Chinese Hackers Target Tibetan Websites in Malware Attack, Cybersecurity Group Says

November 13, 2024 at 07:21AM A Chinese state-sponsored hacking group has compromised two Tibetan community websites to install malware on users’ computers, according to a cybersecurity group. The attack highlights ongoing cybersecurity threats targeting specific communities. ### Meeting Notes Takeaways: 1. **Incident Overview**: – A hacking group, suspected to be state-sponsored by China, has compromised … Read more

Chinese APT40 hackers hijack SOHO routers to launch attacks

July 9, 2024 at 11:13AM The joint advisory from international cybersecurity agencies and law enforcement warns of Chinese state-sponsored APT40’s cyberespionage attacks. APT40, known by various aliases, targets government and private entities in the US and Australia. They exploit vulnerabilities in public-facing infrastructure and edge networking devices and utilize hijacked SOHO routers for launching attacks. … Read more

Chinese Hackers Have Stepped Up Attacks on Taiwanese Organizations, Cybersecurity Firm Says

June 24, 2024 at 03:18PM A Chinese state-sponsored hacking group known as RedJuliett has intensified attacks on Taiwanese organizations, particularly in government, education, technology, and diplomacy sectors. They exploited a vulnerability in SoftEther VPN software to access servers. The group’s activities align with Chinese state-sponsored hacking patterns. Recorded Future expects continued targeting of Taiwanese agencies, … Read more

Pakistani Threat Actors Caught Targeting Indian Gov Entities

June 14, 2024 at 10:27AM Pakistan-based threat actors, identified as Cosmic Leopard and UTA0137, have targeted Indian government entities in separate espionage campaigns. Operation Celestial Force, ongoing since 2018, utilizes Android and Windows malware to target individuals in defense, government, and related technology sectors. Similarly, UTA0137 has been using the ‘Disgomoji’ malware to access Linux … Read more

Multiple Chinese APTs Targeted Southeast Asian Government for Two Years

June 6, 2024 at 07:42AM Multiple China-linked state-sponsored cyberespionage groups, known as Operation Crimson Palace, targeted a Southeast Asian government over years. They utilized various tools, including a new malware named PocoProxy, for reconnaissance and data harvesting. Sophos identified three clusters of activity, suggesting a coordinated campaign under a central authority to support Chinese state … Read more

Chinese hacking groups team up in cyber espionage campaign

June 5, 2024 at 04:14PM Since at least March 2023, Chinese state-sponsored actors have launched the Crimson Palace cyberespionage campaign against a Southeast Asian government agency. The campaign involved new malware variants and three coordinated activity clusters. These clusters, operating during Chinese work hours, engaged in reconnaissance, lateral movement, and persistent access management. Sophos researchers … Read more

Global attackers targeting US critical infrastructure should be ‘wake-up call’

May 9, 2024 at 01:52PM Former NSA cyber boss Rob Joyce described digital intrusions into US water systems by China, Russia, and Iran as a “wake-up call.” Despite minimal impact, the attacks highlight the potential dangers of global tensions and the involvement of hacktivists linked to government intelligence services. The vulnerabilities in critical infrastructure underscore … Read more

ArcaneDoor Espionage Campaign Targeting Cisco Firewalls Linked to China

May 3, 2024 at 09:10AM The cyberespionage campaign ArcaneDoor, targeting government networks with hacked Cisco firewalls, is likely operated by a Chinese state-sponsored threat actor. Exploiting two zero-day vulnerabilities, the attackers used custom malware to execute commands and exfiltrate data. Censys research supports the connection to China, citing IP addresses and the presence of Chinese-developed … Read more

Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops

February 21, 2024 at 03:06AM Summary: Iranian state-backed APT groups are posing as hacktivists, carrying out cyberattacks against Israeli critical infrastructure. Referred to as “faketivists,” they aim to create plausible deniability for the state and offer support to the Israeli-Gaza war. Meanwhile, Hamas-related cyber activity has significantly reduced, possibly due to internet disruptions. Based on … Read more

Turkish Cyberspies Targeting Netherlands

January 8, 2024 at 09:54AM A cyberespionage group, likely linked to Turkey, named Sea Turtle, Cosmic Wolf, Marbled Dust, Silicon, and Teal Kurma, has been targeting public and private organizations in the Netherlands. The group, observed by Dutch incident response provider Hunt & Hackett, conducted multiple espionage campaigns focusing on government, telecommunications, media, NGOs, ISPs, … Read more