Security News

Chinese scammers have reportedly stolen a whopping $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes, according to the cyber crime unit in the state of Uttar Pradesh. "The instant loan apps, the part-time job offers and now the crypto trading fraud, all of them are being operated by the same hackers from China. The SMS aggregators are also involved in it," Uttar Pradesh Cyber Crime Superintendent of Police Triveni Singh said, according to Press Trust Of India.

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is modular malware that contacts a command and control server for tasking and can download additional plugins to enhance its capability beyond basic information gathering," Secureworks Counter Threat Unit said in a report shared with The Hacker News.

A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint said in a published in partnership with PwC. Targets encompass local and federal Australian Governmental agencies, Australian news media companies, and global heavy industry manufacturers which conduct maintenance of fleets of wind turbines in the South China Sea.

China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet. Victims landed on the fraudulent site after receiving phishing emails with enticing lures and received a malicious JavaScript payload from the ScanBox reconnaissance framework.

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision - short for Hangzhou Hikvision Digital Technology - is a Chinese state-owned manufacturer of video surveillance equipment.

A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. The adversary's consistent targeting of think tanks and humanitarian organizations over the past three years falls in line with the strategic interests of the Chinese government, the report added.

Russia's military has praised civilian grade Chinese-made drones and robots for having performed well on the battlefield, leading their manufacturers to point out the equipment is not intended or sold for military purposes. "When assembling the M-81, Chinese technologies are used, the cost is 1 million rubles. The company plans to launch production in Russia," reported Russian tech media source iXBT. In late July, Unitree tweeted that it "Opposes any form of refit and behavior that is harmful or potentially harmful for human beings" and that it only manufactures and sells civilian products.

A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the Windows operating system and rshell artifacts for Linux and macOS. As many as 13 different entities located in Taiwan and the Philippines have been at the receiving end of the attacks, eight of whom have been hit with rshell.

Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor that can be used to steal data from Linux and macOS systems. SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.

Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Attack chains entail penetrating the enterprise IT networks using carefully crafted phishing emails, including some that referenced non-public information pertaining to the organizations, to trick recipients into opening rogue Microsoft Word documents.