Security News

China Suspected of News Corp Cyberespionage Attack
2022-02-08 14:14

The Chinese hackers responsible for an attack on media giant News Corp last month likely were seeking intelligence to serve China's interests in a cyberespionage incident that shows the persistent vulnerability of corporate networks to email-based attacks, security professionals said. In an email to staff, News Corp cited a "Foreign government" as responsible for the "Persistent nation-state attack" and confirmed that "Some data" was stolen, according to published reports.

Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks
2022-02-01 02:28

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten, while also calling out the backdoor's evasive PowerShell execution.

Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers
2022-02-01 01:11

Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021. Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon, a cyber-espionage collective known to be active since at least 2013.

Cyber espionage campaign targets renewable energy companies
2022-01-17 16:38

A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide. The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT techniques like DNS scans and public sandbox submissions.

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran
2022-01-13 17:35

U.S. Cyber Command has confirmed that MuddyWater - an advanced persistent threat cyberespionage actor aka Mercury, Static Kitten, TEMP.Zagros or Seedworm that's historically targeted government victims in the Middle East - is an Iranian intelligence outfit. On Wednesday, USCYBERCOM not only confirmed the tie; it also disclosed the plethora of open-source tools and strategies MuddyWater uses to break into target systems and released malware samples.

Tropic Trooper Cyber Espionage Hackers Targeting Transportation Sector
2021-12-21 20:19

Transportation industry and government agencies related to the sector are the victims of an ongoing campaign since July 2020 by a sophisticated and well-equipped cyberespionage group in what appears to be yet another uptick in malicious activities that are "Just the tip of the iceberg." "The group tried to access some internal documents and personal information on the compromised hosts," Trend Micro researchers Nick Dai, Ted Lee, and Vickie Su said in a report published last week.

New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks
2021-08-06 03:24

A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan on infected systems, according to new research. The group is a "China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages," according to FireEye.

China-Linked Cyberespionage Operation Suggests Interest in SCADA Systems
2021-08-05 13:24

A cyberespionage group that appears to be based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and the attackers may be interested in industrial control systems. Symantec, a division of Broadcom, reported on Thursday that its threat hunter group had seen attacks launched by a threat actor against four critical infrastructure organizations in an unnamed Southeast Asian country.

Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign
2021-07-08 20:29

"In the event of a successful breach, the attacker could use the compromised email account of the recipient to send spear-phishing emails to companies that work with the supplier, thus using the established reputation of the supplier to go after more targeted entities." To kick off the attack, the adversaries send emails tailored to employees at each company being targeted, researchers said.

Dropbox Used to Mask Malware Movement in Cyberespionage Campaign
2021-07-01 10:00

Chinese-speaking cyberespionage actors have targeted the Afghan government, using Dropbox for command-and-control communications and going so far as to impersonate the Office of the President to infiltrate the Afghan National Security Council, researchers have found. At the time, Kaspersky said that the IndigoZebra campaign was targeting former Soviet Republics with "a wide swath of malware including Meterpreter, Poison Ivy, xDown, and a previously unknown malware called 'xCaon'." According to Kaspersky's 2017 report, the campaign shared ties with other well-known Chinese-speaking actors, though no definitive attribution was made at the time.