Security News

A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda.

The FBI has warned owners of Barracuda Email Security Gateway appliances the devices are likely undergoing attack by snoops linked to China, and removing the machines from service remains the safest course of action. On Wednesday, the FBI pushed that recommendation in a flash alert [PDF] that stated it "Strongly advises all affected ESG appliances be isolated and replaced immediately."

An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems. "The threat actors abuse Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking to deploy Cobalt Strike beacons," security researchers Aleksandar Milenkoski and Tom Hegel said in an analysis published today.

The NSA discovered the intrusion in 2020-we don't know how-and alerted the Japanese. The hackers had deep, persistent access and appeared to be after anything they could get their hands on-plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter's sensitivity.

Infosec in brief The July breach of Microsoft Exchange Online by suspected Chinese hackers is the next topic up for review by the Department of Homeland Security's Cyber Safety Review Board. The decision to investigate the July Outlook intrusion, and cloud security more broadly, was welcomed by senator Ron Wyden, who last week blamed Microsoft for its failure to protect cloud accounts belonging to US government officials and called for the CSRB to investigate the incident.

Asian smartphone giant Xiaomi is now blocking Telegram from being installed on devices using its MIUI system and firmware interface. If an app is deemed malicious or dangerous, MIUI tries to remove the app from the device and block the installation.

The boss of US Cyber Command has opined that China's cyber and surveillance capabilities are not ahead of, or even comparable to, to those of the United States. "There is a scope-scale sophistication that we ascribe to what China is doing today. Are they getting better? Yes," the commander of US Cyber Command, general Paul Nakasone, told a Thursday event at the Center for Strategic and International Studies in Washington.

Active since 2019, some of the prominent sectors targeted by the prolific actor encompass academia, aerospace, government, media, telecommunications, and research. A majority of the victims during the period were government organizations.

China has released draft regulations to govern the country's facial recognition technology that include prohibitions on its use to analyze race or ethnicity. According to the the Cyberspace Administration of China(CAC), the purpose is to "Regulate the application of face recognition technology, protect the rights and interests of personal information and other personal and property rights, and maintain social order and public safety" as outlined by a smattering of data security, personal information, and network laws.

A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems. The attacks entailed the use of more than 15 distinct implants and their variants, broken down into three broad categories based on their ability to establish persistent remote access, gather sensitive information, and transmit the collected data to actor-controlled infrastructure.