Security News

Chinese hackers use ransomware as decoy for cyber espionage
2022-06-23 13:00

Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities. Threat analysts from Secureworks say that the use of ransomware in espionage operations is done to obscure their tracks, make attribution harder, and create a powerful distraction for defenders.

Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks
2022-06-14 03:16

A Chinese advanced persistent threat known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "Difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol for command-and-control communications, according to new research published by Palo Alto Networks Unit 42 today.

Chinese LuoYu hackers deploy cyber-espionage malware via app updates
2022-06-02 16:36

A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. LuoYu has switched to abusing the automatic update mechanism of their victims' apps after previously pushing malware in easier to pull-off watering-hole attacks where they would use compromised local news sites as infection vectors.

Cyberespionage: New Mustang Panda campaign targets Europe
2022-05-06 13:41

Cisco Talos Intelligence Group reported a new attack campaign from the infamous cyberespionage threat actor Mustang Panda, also known as Bronze President, RedDelta, HoneyMyte, TA416 or Red Lich with a particular focus on Europe. The downloader now downloads the decoy document from one URL and uses another URL to download the benign executable file, the DLL file and the final PlugX payload. More malware infections.

UNC3524: The nearly invisible cyberespionage threat sitting on network appliances
2022-05-05 13:53

A new report from Mandiant reveals details about an ongoing cyberespionage operation run by a threat actor dubbed UNC3524, monitored by Mandiant since December 2019. While such targeting may suggest financial motivations, Mandiant believes it's instead motivated by espionage, because the threat actor maintains its access and remains undetected for an order of magnitude longer than the average dwell time of 21 days.

Cyberespionage APT Now Identified as Three Separate Actors
2022-04-29 11:51

A threat group responsible for sophisticated cyberespionage attacks against U.S. utilities is actually comprised of three subgroups, all with their own toolsets and targets, that have been operating globally since 2018, researchers have found. The group is known not only for targeting U.S. organizations in the utilities sector, but also diplomatic organizations in the Middle East and Africa, according to a report published this week by researchers at security firm ESET. Though it's apparently been active since 2018, TA410 first came up on researchers' radar in 2019, when Proofpoint uncovered a phishing campaign targeting three U.S. companies in the utilities sector that used a novel malware then dubbed LookBack.

China turns cyber-espionage eyes to Russia as Ukraine invasion grinds on
2022-04-27 14:00

China appears to be entering a raging cyber-espionage battle that's grown in line with Russia's unprovoked attack on Ukraine, deploying advanced malware on the computer systems of Russian officials. China has tried to play a neutral role since Russia began its invasion of Ukraine on February 24, with government officials saying they want to see a peaceful resolution.

New cyberespionage campaign targeting ISPs, research entities
2022-03-24 09:41

ESET Research discovered a still-ongoing cyberespionage campaign using a previously undocumented Korplug variant by the Mustang Panda APT group. The current campaign exploits the war in Ukraine and other European news topics.

Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage
2022-02-17 19:19

The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S. Earlier this month, the hacker collective was observed incorporating a previously undocumented remote access trojan called "StrifeWater" that masquerades as the Windows Calculator app to evade detection.

MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign
2022-02-09 14:03

Known Palestinian threat actor MoleRats is likely behind a recent malicious email campaign targeting Middle Eastern governments, foreign-policy think tanks and a state-affiliated airline with a new intelligence-gathering trojan dubbed NimbleMamba, researchers said. Researchers from Proofpoint said they have observed a spear-phishing campaign using multiple vectors since November that they believe is the work of TA402, more commonly known as MoleRats and linked to the Palestinian Territories, according to a report posted online Tuesday.