Security News

Cyber-spies suspected of connections with China have infected "Dozens" of computers belonging to Russian government agencies and IT providers with backdoors and trojans since late July, according to Kaspersky. The Russia-based security biz claimed the malware used in the ongoing, targeted attacks - dubbed EastWind - has links to two China-nexus groups tracked as APT27 and APT31.

Questions raised as one of the world's largest PC makers joins America's critical defense team Opinion Lenovo's participation in a cybersecurity initiative has reopened old questions over the...

The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly...

Chinese app developers have signed up to beta test a national cyberspace ID system that will use facial recognition technology and the real names of users, according to Chinese media. Among the 71 privately-owned internet apps and ten government apps reported to be involved in The National Network Identity Authentication Pilot Edition are messaging and social media platform WeChat, online marketplace Taobao, and social commerce and lifestyle platform Xiaohongshu.

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group. It was also found to have targeted an international non-governmental organization in Mainland China with MgBot delivered via update channels of legitimate applications like Tencent QQ. While it was speculated that the trojanized updates were either the result of a supply chain compromise of Tencent QQ's update servers or a case of an adversary-in-the-middle attack, Volexity's analysis confirms it's the latter stemming from a DNS poisoning attack at the ISP level.

Germany's government has named China-controlled actors as the perpetrators of a 2021 cyber attack on the Federal Office of Cartography and Geodesy - the official mapping agency. The nation's Ministry of the Interior and Home Affairs on Wednesday published an assertion that China infiltrated the Office's systems to conduct espionage, after first compromising devices belonging to private individuals and businesses to conduct the raid.

Although the policy is only open for comments and not certain to be adopted, the IDs would serve to "Protect citizens' personal information, regulate the public service for authentication of cyberspace IDs, and accelerate the implementation of the trusted online identity strategy," according to a notice posted by the State Council - China's equivalent of a ministerial cabinet. A government national service platform will be responsible for authenticating and issuing the cyberspace IDs.

The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals and healthcare providers, US defense companies, NASA, and even a Chinese target. An indictment [PDF] named Rim Jong Hyok as a participant in "a conspiracy to hack and extort US hospitals and other health care providers, launder the ransom proceeds, and then use these proceeds to fund additional computer intrusions into defense, technology, and government entities worldwide."

"The MSS often uses 'cooperative contacts' located in countries outside of the PRC in furtherance of their intelligence goals, which include obtaining information concerning foreign corporate or industrial matters, foreign politicians or intelligence officers, and information concerning PRC political dissidents residing in those countries," the Department of Justice said, announcing the charges. In 2012, Li is alleged to have gathered biographical information about an individual associated with the Falun Gong religious movement and passed it back to the MSS within a week of receiving the order.

China has asserted that the Volt Typhoon gang, which Five Eyes nations accuse of being a Beijing-backed attacker that targets critical infrastructure, was in fact made up by the US intelligence community. The nation's National Computer Virus Emergency Response Center, National Engineering Laboratory for Computer Virus Prevention Technology, and infosec vendor 360 Digital Security Group last week published a report [PDF] on Vault Typhoon titled ": A secret Disinformation Campaign targeting US Congress and Taxpayers conducted by US Government agencies.