Security News

Online work accounts of News Corporation journalists were broken into by snoops with ties to China, it was claimed today. The cyber-attack "Included the targeting of emails and documents of some employees, including journalists," wrote defense editor Larisa Brown.

The Federal Communications Commission has revoked China Unicom Americas' license, one of the world's largest mobile service providers, over "Serious national security concerns." China Unicom Americas is the largest foreign subsidiary of China Unicom, a Chinese state-owned telecom company.

Australian Prime Minister Scott Morrison's WeChat account has been taken over by entities that have rebranded it "Australian Chinese new life" and used the account to offer advice on living in Australia for the nation's Chinese community. Morrison, leader of the right-of-centre Liberal Party of Australia, has used Tencent-owned WeChat as a campaigning tool to reach Australia's sizable Chinese community - many of whom are concentrated in particular seats and are therefore considered a sought-after voting bloc.

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group. Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "Most advanced UEFI firmware implant discovered in the wild to date," adding "The purpose of the implant is to facilitate the deployment of user-mode malware that stages execution of further payloads downloaded from the internet."

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed "Large academic institution." The state-sponsored group is believed to have been operating since mid-2020 in pursuit of intelligence collection and industrial espionage, with its attacks primarily directed against companies in the telecommunications, technology, and government sectors.

BlackTech cyber-espionage APT group has been spotted targeting Japanese companies using novel malware that researchers call 'Flagpro'. The threat actor uses Flagpro in the initial stage of an attack for network reconnaissance, to evaluate the target's environment, and to download second-stage malware and execute it.

China's Ministry of Industry and Information Technology has suspended Alibaba Cloud's membership of an influential security board to protest its handling of the Log4j flaw. The move appears odd as The Apache Software Foundation credited Alibaba Cloud's Chen Zhaojunfor identifying and reporting the Log4J flaw in the first place.

Microsoft has revealed its Digital Crimes Unit won court approval to take control of websites a Chinese gang was using to attack targets across the world - often by exploiting vulnerabilities in Microsoft products. A post attributed to Microsoft's corporate veep for customer security & trust, Tom Burt, states the US District Court for the Eastern District of Virginia has granted Microsoft to take control of malicious websites operated by a group called Nickel that has been around since at least 2016.

Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. "Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa," Microsoft's Corporate Vice President for Customer Security and Trust, Tom Burt, said.

Microsoft seized today dozens of malicious sites used by the Nickel China-based hacking group to target organizations in the US and 28 other countries worldwide. "Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa," said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.