Security News

The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been attributed to a Chinese cyber espionage group known for operating short-lived ransomware schemes. "This reinforces claims that the 'Emperor Dragonfly' ransomware operators are based in China."

Meta says it has disrupted a misinformation network targeting US politics ahead of the 2022 midterm elections and one that sought to influence public opinion in Europe about the conflict in Ukraine. According to its report of the takedowns, the Chinese operation targeting US audiences attempted to reach both sides of the aisle, but was largely unsuccessful.

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile.

The U.S. Federal Communications Commission has added Pacific Network Corp, along with its subsidiary ComNet LLC, and China Unicom Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency said the companies are subject to the Chinese government's exploitation, influence, and control, and could be forced to comply with requests for intercepting and misrouting communications, without the ability to challenge such requests.

The US Federal Communications Commission has added two Chinese companies to its list of communications equipment suppliers rated a threat to national security: Pacific Network Corp, its wholly owned subsidiary ComNet LLC, and China Unicom. "Earlier this year the FCC revoked China Unicom America's and PacNet/ComNet's authorities to provide service in the United States because of the national security risks they posed to communications in the United States. Now, working with our national security partners, we are taking additional action to close the door to these companies by adding them to the FCC's Covered List," said Chairwoman Jessica Rosenworcel.

State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.

State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.

Chinese scammers have reportedly stolen a whopping $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes, according to the cyber crime unit in the state of Uttar Pradesh. "The instant loan apps, the part-time job offers and now the crypto trading fraud, all of them are being operated by the same hackers from China. The SMS aggregators are also involved in it," Uttar Pradesh Cyber Crime Superintendent of Police Triveni Singh said, according to Press Trust Of India.

A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is modular malware that contacts a command and control server for tasking and can download additional plugins to enhance its capability beyond basic information gathering," Secureworks Counter Threat Unit said in a report shared with The Hacker News.

A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint said in a published in partnership with PwC. Targets encompass local and federal Australian Governmental agencies, Australian news media companies, and global heavy industry manufacturers which conduct maintenance of fleets of wind turbines in the South China Sea.