Tag: china
-
Chinese hackers target telcos with new Linux, Windows malware
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-target-telcos-with-new-linux-windows-malware/
-
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Showboat doesn’t show off, but clearly it doesn’t need to, as it’s long helped China spy on small market communications providers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apts-linux-backdoor-telco-attacks
-
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.pdb” strings, which Talos used to trace its development history. Evidence suggests the malware has been actively…
-
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.pdb” strings, which Talos used to trace its development history. Evidence suggests the malware has been actively…
-
Webworm APT targets European government organizations with new backdoors
ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/20/webworm-apt-campaign-targets-europe/
-
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications.Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies First seen…
-
Old Breaches Resold as New Corporate Data Leaks
Dark web data brokers are increasingly recycling old breach data and marketing it as fresh corporate leaks. The activity, largely observed in Chinese-language cybercrime forums and Telegram channels, is creating confusion among organizations and diverting security resources toward investigating claims that often lack credibility. Group-IB identified a surge in high-volume data advertisements targeting companies across…
-
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
-
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
-
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/webworm-apt-evolves-tactics/
-
DevilNFC Malware Traps Android Users in NFC Relay Attacks
A newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victims during NFC relay attacks. These malware families mark a significant evolution in NFC relay threats. Unlike earlier campaigns dominated by Chinese-speaking Malware-as-a-Service ecosystems, DevilNFC and NFCMultiPay are developed by independent regional…
-
From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat
Cisco Talos has uncovered a BadIIS variant, identifiable by its embedded “demo.pdb” strings, that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/
-
Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure
The post Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/famoussparrow-deed-rat-azerbaijan-energy-exchange-vulnerability/
-
Banned Nvidia AI Chips Keep Reaching China Despite US Crackdown
US export-control cases show how Nvidia chips and other restricted tech are allegedly diverted to China and Russia through shell firms and intermediaries. The post Banned Nvidia AI Chips Keep Reaching China Despite US Crackdown appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-nvidia-ai-chip-smuggling-export-controls-apac/
-
Anthropic Warns US Risks Losing AI Edge to China Over Chips
New Report Warns China Could Reach Frontier AI Near-Parity by 2028. Anthropic warned that weak chip export controls, model distillation and expanded Chinese access to advanced compute infrastructure could erode Washington’s frontier AI advantage and accelerate Beijing’s push toward near-parity in advanced AI systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/anthropic-warns-us-risks-losing-ai-edge-to-china-over-chips-a-31702
-
US orders travelers on Air Force One to throw away gifts, pins, and burner phones after China trip
People who travelled to Beijing for a summit between the United States and China had to throw away items they received during the trip before boarding Air Force One, presumably for security reasons. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/15/us-orders-travelers-on-air-force-one-to-throw-away-gifts-pins-and-burner-phones-after-china-trip/
-
China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-hackers-tencshell-malware/
-
Go-Ahead for AI Chip Sales to 10 Chinese Firms Raise Alarms
Reports: Trump Administration Approval of Nvidia H200 Sales Poses Frontier AI Risks. Trump administration discussions on AI governance with China are colliding with reports that Washington may permit expanded Nvidia H200 chip sales to Chinese firms, fueling concerns that U.S. technology access could accelerate Beijing’s frontier AI and military-linked ambitions. First seen on govinfosecurity.com Jump…
-
Mustang Panda Linked to New Modular FDMTP Backdoor
Researchers Say Nation-State Actors Are Evolving Persistence Techniques. An apparent Chinese nation-state hacking group gussied up its tooling with new modular functionality, say security researchers who observed a cyberespionage campaign affecting Asia-Pacific governments. The activity resembles attack patterns of the threat actor tracked as Mustang Panda First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mustang-panda-linked-to-new-modular-fdmtp-backdoor-a-31696
-
FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit
Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,… First seen on hackread.com Jump to article: hackread.com/famoussparrow-oil-gas-ms-exchange-server-exploit/
-
Chinese APT Exploits Microsoft Exchange to Breach Energy Sector Network
Chinese state-aligned hackers compromised a Microsoft Exchange server at a major energy firm. They repeatedly reused that same entry point to run a months”‘long espionage operation, deploying the Deed RAT and Terndoor backdoors to maintain deep access across the network. The activity is attributed with moderate”‘to”‘high confidence to FamousSparrow, a China”‘aligned APT cluster that overlaps…
-
China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage
A new Darktrace report reveals how Chinese hackers use fake Apple and Yahoo sites and the FDMTP malware framework to spy on organisations. First seen on hackread.com Jump to article: hackread.com/chinatwill-typhoon-fake-apple-yahoo-sites-espionage/
-
FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign
Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compromised entry point three separate times between late December 2025…
-
The British public need to be better prepared for emergencies | Letter
Tags: attack, china, cyber, data-breach, disinformation, iran, resilience, russia, supply-chain, threat, warfare<strong>Jean Coussins</strong> says a cross-party Lords committee has been tasked with coming up with a plan to normalise resilience in our everyday livesYour editorial (<a href=”https://www.theguardian.com/commentisfree/2026/may/01/the-guardian-view-on-britains-fragile-systems-when-global-shocks-hit-your-shopping-bill”>Britain’s fragile systems: when global shocks hit your shopping bill, 1 May) makes clear that the public need to be more fully informed about global threats and actively engaged in…
-
Daemon Tools Developer Confirms Software Was Trojanized
A China-linked threat actor backdoored a version of Daemon Tools to infect thousands First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/daemon-tools-confirms-software/
-
UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools
A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDraft and CloudSorcerer with aggressive network reconnaissance and credential theft. Researchers assess with high confidence…
-
Ten years later, has the GDPR fulfilled its purpose?
Tags: access, ai, breach, business, china, cio, compliance, data, data-breach, dora, finance, flaw, framework, GDPR, governance, government, international, jobs, law, mobile, office, privacy, regulation, risk, service, technology, tool, trainingFernando Maldonado, technology advisor at Foundry. MuleSoft. Gray areas remain: Still, if anything has been demonstrated in the decade since its entry into force, it’s that the GDPR still has a long way to go.Miguel Recio, president of APEP.IA (Spanish Professional Association for Privacy), argues that some of the limitations that have been exposed about the…
-
Malicious NuGet Packages Steal Browser Credentials, SSH Keys, and Crypto Wallets
Malicious NuGet packages are quietly stealing browser credentials, SSH keys, and cryptocurrency wallet data from developer machines and CI/CD infrastructure, with a particular focus on Chinese .NET ecosystems. The campaign blends legitimate-looking UI and infrastructure libraries with a heavily protected infostealer payload, making it hard for developers and traditional security tools to spot. Packages IR.DantUI, IR.OscarUI, IR.Infrastructure.Core, IR.Infrastructure.DataService.Core,…
-
Anthropic Sounds Cyber Alarm Amid Financial AI Push
Mythos Found ‘Tens of Thousands’ of Unpatched Flaws With Months to Fix Them. Anthropic CEO Dario Amodei warned that Claude Mythos has found tens of thousands of unpatched software vulnerabilities, with a six-to-12 month window before Chinese AI models catch up. The disclosure came alongside a major financial services push including an investor-backed firm and…
-
North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
Researchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-target-ethnic-koreans-in-china