Security News

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider located in Africa. The intrusion vector in question relates to the exploitation of CVE-2022-42475, a heap-based buffer overflow vulnerability in FortiOS SSL-VPN that could result in unauthenticated remote code execution via specifically crafted requests.

Groups tied to the Russian intelligence services will also continue to target geographic neighbors with disinformation campaigns, intelligence gathering, and possibly low-level disruptive attacks. Traditional espionage targets will continue to be a focus; for example, we saw evidence in August 2022 of Russian intelligence services using spear phishing emails to target staff at the Argonne and Brookhaven national laboratories in the US, which conduct cutting edge energy research.

The paper, titled "Factoring integers with sublinear resources on a superconducting quantum processor," suggests that the application of Claus Peter Schnorr's recent factoring algorithm, in conjunction with a quantum approximate optimization algorithm, can break asymmetric RSA-2048 encryption using a non-fault tolerant quantum computer with only 372 physical quantum bits or qubits. The speculation has been that orders of magnitude more qubits, in conjunction with robust error correction at scale, may allow future quantum computers to run Peter Schor's algorithm - not to be confused with the similarly named Schnorr - quickly, on very large numbers, thereby breaking RSA encryption.

Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei. The most notable aspect about the operation is the steps taken by the threat actors to bypass steps taken by users to prevent scam calls, using a new pay-as-you-go U.K. phone number for each wave so as to render phone number-based blocking ineffective.

The United States Department of Commerce has added 36 Chinese companies or subsidiaries to its list of companies that cannot import certain US technologies without a license, citing national security, foreign policy interests, and the possibility that some might help already banned companies to evade restrictions. YMTC is already listed on the Department's Unverified List and is therefore unable to procure some US wafer fab equipment and other US-made technologies.

The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. Mustang Panda is a prolific cyber-espionage group from China that's also tracked under the names Bronze President, Earth Preta, HoneyMyte, RedDelta, and Red Lich.

Public sector bans of Chinese platform TikTok on the grounds of national security have arisen in both Taiwan and additional US states following last week's ban in South Dakota. Last month, Taiwan's Mainland Affairs Council reportedly said the government has prohibited Chinese-funded corporations from operating online platforms in Taiwan and ByteDance does not operate a branch in Taiwan.

Amnesty International's Canadian branch has disclosed a security breach detected in early October and linked to a threat group likely sponsored by China. "The investigation's preliminary results indicate that a digital security breach was perpetrated using tools and techniques associated with specific advanced persistent threat groups," Amnesty International Canada said.

A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a...

A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. The reliance on infected USB drives to propagate the malware is unusual if not new.