Tag: Chinese hackers

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks
News

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

The production of extremely sophisticated banking trojans, such as the previously unreported iOS virus GoldPickaxe, which can gather identity papers, facial recognition data, and SMS interceptions, has been traced to a threat actor speaking Chinese, codenamed GoldFactory. The GoldPickaxe family is accessible on both iOS and Android platforms, according to a comprehensive report given with The Hacker News by Group-IB, a Singapore-based company. "GoldFactory is believed to be a well-organized Chinese-speaking cybercrime group with close connections to Gigabud." GoldFactory has been active since at least mid-2023. It is also the source of GoldDigger, an upgraded version of banking malware for Android, GoldDiggerPlus, and GoldKefu, an embedded trojan within GoldDiggerPlus read more Chin...
Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade
News

Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade

The state-sponsored hacker group Volt Typhoon, based in China, has been operating within parts of the nation's vital infrastructure networks for at least five years, according to a statement released by the U.S. government on Wednesday. In the United States and Guam, the threat actor targets the water and wastewater infrastructure, energy, communications, and transportation sectors. The U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions. Volt Typhoon's choice of targets and pattern of behavior is inconsistent with traditional cyber espionage read more Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade. Get up to...
Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network
News

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

Hackers with Chinese state support gained access to a Dutch military computer network by targeting Fortinet FortiGate security devices. "Unclassified research and development (R&D) was conducted on this [computer network)," according to a statement released by the Dutch Military Intelligence and Security Service (MIVD). "Because this system was self-contained, it did not lead to any damage to the defense network." There were under 50 users on the network. A known critical security weakness in FortiOS SSL-VPN (CVE-2022-42475, CVSS score: 9.3), which enables an unauthenticated attacker to execute arbitrary code via carefully crafted requests read more Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network. Get up to date on the latest cybersecurity news and e...
Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware
News

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

A pair of zero-day vulnerabilities in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been discovered recently, and they have been utilized to drop the open-source Sliver adversary simulation program. The payload, named KrustyLoader, is built on Rust. On vulnerable appliances, the security flaws identified as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1) could be exploited in concert to accomplish unauthenticated remote code execution. As of January 26, the software vendor has published an XML file as a temporary mitigation read more Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, ...
Google links WinRAR exploitation to Russian and Chinese state hackers
News

Google links WinRAR exploitation to Russian and Chinese state hackers

Several state-sponsored hacker groups, according to Google, have joined ongoing attacks that take advantage of a high-severity vulnerability in WinRAR, a compression program that is used by over 500 million people, with the goal of gaining arbitrary code execution on the targets' PCs. Google has identified state hackers from multiple nations targeting the bug, including the Sandworm, APT28, and APT40 threat organizations from Russia and China. Google's Threat Analysis collection (TAG) is a collection of security professionals that protects Google users from state-sponsored attacks. "In recent weeks, Google's Threat Analysis Group's (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability read more Google links WinRAR exploitation to Russian and...
Microsoft breach led to the theft of 60k US State Dept emails
News

Microsoft breach led to the theft of 60k US State Dept emails

Tens of thousands of emails were stolen from U.S. State Department accounts by Chinese hackers in May after they broke into Microsoft's cloud-based Exchange email system. U.S. State Department officials said that the attackers acquired at least 60,000 emails from Outlook accounts belonging to State Department employees stationed in East Asia, the Pacific, and Europe during a recent Senate staff briefing, as first reported by Reuters. The hackers also succeeded in getting a list of every email address used by the department. The compromised State Department staff spent much of their time working on Indo-Pacific diplomatic initiatives. In a statement, Senator Eric Schmitt stated, "We need to harden our defenses against these kinds of cyberattacks and intrusions in the future read m...
US and Japan warn of Chinese hackers backdooring Cisco routers
News

US and Japan warn of Chinese hackers backdooring Cisco routers

Law enforcement and cybersecurity organizations in the US and Japan issue alerts about Chinese 'BlackTech' hackers breaking into network devices to install personalized backdoors for access to business networks. The state-sponsored hacking gang is breaking into network devices at international subsidiaries in order to pivot to the networks of corporate headquarters, according to a joint report from the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police). Since at least 2010, the Chinese state-sponsored APT group BlackTech (also known as Palmerworm, Circuit Panda, and Radio Panda) has been conducting cyberespionage assaults against Japanese read more US and Japan warn of Chinese hackers backdooring Cisco routers. Stay informed with the best cybersecurity news an...
Chinese Hackers Deploy Microsoft Signed Rootkit to Target Gaming Sector
News

Chinese Hackers Deploy Microsoft Signed Rootkit to Target Gaming Sector

A unique rootkit signed by Microsoft that is designed to communicate with an attack infrastructure controlled by actors has been discovered by cybersecurity experts. The actor behind the FiveSys rootkit, which was discovered in October 2021, has been linked to a cluster of activity, according to Trend Micro. The gaming industry in China is the principal victim of this malicious actor, according to Mahmoud Zohdy, Sherif Magdy, and Mohamed Fahmy of Trend Micro. The Windows Hardware Quality Labs (WHQL) process for obtaining a valid signature appears to have been successfully completed by their virus read more Chinese Hackers Deploy Microsoft Signed Rootkit to Target Gaming Sector. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehe...
Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX
News

Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX

Throughout order to install the PlugX remote access trojan on compromised systems, a Chinese nation-state group has been seen targeting foreign affairs ministries and embassies throughout Europe. The SmugX operation, according to cybersecurity company Check Point, has been going on since at least December 2022. According to Check Point, "the campaign leverages novel delivery mechanisms to deploy (most notably - HTML Smuggling) a new variation of PlugX, an implant frequently connected to numerous Chinese threat actors. Although the payload itself resembles those of earlier PlugX variations read more Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent...
Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems
News

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

A zero-day vulnerability in VMware ESXi hosts has been discovered to be used by the Chinese state-sponsored outfit UNC3886 to backdoor Windows and Linux computers. Known as CVE-2023-20867 (CVSS score: 3.9), the VMware Tools authentication bypass vulnerability "enabled the execution of privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs," according to Mandiant. In September 2022, the Google-owned threat intelligence company first identified UNC3886 as a cyber espionage actor who had infected systems running read more Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems. Stay one step ahead of cyber threats with ReconBee.com. ...