Security News

Chinese threat actors hacked NYC MTA using Pulse Secure zero-day
2021-06-03 15:55

Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority network in April using a Pulse Secure zero-day. MTA mitigated the vulnerability on April 21, one day after Pulse Secure issued an advisory, and CISA published an alert on the Pulse Secure zero-day exploited in the attack.

Chinese Hackers Using Previously Unknown Backdoor
2021-06-03 12:39

A previously unknown Windows backdoor enables remote access and the collection of considerable live data - but only during Chinese working hours. Researchers from Check Point Research report that opening the attachment starts a chain of in-memory loaders leading to the delivery of the previously unknown backdoor.

Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices
2021-05-29 01:17

Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat clusters UNC2630 and UNC2717, said the intrusions lines up with key Chinese government priorities, adding "Many compromised organizations operate in verticals and industries aligned with Beijing's strategic objectives outlined in China's recent 14th Five Year Plan.".

Chinese cyberspies are targeting US, EU orgs with new malware
2021-05-28 16:12

Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances. In the previous report, FireEye mentioned 12 malware families found on and specifically designed to infect Pulse Secure VPN appliances.

Chinese Hackers Started Covering Tracks Days Before Public Exposure of Operations
2021-05-28 14:09

One of the Chinese threat actors targeting Pulse Secure VPN appliances via a recently disclosed vulnerability has been attempting to cover its tracks by removing its webshells from victim networks, FireEye reports. Tracked as CVE-2021-22893, the vulnerability was made public in late April, after security researchers discovered that threat actors had already been exploiting it in attacks targeting organizations in the defense, financial, government, high tech, and transportation sectors in the U.S. and Europe.

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps
2021-05-19 05:34

In July 2018, when Guizhou-Cloud Big Data agreed to a deal with state-owned telco China Telecom to move iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Apple, in 2018, announced iCloud data of users in mainland China would move to a new data center in Guizhou province as part of a partnership with GCBD. The transition was necessitated to abide by a 2017 regulation that required all "Personal information and important data" collected on Chinese users "Be stored in the territory."

New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer
2021-05-03 09:14

A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces. Rubin Design Bureau is a submarine design center located in Saint Petersburg, accounting for the design of over 85% of submarines in the Soviet and Russian Navy since its origins in 1901, including several generations of strategic missile cruiser submarines.

Unknown Chinese APT Targets Russian Defense Sector
2021-04-30 17:43

Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector and bearing the hallmarks of originating in China if not being Chinese state sponsored. One sample was found dropping previously unknown malware, that the Cybereason researchers have now called PortDoor.

Suspected Chinese state hackers target Russian submarine designer
2021-04-30 14:09

Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. Threat researchers at Cybereason Nocturnus found that the attacker lured the recipient to open the malicious document with a general description for an autonomous underwater vehicle.

Chinese Hackers Attacking Military Organizations With New Backdoor
2021-04-29 08:29

Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions.