Security News
New research has found evidence that a Chinese-affiliated threat group has hijacked a hacking tool previously used by the Equation Group. "Although we don't show any conclusive evidence that there is there any connection between China and the ShadowBrokers, we do show conclusive evidence that this Chinese group had in their possession a tool that was made by Equation Group, and not only that they had this tool, but they also repurposed it and used it, probably to attack many targets, including American targets," Yaniv Balmas, head of cyber research with Check Point Software, said.
Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. "To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called 'EpMe'," Check Point said.
A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group's exploits three years before the targeted vulnerability was publicly exposed as part of Shadow Brokers' "Lost in Translation" leak, cybersecurity firm Check Point says in a new report. Attributed to APT31, a Chinese hacking group also tracked as Zirconium, the exploit for this vulnerability is the clone of an Equation Group exploit code-named "EpMe," Check Point says.
Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. China's exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter.
Unit 42 researchers today have shared info on a new polymorphic and "Highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government. The malware has features and behavior that strongly resemble those of the WaterBear malware family, active since at least as early 2009.
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware - including a previously undocumented backdoor. Attributing the campaign to Winnti, Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A second attack detected on May 30 used a malicious RAR archive file consisting of shortcuts to two bait PDF documents that purported to be a curriculum vitae and an IELTS certificate.
The affected server, hosted by Tencent, was segmented into indices in order to store data obtained from each social-media source, which allowed researchers to look into the data further. "Our research team was able to determine that the entirety of the leaked data was 'scraped' from social-media platforms, which is both unethical and a violation of Facebook's, Instagram's and LinkedIn's terms of service," researchers said, in a Monday blog post.
United States president Donald Trump has signed an executive order banning the use of eight Chinese apps, namely Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office. The executive order says the apps "Threaten national security, foreign policy, and economy of the United States" because China can track users' devices.
President Donald Trump has signed an executive order banning transactions with eight Chinese apps including Alipay and WeChat Pay in an escalation of a trade war that has been unfolding through most of his term. The orders follow two others Trump signed in August banning dealings with the popular video app TikTok as well as the main WeChat messaging app.
China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files. More recently the cyberspies appear to have switched to financially-motivated attacks.