Tag: china
-
Singapore Takes Down Chinese Hackers Targeting Telco Networks
Operation Cyber Guardian was Singapore’s largest and longest running anti-cyber threat law enforcement operation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/singapore-takes-down-china-hackers/
-
China-linked APT UNC3886 targets Singapore telcos
China-linked group UNC3886 targeted Singapore ‘s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major…
-
Fugitive behind $73M ‘pig butchering’ scheme gets 20 years in prison
A dual Chinese and St. Kitts and Nevis national was sentenced to 20 years in prison in absentia for his role in an international cryptocurrency investment scheme (also known as pig butchering or romance baiting) that defrauded victims of more than $73 million. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fugitive-behind-73m-pig-butchering-scheme-gets-20-years-in-prison/
-
Chinese Hackers Target Singapore Telecoms in Edge Device Compromise Campaign
A massive, eleven-month campaign to root out sophisticated attackers from the nation’s critical infrastructure. The Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) revealed details of >>Operation CYBER GUARDIAN,<< a multi-agency effort to defend the country's four major telecommunications providers Singtel, StarHub, M1, and SIMBA from a persistent cyber espionage…
-
Norway Says Salt Typhoon Hackers Hit Vulnerable Systems
Security Service Says China-Linked Actor Compromised Vulnerable Network Devices. Norway’s security service confirmed it was targeted by the China-linked Salt Typhoon campaign, marking one of Europe’s clearest public acknowledgements that the cyberespionage operation extended beyond U.S. telecom and federal networks into allied infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/norway-says-salt-typhoon-hackers-hit-vulnerable-systems-a-30721
-
Chinese cyberspies breach Singapore’s four largest telcos
The Chinese threat actor tracked as UNC3886 breached Singapore’s four largest telecommunication service providers, Singtel, StarHub, M1, and Simba, at least once last year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-cyberspies-breach-singapores-four-largest-telcos/
-
China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign
The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector.”UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector,” CSA said. “All four of Singapore’s major telecommunications operators (‘telcos’) M1, SIMBA Telecom, Singtel, and First seen on thehackernews.com Jump…
-
Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure
Internal files describe a training platform as part of a large integrated system designed to allow attackers to practice hacking replicas of “the real network environments” of China’s “main operational opponents in the South China Sea and Indochina directions.” First seen on therecord.media Jump to article: therecord.media/leaked-china-documents-show-testing-cyber-neighbors
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
Singapore says China-linked hackers targeted telecom providers in major spying campaign
Singapore authorities said Monday that a sophisticated China-linked cyber espionage group carried out a targeted campaign against all four of the country’s major telecommunications operators. First seen on therecord.media Jump to article: therecord.media/singapore-attributes-telecoms-hacks-unc3886
-
China-Linked DKnife Spyware Hijacking Internet Routers Since 2019
Cisco Talos uncovers DKnife, a China-nexus framework targeting routers and edge devices. Learn how seven stealthy implants hijack data and deliver malware via AitM attacks. First seen on hackread.com Jump to article: hackread.com/china-dknife-spyware-hijack-internet-routers-2019/
-
Chinese-Made Malware Kit Targets Chinese-Based Routers and Edge Devices
DKnife is a Chinese made malware framework that targets Chinese-based users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-malware-kit-targets-routers/
-
China’s Salt Typhoon hackers broke into Norwegian companies
Norway’s government accused China’s Salt Typhoon hacking group of conducting a cyberespionage campaign in the country. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/06/chinas-salt-typhoon-hackers-broke-into-norwegian-companies/
-
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019.The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to First seen…
-
Norwegian intelligence discloses country hit by Salt Typhoon campaign
The assessment said Chinese security and intelligence services have strengthened their ability to operate in Norway, including through cyber operations and human intelligence collection. First seen on therecord.media Jump to article: therecord.media/norawy-intelligence-discloses-salt-typhoon-attacks
-
China-Nexus Hackers Target Linux Devices to Redirect Traffic and Deploy Malware
>>DKnife,<< a sophisticated gateway-monitoring and adversary-in-the-middle (AitM) framework that turns Linux-based routers and edge devices into surveillance tools. Active since at least 2019, this campaign employs seven distinct Linux implants to inspect network traffic, hijack legitimate software downloads, and deploy advanced malware. The framework remains active as of January 2026, targeting personal computers, mobile phones,…
-
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/knife-cutting-the-edge/
-
New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability
Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hacking-exploits-windows-winrar/
-
China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025
China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and…
-
Amaranth-Dragon Exploits WinRAR Vulnerability for Persistent Access to Victim Systems
A new cyber-espionage threat group dubbedAmaranth-Dragon. Active throughout 2025, this group has launched highly targeted attacks against government and law enforcement agencies across Southeast Asia. Evidence links Amaranth-Dragon to APT-41, a notorious Chinese state-sponsored hacking group, due to shared tools and operational time zones (UTC+8). The group creates attack campaigns based on local geopolitical events, such…
-
Notepad++ Users, You May Have Been Hacked by China
Suspected Chinese state-backed hackers hijacked the Notepadd++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows. First seen on wired.com Jump to article: www.wired.com/story/notepad-plus-plus-china-hackers-update-infrastructure/
-
Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials
A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works. First seen on hackread.com Jump to article: hackread.com/chinese-mustang-panda-briefing-spy-diplomat/
-
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025.Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia, First…
-
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
Tags: attack, china, cyberespionage, espionage, exploit, flaw, government, group, law, threat, vulnerabilityA new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-amaranth-dragon-cyberespionage-group-exploits-winrar-flaw/
-
Chinese Money Laundering Jargon via Google’s Gemini
After having a short discussion with Gemini about Chinese Money Laundering, I could tell we weren’t quite connecting on my Mandarin-assistance requests, so I shared an example post from a Telegram “Crime-as-a-Service” group that was part of a Chinese Guarantee Syndicate. For context, these posts were made in the Tudou Guarantee Syndicate’s group dedicated to…
-
NDSS 2025 BinEnhance
Tags: china, conference, data, detection, framework, Internet, network, software, technology, vulnerabilitySession 11B: Binary Analysis Authors, Creators & Presenters: Yongpan Wang (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Hong Li (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Xiaojie Zhu (King Abdullah University of Science and Technology, Thuwal, Saudi…
-
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windowsThreat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
-
Compromise of Notepad++ Equals Software Supply Chain Fallout
Tags: attack, backdoor, china, exploit, group, infrastructure, open-source, software, supply-chain, vulnerability, windowsHacked Infrastructure Delivered Chinese Nation-State Group’s Backdoor, Experts Warn. The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors. First seen on…
-
Notepad++ supply chain attack: Researchers reveal details, IoCs, targets
Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/notepad-supply-chain-attack-iocs-targets/