Security News
A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed "FoundCore."
China-linked cyber-espionage group Cycldek is showing increasing sophistication in a series of recent attacks targeting government and military entities in Vietnam, according to a report from anti-malware vendor Kaspersky. The more recent attacks, Kaspersky says, show further increase in sophistication.
A duo in China has been accused of tricking a government-run identity verification system to create fake invoices. According to state-controlled outlet Xinhua, the suspects tricked the State Taxation Administration platform's identity verification system by manipulating high-def photos with a widely available app that turns photos into videos.
Messaging app LINE has removed Chinese affiliate's access to personal data, after infosec concerns led Japanese government officials to stop using the app. Government officials began to rethink using the app following reports of foreign access to in-country equipment.
To unclog the network, the bank took the drastic step of blocking all traffic from China. News of the attack is surfacing just as the bank's new president, Mauricio Claver-Carone, seeks to leverage his hawkish views on China from his time in the Trump administration to outmaneuver those in Washington and beyond still fuming over his politically charged election last year.
China's government on Thursday called on Washington to drop efforts to expel three state-owned Chinese phone companies from the United States in a new clash over technology and security. The United States should "Stop the wrong practice of generalizing the concept of national security and politicizing economic issues" and "Stop abusing state power to unreasonably suppress Chinese enterprises," said a ministry spokesman, Zhao Lijian.
The USA's Office of National Intelligence today released its previously classified assessment of "Foreign Threats to the 2020 US Federal Elections" and found "Some successful compromises of state and local government networks prior to Election Day-as well as a higher volume of unsuccessful attempts". It's described as the intelligence community's collective assessment of attempts to disrupt the 2020 election and to contain "Analytic judgments identical to those in the classified version" but without "Full supporting information" or information on "Specific intelligence reports, sources , or methods."
Cyber sleuths have already blamed China for a hack that exposed tens of thousands of servers running its Exchange email program to potential hacks. The CEO of a prominent cybersecurity firm says it now seems clear China also unleashed an indiscriminate, automated second wave of hacking that opened the way for ransomware and other cyberattacks.
Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. Unlike the malware used in the SolarWinds supply-chain attack [1, 2, 3], which was embedded in the Orion software builds from the developer, the Supernova web shell ended inside the platform after hackers exploited a critical vulnerability in product installations reachable over the public web.
The Biden administration has named China as the most threatening nation the United States faces, on grounds that it can combine its technological and other capabilities like no other. That assessment was offered in a new Interim National Security Guidance [PDF] issued on Wednesday, in which the administration also outlines plans to seek more regulation of advanced technologies and an intention to strike back after cyberattacks.