Security News

Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates
2023-08-22 10:12

A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called EsafeNet Cobra DocGuard Client to deliver a known backdoor called PlugX on victim networks.

Carderbee hacking group hits Hong Kong orgs in supply chain attack
2023-08-22 10:00

A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware. Symantec reports that the legitimate software used in the supply chain attack is Cobra DocGuard, created by Chinese developer' EsafeNet,' and used in security applications for data encryption/decryption.

Apple accused of censoring apps in Hong Kong and Russia to maintain market access
2022-12-22 07:01

The reports, "Apps at Risk: Apple's Censorship and Compromises in Hong Kong" and "United Apple: Apple's Censorship and Compromises in Russia," were released by the Apple Censorship Project, which is run by free speech advocacy group GreatFire. "Apple's temporary withdrawal from Russia following the start of the war in Ukraine, and Apple's decision to move part of its production out of China, have not provided tangible evidence of any improvement of the situation in the App Store so far. For all we know, Apple is still willing to collaborate with repressive regimes."

Chinese 'Spyder Loader' Malware Spotted Targeting Organizations in Hong Kong
2022-10-18 10:11

The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees. Active since at least 2007, Winnti is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly aimed at stealing intellectual property from organizations in developed economies.

Hackers compromised Hong Kong govt agency network for a year
2022-10-18 10:00

Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 that breached government agencies in Hong Kong and remained undetected for a year in some cases. Symantec's report notes that there are signs that the newly discovered Hong Kong activity is part of the same operation, and Winnti's targets are government agencies in the special administrative region.

YouTube terminates account for Hong Kong's presumed next head of government
2022-04-21 13:31

YouTube has blocked the campaign account of Hong Kong's only candidate for the Special Administrative Region's head of government, John Lee Ka-chiu, citing US sanctions. Lee, often referred to as "Pikachu" by the Hong Kong anti-establishment faction as it sounds similar to "Lee Ka-chiu," stepped down from his position as Secretary for Security in Hong Kong to run for the chief executive spot.

Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant
2021-11-14 20:47

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group researcher Erye Hernandez said in a report.

Mac Zero Day Targets Apple Devices in Hong Kong
2021-11-12 18:05

Since at least late August, attackers have been using flaws in macOS and iOS - including in-the-wild use of what was then a zero-day flaw - to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites. In other words, the threat actors threaded malware into the legitimate websites of "a media outlet and a prominent pro-democracy labor and political group" in Hong Kong, according to TAG. The victims' devices were inflicted with what was then a zero day, plus another exploit that used a previously patched vulnerability for macOS that was used to install a backdoor on their computers, according to TAG's report.

MacOS Zero-Day Used against Hong-Kong Activists
2021-11-12 15:07

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. Google's researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers.

Hong Kong working to share its digital IDs with mainland China
2021-07-14 08:03

Hong Kong's Office of the Government Chief Information Officer has revealed that the territory is investigating the use of its digital ID in mainland China. In a Q&A, Secretary for Innovation and Technology, Mr Alfred Sit, said "The OGCIO is exploring with relevant authorities in the Mainland and Macao the collaboration opportunities between their identity authentication systems and iAM Smart."