A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country. In the joint announcement, the Israeli government states that the attempts resulted in no damage to the hospitals and the medical organizations, thanks to national-level coordination and the quick and decisive response of the local IT teams.
A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them. Rew Birge, US Attorney for the Western District of Michigan, said Geoffrey Mark Hays Talsma has been indicted on charges of mail and wire fraud, transporting stolen property across state lines, aggravated identity theft, and lying to the FBI. Also indicted were three alleged co-conspirators: Gregory Mark Gleesing, 43, and Lovedeep Singh Dhanoa, 25, both from Portage, Michigan, and Paul Steven Larson, 32, from Kalamazoo, Michigan.
A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan. The malware, known as MysterySnail, was found by Kaspersky security researchers on multiple Microsoft Servers between late August and early September 2021.
Blackberry's Research and Intelligence Team has uncovered three phishing schemes targeting Indian nationals, and says a Chinese state-sponsored malware gang is the culprit. Blackberry identified the responsible party as APT41 - a prolific Chinese state-sponsored cyberthreat group that has carried out what Fireye called "Espionage activity in parallel with financially motivated operations" since at least 2012.
Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India. APT41 is a moniker assigned to a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in conjunction with financially motivated operations for personal gain as far back as 2012.
A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "Sophisticated multi-stage malware framework" that allows for providing persistence and remote control over the targeted hosts.
A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly. The cybersecurity firm attributed the intrusion to a group it tracks as SparklingGoblin, an adversary believed to be connected to the Winnti malware family.
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "High confidence" to a threat actor operating out of China. "The Serv-U SSH server is subject to a pre-auth remote code execution vulnerability that can be easily and reliably exploited in the default configuration," Microsoft Offensive Research and Security Engineering team said in a detailed write-up describing the exploit.
The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019. "Mozi uses a P2P network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019.
Police are investigating an electrical vehicle company in China following claims that car data was tampered with following a fatal collision. On August 12, 31 year old Lin Wenqin was using the driver assistance feature on his Nio ES8 when he was involved in a fatal car crash.