Security News

The Chinese hacking group Deep Panda is targeting VMware Horizon servers with the Log4Shell exploit to deploy a novel rootkit named 'Fire Chili. In a recent Deep Panda campaign discovered by Fortinet, the hacking group is deploying the new 'Fire Chili' rootkit to evade detection on compromised systems.

FCC adds Kaspersky, Chinese companies to list of potential threats to national security. The Federal Communications Commission's Public Safety and Homeland Security Bureau has added three companies to the list of communications equipment and services that pose a threat to national security through access to user information.

If ZTE and other Chinese giants defy bans on selling American technology to Russia, it will be because they can't help but chase the revenue, says Ashley Yablon, the whistleblower whose evidence led to ZTE being fined for willfully ignoring the US ban on exports to Iran. Yablon is a lawyer who, after working in senior roles at Huawei USA, in late 2011 became general counsel at Chinese telco kit-maker ZTE's US operations.

The U.S. Federal Communications Commission on Friday moved to add Russian cybersecurity company Kaspersky Lab to the "Covered List" of companies that pose an "Unacceptable risk to the national security" of the country. Also added alongside Kaspersky were China Telecom Corp and China Mobile International USA. The block list includes information security products, solutions, and services supplied, directly or indirectly, by the company or any of its predecessors, successors, parents, subsidiaries, or affiliates.

A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. "The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine since the invasion began," SentinelOne researcher Tom Hegel said in a report published this week.

A China-based advanced persistent threat known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX variant called THOR that came to light in July 2021.

The Chinese advanced persistent threat Mustang Panda has upgraded its espionage campaign against diplomatic missions, research entities and internet service providers - largely in and around Southeast Asia. For one thing, the APT has deployed a brand-new, customized variant of an old but powerful remote-access tool called PlugX, according to researchers from ESET. They named this latest variant "Hodur," after a blind Norse god known for slaying his thought-to-be-invulnerable half-brother Baldr.

A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong....

Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a "Feature-rich, multi-platform malware family that uses public cloud hosting services for command-and-control channels."

Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud. The malware was discovered by researchers at Volexity, who retrieved it from the RAM of a MacBook Pro running macOS 11.6, which was compromised in a late 2021 cyberespionage campaign.