Security News

The Russia-linked threat group known as APT28 has been observed using a new backdoor in a series of attacks targeting military and government institutions, researchers with threat intelligence company Cluster25 reveal. For initial access, the threat actor is known to use tactics such as watering hole attacks, social engineering, zero-day vulnerabilities, and stolen credentials, followed by the deployment of tools and malware that allow it to achieve persistence and gain access to information of interest.

Fans of John le Carré's Tinker Tailor Soldier Spy know how top military secrets are extracted from the enemy. If head KGB spy Karla wanted to learn intricate details of the British military today, he'd just have to check WhatsApp.

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions.

A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday. The group has been known to focus on government and military organizations.

A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. Naikon is likely a state-sponsored threat actor tied to China, mostly known for focusing its efforts on high-profile orgs, including government entities and military orgs.

Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities. Tokyo's Metropolitan Police yesterday said they've filed a case against a Chinese national who they said works for a state-owned telco and, while living in Japan, rented servers to attack the Japan Aerospace Exploration Agency in 2016.

Tokyo police are investigating cyberattacks on about 200 Japanese companies and research organizations, including the country's space agency, by a hacking group believed to be linked to the Chinese military, the government said Tuesday. A suspect in the JAXA case, a Chinese systems engineer based in Japan, allegedly gained access to a rental server by registering himself under a false identity to launch the cyberattacks, Kato said, citing the police investigation.

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed "FoundCore."

China-linked cyber-espionage group Cycldek is showing increasing sophistication in a series of recent attacks targeting government and military entities in Vietnam, according to a report from anti-malware vendor Kaspersky. The more recent attacks, Kaspersky says, show further increase in sophistication.