Security News

Google's Threat Analysis Group says the Chinese People's Liberation Army and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group.

Taiwan's Ministry of Justice has tasked its Investigation Bureau to conduct a series of raids around the island and hauled in 60 Chinese nationals suspected of lifting trade secrets or poaching talent from China-owned firms. "The Chinese Communist Party has made a large-scale detour to Taiwan through mainland enterprises and poached Taiwan high-tech industry talents with high salaries," explained the Investigation Bureau of the Ministry of Justice.

APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application as well as the now infamous zero-day in Log4j," researchers from Mandiant said in a report published Tuesday, calling it a "Deliberate campaign."

Chinese hackers attempted phishing on emails affiliated with US government. According to Google's Threat Analysis Group, multiple Gmail users affiliated with the U.S. government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February.

The China-aligned group tracked as TA416 has been consistently targeting European diplomats since August 2020, with the most recent activity involving refreshed lures to coincide with the Russian invasion of Ukraine. According to a new report by Proofpoint, TA416 spearheads cyber-espionage operations against the EU, consistently focusing on this long-term role without reaping opportunistic gains.

Google's Threat Analysis Group has warned multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31. "In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government," Google Threat Analysis Group's Director Shane Huntley revealed today.

Daxin is a backdoor malware that allows its controller to install further malicious software, has network tunneling capabilities, can relay communications across infected nodes, is able to hijack legitimate TCP/IP connections and is otherwise an incredibly complex piece of code. As recently as November 2021, Daxin has been involved with attacks linked to Chinese actors, generally against targets with a strategic value for China.

As big tech companies from the West swiftly and happily comply with new rules that prohibit interactions with Russia, Chinese companies will soon feel pressure to do likewise - and counter-pressure to resist such calls. In early February, Russia and China re-affirmed their relationship as having "No limits" and essentially declared they are best friends forever.

The Daxin malware is taking aim at hardened government networks around the world, according to researchers, with the goal of cyberespionage. "Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control functionality that enabled remote actors to communicate with secured devices not connected directly to the internet," warned CISA, in a Monday alert.

Security researchers have discovered Daxin, a China-linked stealthy backdoor specifically designed for deployment in hardened corporate networks that feature advanced threat detection capabilities. According to a technical report published by Symantec's Threat Hunter team today, Daxin is one of the most advanced backdoors ever seen deployed by Chinese actors.