July 25, 2024 at 11:26AM French police, with support from Europol and security firm Sekoia, are removing the PlugX malware from infected devices in France and other European countries. The operation, prompted by concern over the upcoming Paris 2024 Olympic Games, started on July 18, 2024, and is expected to continue until late 2024. ANSSI … Read more
June 18, 2024 at 12:36PM A state-sponsored threat actor, Velvet Ant, maintained persistent access to a victim organization’s network for three years using a legacy F5 BIG-IP appliance, deploying various tools and techniques to compromise critical systems and access sensitive data. The cybersecurity firm Sygnia believes they are a China-based threat actor with sophisticated OPSEC … Read more
June 17, 2024 at 08:30AM A suspected China-linked cyber espionage actor conducted a prolonged attack on an East Asian organization for three years, using legacy F5 BIG-IP appliances for internal command-and-control. Sygnia identified the threat, named Velvet Ant, as sophisticated and innovative, utilizing PlugX and DLL side-loading. The attack also involved disabling endpoint security software … Read more
February 21, 2024 at 08:15AM Mustang Panda, a China-linked threat actor, has used a variant of the PlugX backdoor called DOPLUGS to target countries in Asia, especially Taiwan and Vietnam. The group is known for well-crafted spear-phishing campaigns and has deployed customized PlugX variants like RedDelta and DOPLUGS since 2018. They also use plugins for … Read more