Security News

South Korean video gaming company Gravity is the latest victim of the China-linked threat actor tracked as the Winnti Group, security researchers say. This week, QuoIntelligence published a report claiming that the Winnti hackers have targeted South Korean video gaming company Gravity, which is best known for the massive multiplayer online role-playing game Ragnarok Online.

Linux malware is real and Advanced Persistent Threat groups have been infiltrating critical servers with these tools for at least eight years, according to a new report from BlackBerry. The RATs report describes how five APT groups are working with the Chinese government and the remote access trojans the cybercriminals are using to get and maintain access to Linux servers.

A threat actor linked to South Korea has launched attacks against Chinese government agencies using a zero-day vulnerability affecting a local VPN service, Chinese cybersecurity firm Qihoo 360 reported on Monday. Qihoo 360 does not directly accuse South Korea of being behind the attacks, but says the threat actor is located in the Korean Peninsula and notes that its victims include North Korea.

Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of the widespread espionage campaign. Starting on Jan. 20, researchers observed the threat group attempting to exploit the notorious flaw in Citrix Application Delivery Controller and Citrix Gateway devices revealed as a zero-day then patched earlier this year.

The official - whom Peng eventually figured out was working for the MSS - asked Peng to use his citizenship in the US to assist the official with "Matters of interest" to the PRC. After that, Peng admitted, he got paid at least $30,000 for running data over to China over the course of about 3.5 years. In Beijing, Peng meets with agents of the Ministry of State Security, including the People's Republic of China official with whom Peng had been communicating, and delivers the SD card to MSS. A PRC official uses coded language to tell Peng that another dead drop will occur on April 23, 2016.

The Chinese company claims it's aware of attacks launched by the CIA between September 2008 and June 2019. "In the CIA's attack against Chinese aviation organizations and scientific research institutions, we found that attackers mainly targeted system developers in these sectors to carry out the campaigns," Qihoo said in an English-language blog post.

Two Chinese nationals have been indicted by the U.S. Justice Department for allegedly laundering $100 million in cryptocurrency stolen from exchanges by North Korean hackers in 2018, according to a federal indictment unsealed Monday. The North Korean-linked group also apparently has been involved in numerous banking thefts, including the 2016 Bangladesh Bank heist, and it has recently begun targeting cryptocurrency exchanges to help illegally fund the government, U.S. authorities say.

Threat actors linked to China increasingly targeted the telecommunications sector in 2019, according to endpoint security firm CrowdStrike. In the case of the telecom sector, many of the attacks were attributed to China-linked hacker groups, including the ones tracked as Wicked Panda, Emissary Panda, and Lotus Panda.

The U.S. Department of Justice announced on Monday that two Chinese nationals have been charged with laundering over $100 million worth of cryptocurrency stolen by North Korean hackers from a cryptocurrency exchange. According to authorities, Yinyin and Jiadong laundered over $100 million worth of cryptocurrency, mostly obtained as a result of a cyberattack launched in April 2018 by North Korean hackers.

Two Chinese nationals have been charged by the US Department of Justice and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards. According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated by Lazarus Group, a cybercrime group with ties with the North Korean government.