Security News

On June 30 it issued a new one [PDF] titled "US Business Risk: People's Republic of China Laws Expand Beijing's Oversight of Foreign and Domestic Companies." The first item discussed is China's recently revised Counter-Espionage Law, on grounds it "Expands the definition of espionage from covering state secrets and intelligence to any documents, data, materials, or items related to national security interests, without defining terms." In May, China Law Translate - a crowdsourced translation and analysis service for Chinese laws - in May rated the updated law "Probably less consequential than some imagine."

Charming Kitten, the nation-state actor affiliated with Iran's Islamic Revolutionary Guard Corps, has been attributed to a bespoke spear-phishing campaign that delivers an updated version of a fully-featured PowerShell backdoor called POWERSTAR. "There have been improved operational security measures placed in the malware to make it more difficult to analyze and collect intelligence," Volexity researchers Ankur Saini and Charlie Gardner said in a report published this week. Recent intrusions orchestrated by Charming Kitten have made use of other implants such as PowerLess and BellaCiao, suggesting that the group is utilizing an array of espionage tools at its disposal to realize its strategic objectives.

Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign. The threat actor is known to use malicious Android apps that masquerade as legitimate utilities in their target attacks.

The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "Asylum Ambuscade also does espionage against government entities in Europe and Central Asia.".

A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa. "Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information," cybersecurity company Check Point said in a technical report.

A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime. ESET has published a new report on the actor today, disclosing more details about last year's Asylum Ambuscade operations and highlighting updates on its victimology and toolset.

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center, which detailed the advanced persistent threat's continued abuse of DLL side-loading techniques to deploy malware.

The Computer Emergency Response Team of Ukraine has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. In the attack chain described by the agency, the emails targeted an unspecified ministry and purported to be from the Embassy of Tajikistan in Ukraine.

New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. Bad Magic was first documented by the company in March 2023, detailing the group's use of a backdoor called PowerMagic and a modular framework dubbed CommonMagic in attacks targeting Russian-occupied territories of Ukraine.

The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as Snake wielded by Russia's Federal Security Service. Snake, dubbed the "Most sophisticated cyber espionage tool," is the handiwork of a Russian state-sponsored group called Turla, which the U.S. government attributes to a unit within Center 16 of the FSB. The threat actor has a track record of heavily focusing on entities in Europe, the Commonwealth of Independent States, and countries affiliated with NATO, with recent activity expanding its footprint to incorporate Middle Eastern nations deemed a threat to countries supported by Russia in the region.