Security News

China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet. Victims landed on the fraudulent site after receiving phishing emails with enticing lures and received a malicious JavaScript payload from the ScanBox reconnaissance framework.

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision - short for Hangzhou Hikvision Digital Technology - is a Chinese state-owned manufacturer of video surveillance equipment.

A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. The adversary's consistent targeting of think tanks and humanitarian organizations over the past three years falls in line with the strategic interests of the Chinese government, the report added.

Russia's military has praised civilian grade Chinese-made drones and robots for having performed well on the battlefield, leading their manufacturers to point out the equipment is not intended or sold for military purposes. "When assembling the M-81, Chinese technologies are used, the cost is 1 million rubles. The company plans to launch production in Russia," reported Russian tech media source iXBT. In late July, Unitree tweeted that it "Opposes any form of refit and behavior that is harmful or potentially harmful for human beings" and that it only manufactures and sells civilian products.

A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the Windows operating system and rshell artifacts for Linux and macOS. As many as 13 different entities located in Taiwan and the Philippines have been at the receiving end of the attacks, eight of whom have been hit with rshell.

Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor that can be used to steal data from Linux and macOS systems. SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.

Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Attack chains entail penetrating the enterprise IT networks using carefully crafted phishing emails, including some that referenced non-public information pertaining to the organizations, to trick recipients into opening rogue Microsoft Word documents.

Yesterday the CAC detailed some of the 12,000 acts of online fraud perpetrated against minors it handled this year. The unfortunate 15 year old, whom the CAC identified as Tan Moumou, was playing a mobile game when an unknown person added him as a friend on messaging platform WeChat and claimed he could circumvent China's gaming restrictions.

An extensive series of attacks detected in January used new Windows malware to backdoor government entities and organizations in the defense industry from several countries in Eastern Europe. Kaspersky linked the campaign with a Chinese APT group tracked as TA428, known for its information theft and espionage focus and attacking organizations in Asia and Eastern Europe [1, 2, 3, 4]. The threat actors successfully compromised the networks of dozens of targets, sometimes even taking control of their entire IT infrastructure by hijacking systems used to manage security solutions.

Researchers have disclosed a new offensive framework called Manjusaka that they call a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control, written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors," Cisco Talos said in a new report.