Tag: china
-
China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-actors-nezha-open-source-tool
-
Open-source monitor turns into an off-the-shelf attack beacon
Tags: api, apt, attack, china, control, hacker, malware, monitoring, open-source, powershell, ransomware, rat, RedTeam, russia, software, threat, tool, windowsRiding Nezha to Ghost RAT: With the web shell in place, the attackers used AntSword to download two components: “live.exe” (the Nezha agent) and a “config.yml” that pointed to the attacker-controlled domain. The Nezha agent connected back to a management server whose dashboard was running in Russian, presumably to throw off attribution.Once Nezha was active,…
-
OpenAI Blocks ChatGPT Accounts Linked to Chinese Hackers Developing Malware
OpenAI has taken decisive action to stop misuse of its ChatGPT models by banning accounts tied to a group of Chinese hackers. This move reflects OpenAI’s core aim to ensuring artificial general intelligence benefits everyone. By setting clear rules and acting swiftly on policy violations, OpenAI hopes to keep AI tools safe and accessible for…
-
OpenAI Blocks ChatGPT Accounts Linked to Chinese Hackers Developing Malware
OpenAI has taken decisive action to stop misuse of its ChatGPT models by banning accounts tied to a group of Chinese hackers. This move reflects OpenAI’s core aim to ensuring artificial general intelligence benefits everyone. By setting clear rules and acting swiftly on policy violations, OpenAI hopes to keep AI tools safe and accessible for…
-
OpenAI Finds Growing Exploitation of AI Tools by Foreign Threat Groups
OpenAI’s new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea. First seen on hackread.com Jump to article: hackread.com/openai-ai-tools-exploitation-threat-groups/
-
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
Tags: access, ai, chatgpt, china, credentials, cyberattack, hacker, intelligence, malware, north-korea, openai, russia, threat, toolOpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development.This includes a Russian”‘language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator…
-
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
Tags: access, ai, chatgpt, china, credentials, cyberattack, hacker, intelligence, malware, north-korea, openai, russia, threat, toolOpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development.This includes a Russian”‘language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator…
-
OpenAI bans suspected Chinese accounts using ChatGPT to plan surveillance
It also banned some suspected Russian accounts trying to create influence campaigns and malware First seen on theregister.com Jump to article: www.theregister.com/2025/10/07/openai_bans_suspected_china_accounts/
-
Mustang Panda Adopts New DLL Side-Loading Method to Deploy Malware
The sophisticated China-linked threat actor Mustang Panda has refined its cyber espionage arsenal with an advanced DLL side-loading technique specifically targeting the Tibetan community, according to recent analysis of a campaign first identified by IBM’s X-Force in June 2025. This politically motivated operation demonstrates how threat actors continuously evolve their obfuscation methods to bypass security controls and…
-
Mustang Panda Adopts New DLL Side-Loading Method to Deploy Malware
The sophisticated China-linked threat actor Mustang Panda has refined its cyber espionage arsenal with an advanced DLL side-loading technique specifically targeting the Tibetan community, according to recent analysis of a campaign first identified by IBM’s X-Force in June 2025. This politically motivated operation demonstrates how threat actors continuously evolve their obfuscation methods to bypass security controls and…
-
Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware
The post Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinese-apt-launches-spearphishing-campaign-using-fake-cloudflare-lure-to-deliver-plugx-malware/
-
Suspected Chinese cyber spies targeted Serbian aviation agency
Hackers believed to be linked to China have targeted a Serbian government department overseeing aviation, as well as other European institutions, according to new research. First seen on therecord.media Jump to article: therecord.media/suspected-chinese-spies-serbia
-
Chinese Gov’t Fronts Trick the West to Obtain Cyber Tech
Outwardly neutral Chinese institutions have been collaborating with Western orgs and researchers for the benefit of PRC state intelligence. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-govt-fronts-cyber-tech
-
New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations
A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS).The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which…
-
Hackers Allegedly Breach Huawei Technologies, Leak Source Code and Internal Tools
Cybersecurity researchers are reporting an alleged security breach involving Chinese technology giantHuawei Technologies, with hackers claiming to have accessed and leaked sensitive source code and internal development tools. The incident, which surfaced through social media channels, represents a potentially significant security compromise of one of the world’s largest telecommunications equipment manufacturers. Hacker illustrating world’s biggest…
-
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers
Tags: attack, china, credentials, cybercrime, cybersecurity, fraud, group, india, infection, Internet, microsoft, service, theftCybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand First seen…
-
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers
Tags: attack, china, credentials, cybercrime, cybersecurity, fraud, group, india, infection, Internet, microsoft, service, theftCybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand First seen…
-
Sind die Deutschen fit beim Thema Cybersicherheit?
