Security News

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world...

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle...

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The...

Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first...

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs)...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Coathanger - a piece of malware specifically built to persist on Fortinet's FortiGate appliances - may still be lurking on too many devices deployed worldwide. It's also difficult to detect its presence by using FortiGate CLI commands, and to remove it from compromised devices.

As the MIVD disclosed in February in a joint report with the General Intelligence and Security Service, Chinese hackers exploited a critical FortiOS/FortiProxy remote code execution vulnerability over a few months between 2022 and 2023 to deploy malware on vulnerable Fortigate network security appliances. The MIVD found that this previously unknown malware strain, which could survive system reboots and firmware upgrades, was deployed by a Chinese state-sponsored hacking group in a political espionage campaign targeting the Netherlands and its allies.

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The...

Sophos released its report, "Operation Crimson Palace: Threat Hunting Unveils Multiple Clusters of Chinese State-Sponsored Activity Targeting Southeast Asia," which details a highly sophisticated, nearly two-year long espionage campaign against a high-level government target. During Sophos X-Ops' investigation, which began in 2023, the managed detection and response team found three distinct clusters of activity targeting the same organization, two of which included tactics, techniques and procedures that overlap with well-known, Chinese nation-state groups: BackdoorDiplomacy, APT15 and the APT41 subgroup Earth Longzhi.