Tag: china
-
Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack
Who needs enemies when you have friends like Xi? First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/chinese_russian_cyber_espionage/
-
Bad sushi: China-nexus phishers shift to residential proxies
Earlier this year, Spamhaus researchers observed a major shift in phishing targeting Japan. Starting in April, a China-nexus threat actor began using residential proxy networks to send phishing emails instead of subnets at China Telecom and China Unicom. This blog explores the campaign’s origins and countermeasures against residential proxy-enabled spam. First seen on securityboulevard.com Jump…
-
Bad sushi: China-nexus phishers shift to residential proxies
Earlier this year, Spamhaus researchers observed a major shift in phishing targeting Japan. Starting in April, a China-nexus threat actor began using residential proxy networks to send phishing emails instead of subnets at China Telecom and China Unicom. This blog explores the campaign’s origins and countermeasures against residential proxy-enabled spam. First seen on securityboulevard.com Jump…
-
China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack
China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Earth Alux, and REF7707) carried out a five-month intrusion on a Russian IT service provider, marking its expansion beyond Southeast Asia and South America. The campaign, reported by…
-
‘Categorically untrue’ that China hacked UK intelligence systems, say officials
A former adviser to Boris Johnson said China had breached sensitive British government systems in 2020. Current and former officials firmly rebutted those claims. First seen on therecord.media Jump to article: therecord.media/claim-of-china-uk-2020-hack-refuted
-
‘Categorically untrue’ that China hacked UK intelligence systems, say officials
A former adviser to Boris Johnson said China had breached sensitive British government systems in 2020. Current and former officials firmly rebutted those claims. First seen on therecord.media Jump to article: therecord.media/claim-of-china-uk-2020-hack-refuted
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task scheduler mechanism, all delivering a multi-stage malware payload designed to harvest sensitive intelligence from Chinese FinTech and cryptocurrency firms. Adversaries behind Operation Silk Lure…
-
There’s no such thing as quantum incident response and that changes everything
Tags: apple, attack, china, compliance, computer, cryptography, data, dns, encryption, finance, group, healthcare, incident response, Internet, linkedin, nist, PCI, risk, serviceStep one: Inventory your algorithms and data with a view towards which sensitive data ought to be protected with PQC. This is a data classification exercise where you need to add a column to track whether the datastore or application qualifies for PQC.Step two: Check your internet-facing assets to see which, if any, are already…
-
There’s no such thing as quantum incident response and that changes everything
Tags: apple, attack, china, compliance, computer, cryptography, data, dns, encryption, finance, group, healthcare, incident response, Internet, linkedin, nist, PCI, risk, serviceStep one: Inventory your algorithms and data with a view towards which sensitive data ought to be protected with PQC. This is a data classification exercise where you need to add a column to track whether the datastore or application qualifies for PQC.Step two: Check your internet-facing assets to see which, if any, are already…
-
There’s no such thing as quantum incident response and that changes everything
Tags: apple, attack, china, compliance, computer, cryptography, data, dns, encryption, finance, group, healthcare, incident response, Internet, linkedin, nist, PCI, risk, serviceStep one: Inventory your algorithms and data with a view towards which sensitive data ought to be protected with PQC. This is a data classification exercise where you need to add a column to track whether the datastore or application qualifies for PQC.Step two: Check your internet-facing assets to see which, if any, are already…
-
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China
Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/16/unitree-g1-humanoid-robot-vulnerability/
-
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China
Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/16/unitree-g1-humanoid-robot-vulnerability/
-
China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2
The post China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2 appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinas-jewelbug-apt-breaches-russian-it-provider-for-5-months-using-yandex-cloud-and-graph-api-c2/
-
China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor
The post China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-backed-flax-typhoon-apt-maintained-year-long-access-by-turning-arcgis-soe-into-web-shell-backdoor/
-
Chinese Actor Targets Russian IT Provider
Symantec Says It Spotted Likely Supply Chain Hack. Suspected Chinese state-linked hackers reportedly breached a Russian IT service provider in an espionage campaign targeting government-related networks. Symantec uncovered Chinese hackers they named Jewelbug, infiltrating a Russian company between January and May. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-actor-targets-russian-provider-a-29738
-
Chinese gang used ArcGIS as a backdoor for a year and no one noticed
Crims turned trusted mapping software into a hideout – no traditional malware required First seen on theregister.com Jump to article: www.theregister.com/2025/10/14/chinese_hackers_arcgis_backdoor/
-
Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months
A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast Asia and South America.The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it tracks…
-
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm
According to a new report by cybersecurity firm Symantec, the hackers gained access to the Russian company’s software build and code-repository systems between January and May 2025, suggesting the breach may have been an attempted software supply-chain attack aimed at the firm’s customers. First seen on therecord.media Jump to article: therecord.media/rare-china-linked-intrusion-russian-tech-firms
-
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm
According to a new report by cybersecurity firm Symantec, the hackers gained access to the Russian company’s software build and code-repository systems between January and May 2025, suggesting the breach may have been an attempted software supply-chain attack aimed at the firm’s customers. First seen on therecord.media Jump to article: therecord.media/rare-china-linked-intrusion-russian-tech-firms
-
China responsible for rising cyber attacks, says NCSC
Ministers write to business leaders urging them to step up cyber security in wake of threats from ransomware and nation state-sponsored hackers First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632649/China-responsible-for-rising-cyber-attacks-says-NCSC
-
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor
China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like…
-
Chinese Hackers Use Geo-Mapping Tool for Year-Long Persistence
The China-backed advanced persistent threat group Flax Typhoon maintained year-long access to an ArcGIS system by turning trusted software into a persistent backdoor”, an attack so unique it prompted the vendor to update its documentation. The attackers repurposed a legitimate Java server object extension into a web shell, gated access with a hardcoded key, and…
-
China’s Flax Typhoon Exploits ArcGIS App for Year-Long Persistence
The China-based APT group Flax Typhoon used a function within ArcGIS’ legitimate geo-mapping software to create a webshell through which it established persistence for more than a year to execute malicious commands and steal credentials. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/chinas-flax-typhoon-exploits-arcgis-app-for-year-long-persistence/
-
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year.The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to…
-
Taiwan reports surge in Chinese cyber activity and disinformation efforts
Taiwan’s National Security Bureau says network intrusions and influence operations by China have increased this year, with critical infrastructure drawing the most attention. First seen on therecord.media Jump to article: therecord.media/taiwan-nsb-report-china-surge-cyberattacks-influence-operations
-
Chinese hackers abuse geo-mapping tool for year-long persistence
Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-abuse-geo-mapping-tool-for-year-long-persistence/
-
Chinese hackers abuse geo-mapping tool for year-long persistence
Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-abuse-geo-mapping-tool-for-year-long-persistence/
-
Chinese hackers abuse geo-mapping tool for year-long persistence
Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-abuse-geo-mapping-tool-for-year-long-persistence/
-
Flax Typhoon can turn your own software against you
The Chinese hacking group gained persistent access to a popular mapping tool by turning one of its features into a webshell and hardcoding access, according to ReliaQuest. First seen on cyberscoop.com Jump to article: cyberscoop.com/flax-typhoon-hinese-state-hackers-arcgis-backdoor-webshell/