July 1, 2024 at 01:48PM Cisco patched an NX-OS zero-day vulnerability used in April attacks to install new malware on susceptible switches. Sygnia attributed the attacks to a Chinese state-sponsored group called Velvet Ant. The exploit allowed the threat actors to gain access, upload files, and execute malicious code. Cisco advises monitoring and changing administrative … Read more
June 12, 2024 at 05:15AM China-backed threat actors accessed 20,000 Fortinet FortiGate systems globally by exploiting a critical vulnerability, with the operation impacting Western governments, international organizations, and defense companies. The attackers deployed a backdoor to maintain remote access and spread malware, highlighting the increasing trend of targeting edge devices for cyber attacks. For more … Read more
May 16, 2024 at 09:35AM North Korean hacker group Kimsuki, linked to military intelligence, used trojanized software packages to deliver Linux malware Gomir in cyberespionage campaigns against South Korean targets. The malware, a variant of GoBear, exhibits persistent behaviors on Linux machines and supports 17 operations through HTTP POST requests. It’s part of a supply-chain … Read more
April 15, 2024 at 06:54AM Palo Alto Networks has released hotfixes for a zero-day vulnerability (CVE-2024-3400) targeted by state-sponsored actors. Vulnerable firewalls allow remote attackers to execute code with root privileges. Initial mitigations were issued, and more hotfixes are expected. Exploited devices facilitated data exfiltration and deployment of a new Python backdoor. Links to BianLian/Lazarus … Read more
March 26, 2024 at 06:42AM The UK and New Zealand have linked cyberattacks on their respective parliaments to Chinese state-sponsored threat actors. The US also sanctioned Chinese hackers and a technology company involved in malicious cyber operations. The UK claims that a tech firm operated on behalf of the Chinese Ministry of State Security and … Read more
February 4, 2024 at 10:42AM A suspected state-sponsored threat actor gained unauthorized access to internal Cloudflare systems using credentials stolen in the Okta hack, posing a significant security risk. This breach highlights the escalating challenges posed by nation-state cyber threats. Full details are available on SecurityWeek. Based on the meeting notes, it seems that a … Read more