Security News

ESPecter Bootkit Malware Haunts Victims with Persistent Espionage
2021-10-06 18:11

A rare Windows UEFI bootkit malware has been discovered, offering attackers a path to cyber-espionage, researchers are warning. It's an ideal place to plant malware to ensure its persistence, since UEFI loads no matter what changes or restarts the OS goes through.

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups
2021-08-22 02:34

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, adding "Some threat groups stopped developing their own backdoors after they gained access to ShadowPad.".

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups
2021-08-22 02:34

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, adding "Some threat groups stopped developing their own backdoors after they gained access to ShadowPad.".

Tetris: Chinese Espionage Tool
2021-08-18 11:23

I’m starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents.

Chinese espionage group targets Israel while suggesting the source could be Iran
2021-08-11 07:32

Security vendor FireEye says it has spotted a Chinese espionage group that successfully compromised targets within Israel, and that trying to make its efforts look like the work of Iranian actors is part of the group's modus operandi. A FireEye blog post states the Chinese activity has been ongoing since 2019, when a group it names "UNC215" used the Microsoft SharePoint vulnerability CVE-2019-0604 "To install web shells and FOCUSFJORD payloads at targets in the Middle East and Central Asia".

New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks
2021-08-06 03:24

A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan on infected systems, according to new research. The group is a "China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages," according to FireEye.

Judge: Ex-CIA Worker Can Represent Himself in Espionage Case
2021-07-27 01:03

A former CIA software engineer can represent himself at his upcoming retrial on espionage charges, a judge said Monday. Schulte, 32, faces an October trial on charges that he leaked CIA secrets to WikiLeaks, which published materials in 2017 that revealed how the CIA hacked Apple and Android smartphones in overseas spying operations and efforts to turn internet-connected televisions into listening devices.

Trickbot Malware Rebounds with Virtual-Desktop Espionage Module
2021-07-14 16:18

The Trickbot trojan is in resurgence mode, with its operators filling out infrastructure globally and releasing an updated version of its "VncDll" module, used for monitoring and intelligence gathering, researchers said. Trickbot's VNC Module Set-Up. The latest version of the spy module makes use of virtual network computing: hence its name, vncDll.

Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign
2021-07-08 20:29

"In the event of a successful breach, the attacker could use the compromised email account of the recipient to send spear-phishing emails to companies that work with the supplier, thus using the established reputation of the supplier to go after more targeted entities." To kick off the attack, the adversaries send emails tailored to employees at each company being targeted, researchers said.

Cyber espionage by Chinese hackers in neighbouring nations is on the rise
2021-06-23 23:26

A string of cyber espionage campaigns dating all the way back to 2014 and likely focused on gathering defense information from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as "RedFoxtrot" to the People's Liberation Army Unit 69010 operating out of Ürümqi, the capital of the Xinjiang Uyghur Autonomous Region in the country.