Security News

A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals. According to Kaspersky, the toolset emerged as early as July 2020, with the threat actor targeting various entities in Southeast Asia, including governmental organizations and telecom companies.

Chinese web giant Tencent has suspended new signups to its WeChat messaging service. A notification posted yesterday to the WeChat account on Sina Weibo, China's Twitter analogue, said the reason for the suspension is a security upgrade.

A recently disclosed vulnerability affecting a popular survey creation tool has been exploited by a threat group that may be linked to China against organizations in the United States. Sygnia does not mention China in its report, but the company said it found some links to attacks that were previously attributed to the Chinese government.

The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a "Naming-and-shaming" approach - but researchers aren't convinced the efforts will come to much in terms of deterring future activity. The U.S. Cybersecurity and Infrastructure Agency, the Federal Bureau of Investigation and the National Security Administration released multiple advisories providing details about cybersecurity threats from the Chinese government, and announced the indictments of four Chinese nationals alleged to have been operating on behalf of the Chinese Hanian State Security Department.

Chinese state-sponsored attackers have breached 13 US oil and natural gas pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. The end goal of the attacks was to help China develop cyberattack capabilities that would allow future intrusions to physically damage targeted pipelines or disrupt US pipeline operations.

The Microsoft Exchange Server attacks earlier this year were "Systemic cyber sabotage" carried out by Chinese state hacking crews including private contractors working for a spy agency, the British government has said. Foreign Secretary Dominic Raab said this morning in a statement: "The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held to account if it does not."

Today, the US Department of Justice indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. Wu Shurong, the fourth Chinese national indicted today by the DOJ, was hired through Hainan Xiandun to create malware, hack into foreign governments' computer systems, companies, and universities to steal trade secrets, intellectual property, and other high-value information, as well as to supervise other Hainan Xiandun hackers.

A newly uncovered advanced persistent threat campaign is targeting a large number of users in South Asia, including government entities, according to a new report from anti-malware vendor Kaspersky. Dubbed LuminousMoth, the activity involves cyberespionage attacks on governments since at least October 2020 but, unlike similar attacks that are highly targeted, this campaign stands out due to its size: roughly 100 victims in Myanmar and 1,400 in the Philippines.

Kaspersky researchers have revealed an ongoing and large-scale advanced persistent threat campaign with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities. While analyzing LuminousMoth's cyberespionage attacks against several Asian government entities that started since at least October 2020, Kaspersky researchers discovered a total of 100 victims in Myanmar and 1,400 in the Philippines.

Starting September 1, 2021, the Chinese government will require that any Chinese citizen who finds a zero-day vulnerability must pass the details to the Chinese government and must not sell or give the knowledge to any third-party outside of China. The most obvious assumption is that Chinese found zero-days will be funneled into the Chinese APT groups, and will not be made available for purchase by the NSA or Russian state actors.