Security News

'Bitter' espionage hackers target Chinese nuclear energy orgs
2023-03-24 14:47

A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders. Bitter is a suspected South Asian hacking group known to target high-profile organizations in the energy, engineering, and government sectors in the Asian-Pacific region.

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies
2023-03-24 09:59

Attack chains mounted by the group commence with a spear-phishing email to deploy a wide range of tools for backdoor access, command-and-control, and data exfiltration. These messages come bearing with malicious lure archives distributed via Dropbox or Google Drive links that employ DLL side-loading, LNK shortcut files, and fake file extensions as arrival vectors to obtain a foothold and drop backdoors like TONEINS, TONESHELL, PUBLOAD, and MQsTTang.

Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
2023-03-23 09:29

Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023. The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps.

Google suspends top Chinese shopping app Pinduoduo
2023-03-21 05:58

Google has suspended Chinese shopping app Pinduoduo from its Play store because versions of the software found elsewhere have included malware. Interestingly, Google told Bloomberg versions of Pinduoduo hosted on outside Play were the source of the infected software, yet it chose to ban the app from the Play store and users of Android devices not to run the apps.

Vessels claiming to be Chinese warships are messing with passenger planes
2023-03-20 07:29

Australian airline Qantas issued standing orders to its pilots last week advising them that some of its fleet experienced interference on VHF stations from sources purporting to be the Chinese Military. The interference has been noticed in the western Pacific and South China Sea.

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
2023-03-18 11:30

The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments.

Feds arrest and charge exiled Chinese billionaire over massive crypto fraud
2023-03-17 02:59

Meet the newest member of the crypto rogues' gallery: Ho Wan Kwok, aka Guo Wengui, aka Miles Guo, whom the US Department of Justice on Wednesday arrested over what investigators have described as a "Sprawling and complex scheme to solicit investments in various entities and programs through false statements and representations to hundreds of thousands of Kwok's online followers." One of Guo's operations was called Himalaya Exchange.

Here's how Chinese cyber spies exploited a critical Fortinet bug
2023-03-17 01:00

Suspected Chinese spies have exploited a critical Fortinet bug, and used custom networking malware to steal credentials and maintain network access, according to Mandiant security researchers. "Mandiant suspected the FortiGate and FortiManager devices were compromised due to the connections to VIRTUALPITA from the Fortinet management IP addresses," the researchers observed.

Fortinet zero-day attacks linked to suspected Chinese hackers
2023-03-16 19:13

A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability to deploy malware. The security flaw allowed threat actors to deploy malware payloads by executing unauthorized code or commands on unpatched FortiGate firewall devices, as Fortinet disclosed last week.

Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection
2023-03-16 15:30

Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. The development comes as improved detection capabilities against Cobalt Strike, a legitimate post-exploitation tool used for red team operations, is forcing threat actors to seek alternative options or concoct new ways to propagate the framework to evade detection.