Security News

NSA, CISA, and the FBI revealed today the top security vulnerabilities most exploited by hackers backed by the People's Republic of China to target government and critical infrastructure networks. The three federal agencies said in a joint advisory that Chinese-sponsored hackers are targeting U.S. and allied networks and tech companies to gain access to sensitive networks and steal intellectual property.

Cybersecurity biz Kaspersky has spotted a modified version of the Tor Browser it says collects sensitive data on Chinese users. The data collected by the browser itself includes internet history and data entered into website forms, said the threat hunter.

The Cheerscrypt ransomware has been linked to a Chinese hacking group named 'Emperor Dragonfly,' known to frequently switch between ransomware families to evade attribution. The ransomware gang is tracked under different names, such as Bronze Starlight and DEV-0401, and has been seen using a wide variety of ransomware families since 2021.

The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes. "This reinforces claims that the 'Emperor Dragonfly' ransomware operators are based in China."

Meta says it has disrupted a misinformation network targeting US politics ahead of the 2022 midterm elections and one that sought to influence public opinion in Europe about the conflict in Ukraine. According to its report of the takedowns, the Chinese operation targeting US audiences attempted to reach both sides of the aisle, but was largely unsuccessful.

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile.

The U.S. Federal Communications Commission has added Pacific Network Corp, along with its subsidiary ComNet LLC, and China Unicom Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency said the companies are subject to the Chinese government's exploitation, influence, and control, and could be forced to comply with requests for intercepting and misrouting communications, without the ability to challenge such requests.

The US Federal Communications Commission has added two Chinese companies to its list of communications equipment suppliers rated a threat to national security: Pacific Network Corp, its wholly owned subsidiary ComNet LLC, and China Unicom. "Earlier this year the FCC revoked China Unicom America's and PacNet/ComNet's authorities to provide service in the United States because of the national security risks they posed to communications in the United States. Now, working with our national security partners, we are taking additional action to close the door to these companies by adding them to the FCC's Covered List," said Chairwoman Jessica Rosenworcel.

State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.

State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.