, utilizing advanced malware like GHOSTSPIDER and SNAPPYBEE. Their tactics involve exploiting public server vulnerabilities for espionage, impacting over 20 organizations across various industries. They employ a complex command-and-control infrastructure, indicating shared tools with other APTs. **Meeting … Read more
November 22, 2024 at 08:33AM SecurityWeek summarizes key cybersecurity developments, highlighting Microsoft’s influence on U.S. government security, vulnerabilities in Bing and Android VPNs, Mozilla’s research on data risks, NSO spyware revelations, and more. Additionally, it covers AI-driven vulnerability detection, increased DocuSign attacks, and recent patches from Google, Atlassian, Nvidia, and Adobe. ### Meeting Notes Summary … Read more
November 21, 2024 at 03:09PM ESET researchers have identified two new Linux malware families: ‘WolfsBane,’ a backdoor linked to the Chinese Gelsemium group, and ‘FireWood,’ potentially used by various APT groups. Both target Linux systems, highlighting a trend as attackers seek new vulnerabilities amid enhanced Windows security measures. WolfsBane employs sophisticated evasion techniques. ### Meeting … Read more
November 19, 2024 at 03:59AM The blog analyzes Earth Kasha’s LODEINFO malware campaign targeting Japan, Taiwan, and India from 2023-2024. It highlights updated tactics, techniques, and procedures (TTPs), including exploiting vulnerabilities in public-facing applications, credential theft, and the use of various backdoors like LODEINFO and NOOPDOOR. The report draws connections with APT10 umbrella activities. ### … Read more