Security News

The U.S. Department of Homeland Security and Federal Bureau of Investigation have exposed what they say are hacking tools used by the North Korean-sponsored APT group Hidden Cobra. The tools included in the documentation allow Hidden Cobra to perform nefarious tasks such as remotely take over systems and steal information as well as install spyware on targeted systems to perform espionage activities.

After five years under the radar, the Naikon APT group has been unmasked in a long-term espionage campaign against several governments in the Asia-Pacific region. The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around the South China Sea.

An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei-which went undetected for at least five years and is still an ongoing threat. The group, named 'Naikon APT,' once known as one of the most active APTs in Asia until 2015, carried out a string of cyberattacks in the Asia-Pacific region in search of geopolitical intelligence.

An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei-which went undetected for at least five years and is still an ongoing threat. The group, named 'Naikon APT,' once known as one of the most active APTs in Asia until 2015, carried out a string of cyberattacks in the Asia-Pacific region in search of geopolitical intelligence.

A Vietnam-linked threat actor tracked as APT32 is believed to have carried out intrusion campaigns against Chinese entities in an effort to collect intelligence on the COVID-19 crisis, FireEye reports. A state-sponsored hacking group also known as OceanLotus and APT-C-00, APT32 is believed to be well-resourced and determined, and was previously observed targeting corporate and government organizations in Southeast Asia.

Cell phones, wearables, health performance monitors and IoT infrastructure devices all offer new and unmonitored threat surfaces to launch attacks in order to gain access to company networks and secrets. From unmanageable device attacks and IoT devices being more vulnerable than corporate-managed computers to IoT security breaches, RF espionage is a growing concern for enterprises, but the concern still lags behind the threat.

Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of the widespread espionage campaign. Starting on Jan. 20, researchers observed the threat group attempting to exploit the notorious flaw in Citrix Application Delivery Controller and Citrix Gateway devices revealed as a zero-day then patched earlier this year.

The attack appeared to be aimed at achieving a foothold at the agency rather than being an end unto itself: "The targeting infrastructure seems to focus on certain types of healthcare and humanitarian organizations that are uncommon for cybercriminals," Costin Raiu, researcher at Kaspersky, told Threatpost. As for the "Why" of the attack, which was thwarted, Raiu said that information about remediation for coronavirus - such as cures, tests or vaccines - would be invaluable to any nation-state's intelligence officials.

In response to White House warnings that 5G infrastructure equipment built by Huawei could be subverted by China to conduct espionage, Andy Purdy of Huawei Technologies USA says his company has pledged full transparency and urges competitors to follow suit. Security concerns that come with 5G and national rollouts;.

Referred to as BRONZE PRESIDENT, the group may have been active since at least 2014, also targeting political and law enforcement organizations and using both proprietary and publicly available tools to monitor the activity of targeted organizations, discredit their work, or steal their intellectual property. BRONZE PRESIDENT targets NGOs that conduct research on issues relevant to China, the group's infrastructure is linked to entities in China, a subset of the group's operational infrastructure is linked to China-based Internet service providers, and the hackers leverage tools such as PlugX, which have historically been used by Chinese threat groups.