Security News

An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.

A previously undocumented Chinese-speaking advanced persistent threat actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. This involved leveraging old and unpatched security vulnerabilities, with the decoy documents enticing targets into opening the files.

The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods. Noushin Shaba, a senior security researcher on Kaspersky's global research and analysis team, today told the Black Hat Asia conference that SideWinder mostly targets military and law enforcement agencies in Pakistan, Bangladesh and other South Asian nations.

An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control infrastructure with that of prior campaigns mounted by the same actor.

A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29, with some set of the activities associated with the crew assigned the moniker Nobelium.

A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong....

A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a hacking group known as Donot Team.

Attackers targeting telcos across the Middle East and Asia for the past six months are linked to Iranian state-sponsored hackers, according to researchers. Though the identity of attackers also is unconfirmed, they potentially could be linked to the Iranian group Seedworm, aka MuddyWater or TEMP.Zagros, researchers said.

HID Global announced that it has acquired Omni-ID, a manufacturer of RFID tags and industrial IoT hardware devices for passive and active tagging, tracking, monitoring and alerting applications. "I am very pleased to welcome Omni-ID into the ASSA ABLOY Group and HID," said Björn Lidefelt, EVP and Head of HID Global.

Security researchers at Kaspersky have identified a widespread cyberespionage campaign that targets government offices in Asia; the cybersecurity attack starts with a spearphishing email. Kaspersky analysts explained the LuminousMoth attack on the SecureList blog and suggested that the lopsided numbers between the two countries could be due to an additional and unknown infection vector used only in the Philippines.