Security News

China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates
2024-08-05 04:16

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group. It was also found to have targeted an international non-governmental organization in Mainland China with MgBot delivered via update channels of legitimate applications like Tencent QQ. While it was speculated that the trojanized updates were either the result of a supply chain compromise of Tencent QQ's update servers or a case of an adversary-in-the-middle attack, Volexity's analysis confirms it's the latter stemming from a DNS poisoning attack at the ISP level.

Germany names China as source of attack on government geospatial agency
2024-08-01 05:59

Germany's government has named China-controlled actors as the perpetrators of a 2021 cyber attack on the Federal Office of Cartography and Geodesy - the official mapping agency. The nation's Ministry of the Interior and Home Affairs on Wednesday published an assertion that China infiltrated the Office's systems to conduct espionage, after first compromising devices belonging to private individuals and businesses to conduct the raid.

China ponders creating a national 'cyberspace ID'
2024-07-29 05:28

Although the policy is only open for comments and not certain to be adopted, the IDs would serve to "Protect citizens' personal information, regulate the public service for authentication of cyberspace IDs, and accelerate the implementation of the trusted online identity strategy," according to a notice posted by the State Council - China's equivalent of a ministerial cabinet. A government national service platform will be responsible for authenticating and issuing the cyberspace IDs.

North Korean chap charged for attacks on US hospitals, military, NASA – and even China
2024-07-26 02:58

The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals and healthcare providers, US defense companies, NASA, and even a Chinese target. An indictment [PDF] named Rim Jong Hyok as a participant in "a conspiracy to hack and extort US hospitals and other health care providers, launder the ransom proceeds, and then use these proceeds to fund additional computer intrusions into defense, technology, and government entities worldwide."

Uncle Sam accuses telco IT pro of decade-long spying campaign for China
2024-07-25 17:15

"The MSS often uses 'cooperative contacts' located in countries outside of the PRC in furtherance of their intelligence goals, which include obtaining information concerning foreign corporate or industrial matters, foreign politicians or intelligence officers, and information concerning PRC political dissidents residing in those countries," the Department of Justice said, announcing the charges. In 2012, Li is alleged to have gathered biographical information about an individual associated with the Falun Gong religious movement and passed it back to the MSS within a week of receiving the order.

Beijing's attack gang Volt Typhoon was a false flag inside job conspiracy: China
2024-07-19 05:09

China has asserted that the Volt Typhoon gang, which Five Eyes nations accuse of being a Beijing-backed attacker that targets critical infrastructure, was in fact made up by the US intelligence community. The nation's National Computer Virus Emergency Response Center, National Engineering Laboratory for Computer Virus Prevention Technology, and infosec vendor 360 Digital Security Group last week published a report [PDF] on Vault Typhoon titled ": A secret Disinformation Campaign targeting US Congress and Taxpayers conducted by US Government agencies.

China-linked APT17 Targets Italian Companies with 9002 RAT Malware
2024-07-17 08:47

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second campaign contained a link," the company noted.

UK cyber-boss slams China's bug-hoarding laws
2024-07-15 00:03

ASIA IN BRIEF The interim CEO of the UK's National Cyber Security Centre has criticized China's approach to bug reporting. After first pointing out that UK authorities have not attributed that incident to a Chinese actor, Oswald said "Chinese actors' approach in cyberspace over the last 18 months should worry us all."

White House urged to double check Microsoft isn't funneling AI to China via G42 deal
2024-07-12 20:22

Two House committee chairs have sent a public letter to the White House asking it to look into a deal between AI R&D outfit G42 and Microsoft. The missive [PDF] to National Security Adviser Jake Sullivan is authored by Reps Michael McCaul and John Moolenaar, respectively the chairs of the House Foreign Affairs Committee and the House Committee on Strategic Competition with the Chinese Communist Party.

China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox
2024-07-12 01:29

Meet DodgeBox, son of StealthVector Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox,...