Security News

A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. Watering Holes Attacks Targeting Uyghur Websites The malware campaign previously exploited as many as 14 vulnerabilities spanning from iOS 10 all the way through iOS 12 over a period of at least two years via a small collection of malicious websites that were used as a watering hole to hack into the devices.

A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. Watering Holes Attacks Targeting Uyghur Websites The malware campaign previously exploited as many as 14 vulnerabilities spanning from iOS 10 all the way through iOS 12 over a period of at least two years via a small collection of malicious websites that were used as a watering hole to hack into the devices.

Far from pausing operations during the COVID-19 pandemic, China's notorious Winnti hacking group has been busy launching new attacks on targets, researchers say. QuoIntelligence documents a second campaign targeting an unnamed German chemical company, another sector Winnti has taken a strong interest in after a string of attacks dating back to 2013.

South Korean video gaming company Gravity is the latest victim of the China-linked threat actor tracked as the Winnti Group, security researchers say. This week, QuoIntelligence published a report claiming that the Winnti hackers have targeted South Korean video gaming company Gravity, which is best known for the massive multiplayer online role-playing game Ragnarok Online.

Linux malware is real and Advanced Persistent Threat groups have been infiltrating critical servers with these tools for at least eight years, according to a new report from BlackBerry. The RATs report describes how five APT groups are working with the Chinese government and the remote access trojans the cybercriminals are using to get and maintain access to Linux servers.

A threat actor linked to South Korea has launched attacks against Chinese government agencies using a zero-day vulnerability affecting a local VPN service, Chinese cybersecurity firm Qihoo 360 reported on Monday. Qihoo 360 does not directly accuse South Korea of being behind the attacks, but says the threat actor is located in the Korean Peninsula and notes that its victims include North Korea.

Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of the widespread espionage campaign. Starting on Jan. 20, researchers observed the threat group attempting to exploit the notorious flaw in Citrix Application Delivery Controller and Citrix Gateway devices revealed as a zero-day then patched earlier this year.

The official - whom Peng eventually figured out was working for the MSS - asked Peng to use his citizenship in the US to assist the official with "Matters of interest" to the PRC. After that, Peng admitted, he got paid at least $30,000 for running data over to China over the course of about 3.5 years. In Beijing, Peng meets with agents of the Ministry of State Security, including the People's Republic of China official with whom Peng had been communicating, and delivers the SD card to MSS. A PRC official uses coded language to tell Peng that another dead drop will occur on April 23, 2016.

The Chinese company claims it's aware of attacks launched by the CIA between September 2008 and June 2019. "In the CIA's attack against Chinese aviation organizations and scientific research institutions, we found that attackers mainly targeted system developers in these sectors to carry out the campaigns," Qihoo said in an English-language blog post.

Two Chinese nationals have been indicted by the U.S. Justice Department for allegedly laundering $100 million in cryptocurrency stolen from exchanges by North Korean hackers in 2018, according to a federal indictment unsealed Monday. The North Korean-linked group also apparently has been involved in numerous banking thefts, including the 2016 Bangladesh Bank heist, and it has recently begun targeting cryptocurrency exchanges to help illegally fund the government, U.S. authorities say.