Tag: espionage
-
US Sanctions Chinese Hackers for Cyber Espionage Campaign
The U.S. Department of State has announced sanctions against two Chinese entities, Yin Kecheng and Sichuan Juxinhe Network First seen on securityonline.info Jump to article: securityonline.info/us-sanctions-chinese-hackers-for-cyber-espionage-campaign/
-
Silver Fox APT Targets Organizations with PNGPlug and ValleyRAT Malware
A sophisticated cyber-espionage campaign targeting organizations across China, Hong Kong, and Taiwan has been uncovered by Intezer’s research First seen on securityonline.info Jump to article: securityonline.info/silver-fox-apt-targets-organizations-with-pngplug-and-valleyrat-malware/
-
Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia.The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia’s…
-
US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches
Plus: New details emerge about China’s cyber espionage against the US, the FBI remotely uninstalls malware on 4,200 US devices, and victims of the PowerSchool edtech breach reveal what hackers stole. First seen on wired.com Jump to article: www.wired.com/story/us-names-one-of-the-hackers-allegedly-behind-massive-salt-typhoon-breaches/
-
US hits back against China’s Salt Typhoon group
Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerabilityThe US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
-
Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says
Tags: cyber, cybersecurity, defense, espionage, finance, government, incident, incident response, russia, theft, ukraineOver the past year, Ukraine’s cyber incident response center identified and addressed 1,042 cybersecurity incidents impacting government, defense, and critical services.]]> First seen on therecord.media Jump to article: therecord.media/russian-espionage-financial-theft-campaign
-
Chinese Connected Car Tech Banned by Biden Administration
National Security and Hacking Worries Underpin Concerns over Supply Chain Risk. The U.S. federal government is telling the automotive industry to stop buying Chinese manufactured hardware and software powering onboard telematics and automated driving systems, warning that the potential for nation-state hacking and espionage poses a national security risk. First seen on govinfosecurity.com Jump to…
-
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware
Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia. Russia-linked threat actors UAC-0063 is targeting Kazakhstan as part of a cyber espionage campaign to gather economic and political intelligence in Central Asia. The Computer Emergency Response Team of Ukraine (CERT-UA) first detailed the activity of UAC-0063 in early 2023.…
-
APT28’s New Espionage Campaign Uses Double-Tap Infection Chain
In a recent revelation, security researchers Amaury G., Maxime A., Erwan Chevalier, Felix Aimé, and Sekoia TDR have First seen on securityonline.info Jump to article: securityonline.info/apt28s-new-espionage-campaign-uses-double-tap-infection-chain/
-
Hackers with likely Kremlin ties target Kazakhstan in espionage campaign
The hackers used legitimate documents believed to be from Kazakhstan’s Ministry of Foreign Affairs to deliver malware to diplomatic entities in Central Asia. First seen on therecord.media Jump to article: therecord.media/hackers-kremlin-kazakhstan-espionage-campaign
-
RedDelta Leverages PlugX Backdoor in State-Sponsored Espionage Campaigns
A recent report by Insikt Group reveals an ongoing, sophisticated cyber-espionage operation by the RedDelta advanced persistent threat First seen on securityonline.info Jump to article: securityonline.info/reddelta-leverages-plugx-backdoor-in-state-sponsored-espionage-campaigns/
-
RedCurl APT Group: Cyber Espionage with Livingthe-Land Techniques
The RedCurl Advanced Persistent Threat (APT) group, also known as Earth Kapre or Red Wolf, has resurfaced with First seen on securityonline.info Jump to article: securityonline.info/redcurl-apt-group-cyber-espionage-with-living-off-the-land-techniques/
-
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.”The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including…
-
China-linked APT group MirrorFace targets Japan
Japanese authorities attributed a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace. The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a long-running cyber-espionage campaign targeting local entities to the China-linked group MirrorFace (aka Earth Kasha). The campaign has been active since at least 2019, it…
-
Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances
Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December by a Chinese cyberespionage group. This is the same group that has exploited zero-day vulnerabilities in Ivanti Connect Secure appliances back in January 2024 and throughout the year.The latest attacks, exploiting…
-
MirrorFace hackers targeting Japanese govt, politicians since 2019
