Security News

At least two Chinese cyberespionage groups targeted Russian federal executive authorities in 2020, security researchers with threat hunting and intelligence firm Group-IB reveal. An in-depth analysis of the employed malware families suggests that Chinese hacker groups TA428 and TaskMasters were behind a series of attacks that targeted Russian government agencies in 2020, Group-IB says.

An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020. The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called "Webdav-O" that was detected in the intrusions, with the cybersecurity firm observing similarities between the tool and that of popular Trojan called "BlueTraveller," that's known to be connected to a Chinese threat group called TaskMasters and deployed in malicious activities with the aim of espionage and plundering confidential documents.

China-linked hacking group APT31 has been using new malware in recent attacks targeting Mongolia, Belarus, Canada, the United States, and - for the first time - Russia, according to enterprise cybersecurity firm Positive Technologies. In July 2021, the group was officially accused of targeting vulnerabilities in Microsoft Exchange servers, on behalf of China, and France warned of APT31's continuous abuse of hacked routers in malicious attacks.

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan on compromised systems. Attributing the intrusions to a threat actor named PKPLUG, Palo Alto Networks' Unit 42 threat intelligence team said it identified a new version of the modular PlugX malware, called Thor, that was delivered as a post-exploitation tool to one of the breached servers.

Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017. The Boston-based cybersecurity firm linked the campaigns to three different Chinese threat actors, namely Gallium, Naikon APT, and TG-3390.

Attack protection specialist Cybereason has fingered threat actors working on behalf of "Chinese state interests" as being behind attacks on telcos operating in Southeast Asia - with some having been prowling the penetrated networks for information on high-value targets since 2017. "Telcos are a prime target for nation-state espionage programs for various reasons, among them, the ability to collect information about the telco's subscribers," Assaf Dahan, senior director and head of threat research at Cybereason, told.

Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda.

A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals. According to Kaspersky, the toolset emerged as early as July 2020, with the threat actor targeting various entities in Southeast Asia, including governmental organizations and telecom companies.

Chinese web giant Tencent has suspended new signups to its WeChat messaging service. A notification posted yesterday to the WeChat account on Sina Weibo, China's Twitter analogue, said the reason for the suspension is a security upgrade.

A recently disclosed vulnerability affecting a popular survey creation tool has been exploited by a threat group that may be linked to China against organizations in the United States. Sygnia does not mention China in its report, but the company said it found some links to attacks that were previously attributed to the Chinese government.