Security News

Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
2021-10-12 19:34

Researchers have discovered a zero-day exploit for Microsoft Windows that was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat espionage campaign this summer. As mentioned, the cybercriminals were using the exploit as part of a wider effort to install a remote shell on target servers, i.e., the MysterySnail malware, which was unknown prior to this campaign.

Nuclear engineer's espionage plans unraveled by undercover FBI agent
2021-10-11 12:00

A Navy nuclear engineer and his wife were arrested under espionage-related charges alleging violations of the Atomic Energy Act after selling restricted nuclear-powered warship design data to a person they believed was a foreign power agent. Jonathan and Diana Toebbe sold the confidential information to an undercover FBI agent.

ESPecter Bootkit Malware Haunts Victims with Persistent Espionage
2021-10-06 18:11

A rare Windows UEFI bootkit malware has been discovered, offering attackers a path to cyber-espionage, researchers are warning. It's an ideal place to plant malware to ensure its persistence, since UEFI loads no matter what changes or restarts the OS goes through.

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups
2021-08-22 02:34

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, adding "Some threat groups stopped developing their own backdoors after they gained access to ShadowPad.".

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups
2021-08-22 02:34

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, adding "Some threat groups stopped developing their own backdoors after they gained access to ShadowPad.".

Tetris: Chinese Espionage Tool
2021-08-18 11:23

I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents.

Chinese espionage group targets Israel while suggesting the source could be Iran
2021-08-11 07:32

Security vendor FireEye says it has spotted a Chinese espionage group that successfully compromised targets within Israel, and that trying to make its efforts look like the work of Iranian actors is part of the group's modus operandi. A FireEye blog post states the Chinese activity has been ongoing since 2019, when a group it names "UNC215" used the Microsoft SharePoint vulnerability CVE-2019-0604 "To install web shells and FOCUSFJORD payloads at targets in the Middle East and Central Asia".

New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks
2021-08-06 03:24

A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan on infected systems, according to new research. The group is a "China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages," according to FireEye.

Judge: Ex-CIA Worker Can Represent Himself in Espionage Case
2021-07-27 01:03

A former CIA software engineer can represent himself at his upcoming retrial on espionage charges, a judge said Monday. Schulte, 32, faces an October trial on charges that he leaked CIA secrets to WikiLeaks, which published materials in 2017 that revealed how the CIA hacked Apple and Android smartphones in overseas spying operations and efforts to turn internet-connected televisions into listening devices.

Trickbot Malware Rebounds with Virtual-Desktop Espionage Module
2021-07-14 16:18

The Trickbot trojan is in resurgence mode, with its operators filling out infrastructure globally and releasing an updated version of its "VncDll" module, used for monitoring and intelligence gathering, researchers said. Trickbot's VNC Module Set-Up. The latest version of the spy module makes use of virtual network computing: hence its name, vncDll.