Ein Viertel der Befragten in Deutschland haben in einer Umfrage der Statista Consumer Insights angegeben, dass sie sich über das Thema Cybersecurity gut informiert fühlen [1]. Damit liegen die Bundesbürger gleichauf mit den Einwohnern der USA. In Österreich, Frankreich und Spanien liegt der Anteil knapp darunter, in Polen und der Schweiz knapp darüber. China ist……
-
Apple and Google Pull ICE-Tracking Apps, Bowing to DOJ Pressure
Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more. First seen on wired.com Jump to article: www.wired.com/story/apple-and-google-pull-ice-tracking-apps-bowing-to-doj-pressure/
-
Apple and Google Pull ICE-Tracking Apps, Bowing to DOJ Pressure
Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more. First seen on wired.com Jump to article: www.wired.com/story/apple-and-google-pull-ice-tracking-apps-bowing-to-doj-pressure/
-
Apple and Google Pull ICE-Tracking Apps, Bowing to DOJ Pressure
Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more. First seen on wired.com Jump to article: www.wired.com/story/apple-and-google-pull-ice-tracking-apps-bowing-to-doj-pressure/
-
IIS Servers Compromised by Chinese Hackers for SEO Manipulation
Cisco Talos has revealed that UAT-8099, a Chinese-speaking cybercrime group, has been exploiting vulnerable Internet Information Services (IIS) servers across multiple countries to conduct search engine optimization (SEO) fraud and steal high-value data. Identified in April 2025, this group targets reputable IIS servers in India, Thailand, Vietnam, Canada, and Brazil, focusing on organizations such as…
-
IIS Servers Compromised by Chinese Hackers for SEO Manipulation
Cisco Talos has revealed that UAT-8099, a Chinese-speaking cybercrime group, has been exploiting vulnerable Internet Information Services (IIS) servers across multiple countries to conduct search engine optimization (SEO) fraud and steal high-value data. Identified in April 2025, this group targets reputable IIS servers in India, Thailand, Vietnam, Canada, and Brazil, focusing on organizations such as…
-
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-8099-chinese-speaking-cybercrime-group-seo-fraud/
-
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East,…
-
Chinese APT group Phantom Taurus targets gov and telecom organizations
mssq.bat that connects to an SQL database using the sa (system administrator) ID with a password previously obtained by the attackers. It then performs a dynamic search for specific keywords specified in the script, saving the results as a CSV file.”The threat actor used this method to search for documents of interest and information related…
-
Russia, Chinese Hacking Buffets Europe
ENISA: Nation-State Hacking ‘Steadily Intensified’ Over 12-Month Period. Nearly every member government of the European Union experienced a cyberattack from a nation-state hacker in the 12 months ending in July, primarily from Russian and Chinese threat actors who steadily intensified hacking, says the European cyber agency. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russia-chinese-hacking-buffets-europe-a-29616
-
Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years
Cybersecurity researchers at Palo Alto Networks’ Unit 42 say Chinese APT Phantom Taurus breached Microsoft Exchange servers for years using a backdoor to spy on diplomats and defense data. First seen on hackread.com Jump to article: hackread.com/chinese-apt-phantom-taurus-ms-exchange-servers/
-
Fraudster Tied to $6.9 Billion Bitcoin Hoard Pleads Guilty
Tags: chinaChinese Woman Helped Run Ponzi-Style Investment Scheme That Amassed 61,000 Bitcoins. Chinese national Zhimin Qian, a 47-year-old woman also known as Yadi Zhang, pleaded guilty in England to helping run a Ponzi-style investment scheme in China called Blue Sky, which defrauded over 128,000 individuals, generating assets she converted into 61,000 bitcoin, now worth $6.9 billion.…
-
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years.”Phantom Taurus’ main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations,” Palo Alto Networks Unit 42 First seen on thehackernews.com…