The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed “MirrorFace” hacking group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mirrorface-hackers-targeting-japanese-govt-politicians-since-2019/
-
Zero-Day Alert: UNC5337 Exploits Ivanti VPN Vulnerability CVE-2025-0282 for Espionage Operations
Ivanti Connect Secure (ICS) VPN appliances have become the focus of advanced threat actors, exploiting a newly disclosed First seen on securityonline.info Jump to article: securityonline.info/zero-day-alert-unc5337-exploits-ivanti-vpn-vulnerability-cve-2025-0282-for-espionage-operations/
-
MirrorFace: Unmasking the Chinese Cyber Espionage Group Targeting Japan
On January 8, 2025, the Japanese National Police Agency (NPA) issued a critical warning regarding ongoing cyberattacks attributed First seen on securityonline.info Jump to article: securityonline.info/mirrorface-unmasking-the-chinese-cyber-espionage-group-targeting-japan/
-
More telecom firms were breached by Chinese hackers than previously reported
Tags: access, at&t, attack, breach, china, cisco, communications, cyber, cyberespionage, cybersecurity, data, defense, disinformation, espionage, exploit, finance, fortinet, framework, government, group, hacker, Hardware, infrastructure, intelligence, international, microsoft, mobile, network, phone, regulation, risk, risk-management, router, spy, technology, threat, vulnerabilityChinese hackers linked to the Salt Typhoon cyberespionage operation have breached even more US telecommunications firms than initially reported.New victims, Charter Communications, Consolidated Communications, and Windstream, add to a growing list that already includes AT&T, Verizon, T-Mobile, and Lumen Technologies.Earlier, the US authorities informed that nine telecom firms have been affected by the Chinese espionage…
-
Breach Roundup: MetLife Denies RansomHub Cyberattack Claims
Also: German Prosecutors Charge Three Alleged Russian Saboteurs. This week, MetLife denied a RansomHub cyberattack claim, RI Health System cyberattack update, npm package deployed Quasar RAT, Germany charges three with espionage for Russia, North Korea’s contagious interview campaign deployed new malware. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-metlife-denies-ransomhub-cyberattack-claims-a-27199
-
AT&T and Verizon Say Chinese Hackers Ejected From Networks
9 Telcos Have Been Breached by Beijing-Backed ‘Salt Typhoon,’ White House Says. U.S. telecommunications giants AT&T and Verizon Communications believe they have finally ejected Chinese cyber espionage hackers from their networks. The White House said the Salt Typhoon nation-state hackers infiltrated at least nine U.S. telcos’ infrastructure, and have been hard to eject. First seen…
-
China’s cyber intrusions took a sinister turn in 2024
From targeted espionage to pre-positioning – not that they are mutually exclusive First seen on theregister.com Jump to article: www.theregister.com/2024/12/31/china_cyber_intrusions_2024/
-
IPMsg Installer Weaponized: Lazarus Group Targets Crypto Finance
The notorious APT-C-26 (Lazarus) group, known for its advanced persistence and cyber espionage tactics, has resurfaced with a new campaign targeting financial institutions and cryptocurrency exchanges. In a recent analysis... First seen on securityonline.info Jump to article: securityonline.info/ipmsg-installer-weaponized-lazarus-group-targets-crypto-finance/
-
A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says
A top White House official said at least eight U.S. telecom firms and dozens of nations have been impacted by a Chinese hacking campaign. The post A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/a-9th-telecoms-firm-has-been-hit-by-a-massive-chinese-espionage-campaign-the-white-house-says/
-
Paper Werewolf: From Espionage to Destruction A New Threat Emerges
The BI.ZONE Threat Intelligence team has reported a surge in activity from the espionage cluster known as Paper Werewolf (also referred to as GOFFEE). Operating since at least 2022, the... First seen on securityonline.info Jump to article: securityonline.info/paper-werewolf-from-espionage-to-destruction-a-new-threat-emerges/
-
Biden administration finalizes rule to block sale of Americans’ bulk data to adversaries
The rule, proposed under an executive order in late February and finalized Friday, is intended to address the “urgent and extraordinary national security threat” created by U.S. adversaries acquiring personal data that can be used for espionage, blackmail, influence campaigns and other malicious activities.]]> First seen on therecord.media Jump to article: therecord.media/biden-admin-finalizes-rule-to-block-sale-of-bulk-data-to-adversaries
-
White House: Salt Typhoon hacks possible because telecoms lacked basic security measures
In an update Friday, the White House says nine telecom companies were impacted by the Chinese espionage effort. First seen on cyberscoop.com Jump to article: cyberscoop.com/salt-typhoon-telecom-cybersecurity-gaps-white-house-response/