Security News

Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China. The hacking group tracked as Earth Empusa or Evil Eye used the now disabled Facebook accounts to send links that redirected their targets to malicious websites under their control in watering hole attacks.

Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world. The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.

TikTok is likely no more of a threat to users than Facebook, according to an analysis by academic research group Citizen Lab that analyzed the video-sharing social networking service's app to probe for security, privacy and censorship issues. The authors considered both TikTok - the app available outside China - and Douyin, the Chinese version of TikTok.

Chinese nation-state hackers have been linked to an attack on the Parliament of Finland that took place last year and led to the compromise of some parliament email accounts. "Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs," Parliament officials said at the time.

Security vendor McAfee has detected an attack it believes was likely aimed at telecoms companies in the hope of stealing information related to 5G networks. McAfee has named the attack "Operation Diànxùn" and says it resembles past attacks perpetrated by groups named RedDelta and Mustang Panda.

China-linked cyber-espionage group Mustang Panda is targeting telecommunications companies in Asia, Europe, and the United States for espionage purposes, according to a warning from security researchers at McAfee. The new malware attacks, McAfee says, employ the same tactics, techniques and procedures previously associated with Mustang Panda.

Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems. Based on command-and-control servers still being active, the Linux backdoor is being used in ongoing attacks targeting both Linux servers and endpoints.

With regards your question, I'm going to answer it in a bit more depth as there is a lot many realy do not realise both from a defenders and attackers point of view. The level of the attack signal rises and the level of the signals uncorrelated with the Zero Day attack go down do not remain covery long when you can "Go back in time" repeatedly with "Collect it All" databases.

Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors. RedXOR's name comes from the fact that it encodes its network data with a scheme based on XOR, and that it's compiled with a legacy GCC compiler on an old release of Red Hat Enterprise Linux, suggesting that the malware is deployed in targeted attacks against legacy Linux systems.

A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. The findings were also corroborated by cybersecurity firms Palo Alto Networks' Unit 42 threat intelligence team and GuidePoint Security, both of whom described Supernova as a.NET web shell implemented by modifying an "App web logoimagehandler.ashx.b6031896.dll" module of the SolarWinds Orion application.