Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

September 11, 2024 at 01:06PM The mysterious Quad7 botnet is actively evolving by compromising various SOHO routers and VPN appliances using a mix of known and unknown security flaws. The operators are advancing their toolset, introducing a new backdoor and exploring new protocols to enhance stealth. The botnet has infected devices from several brands and … Read more

Sophisticated Android Spyware Targets Users in Russia

August 5, 2024 at 04:32PM An unknown state-sponsored threat actor has been using the new mobile spyware tool LianSpy to spy on Android smartphone users for at least three years, with a focus on Russia. The attackers exploit vulnerabilities to root devices or gain physical access. LianSpy silently monitors user activity, exfiltrating data via public … Read more

Cisco warns of NX-OS zero-day exploited to deploy custom malware

July 1, 2024 at 01:48PM Cisco patched an NX-OS zero-day vulnerability used in April attacks to install new malware on susceptible switches. Sygnia attributed the attacks to a Chinese state-sponsored group called Velvet Ant. The exploit allowed the threat actors to gain access, upload files, and execute malicious code. Cisco advises monitoring and changing administrative … Read more

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

June 12, 2024 at 05:15AM China-backed threat actors accessed 20,000 Fortinet FortiGate systems globally by exploiting a critical vulnerability, with the operation impacting Western governments, international organizations, and defense companies. The attackers deployed a backdoor to maintain remote access and spread malware, highlighting the increasing trend of targeting edge devices for cyber attacks. For more … Read more

Kimsuky hackers deploy new Linux backdoor via trojanized installers

May 16, 2024 at 09:35AM North Korean hacker group Kimsuki, linked to military intelligence, used trojanized software packages to deliver Linux malware Gomir in cyberespionage campaigns against South Korean targets. The malware, a variant of GoBear, exhibits persistent behaviors on Linux machines and supports 17 operations through HTTP POST requests. It’s part of a supply-chain … Read more

Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge

April 15, 2024 at 06:54AM Palo Alto Networks has released hotfixes for a zero-day vulnerability (CVE-2024-3400) targeted by state-sponsored actors. Vulnerable firewalls allow remote attackers to execute code with root privileges. Initial mitigations were issued, and more hotfixes are expected. Exploited devices facilitated data exfiltration and deployment of a new Python backdoor. Links to BianLian/Lazarus … Read more

UK, New Zealand Accuse China of Cyberattacks on Government Entities

March 26, 2024 at 06:42AM The UK and New Zealand have linked cyberattacks on their respective parliaments to Chinese state-sponsored threat actors. The US also sanctioned Chinese hackers and a technology company involved in malicious cyber operations. The UK claims that a tech firm operated on behalf of the Chinese Ministry of State Security and … Read more

Cloudflare Hacked by Suspected State-Sponsored Threat Actor 

February 4, 2024 at 10:42AM A suspected state-sponsored threat actor gained unauthorized access to internal Cloudflare systems using credentials stolen in the Okta hack, posing a significant security risk. This breach highlights the escalating challenges posed by nation-state cyber threats. Full details are available on SecurityWeek. Based on the meeting notes, it seems that a … Read more