Security News

Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions.

A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday. The group has been known to focus on government and military organizations.

A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. Naikon is likely a state-sponsored threat actor tied to China, mostly known for focusing its efforts on high-profile orgs, including government entities and military orgs.

Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities. Tokyo's Metropolitan Police yesterday said they've filed a case against a Chinese national who they said works for a state-owned telco and, while living in Japan, rented servers to attack the Japan Aerospace Exploration Agency in 2016.

Tokyo police are investigating cyberattacks on about 200 Japanese companies and research organizations, including the country's space agency, by a hacking group believed to be linked to the Chinese military, the government said Tuesday. A suspect in the JAXA case, a Chinese systems engineer based in Japan, allegedly gained access to a rental server by registering himself under a false identity to launch the cyberattacks, Kato said, citing the police investigation.

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed "FoundCore."

China-linked cyber-espionage group Cycldek is showing increasing sophistication in a series of recent attacks targeting government and military entities in Vietnam, according to a report from anti-malware vendor Kaspersky. The more recent attacks, Kaspersky says, show further increase in sophistication.

A CAD drawing of a radar antenna stolen and leaked online by criminals is of a military radar system produced by defense contractor Leonardo and fitted to a number of US and UAE aircraft, The Register has learned. The Register can reveal Clop got its hands on at least one drawing of a Leonardo Seaspray 7500E radar antenna, and divulged on its Tor-hidden website a rendering of the hardware in some detail - without its external covers usually seen in promotional material.

The malware strains named Hornbill and SunBird have been delivered as fake Android apps by the Confucius advanced persistent threat group, a pro-India state-sponsored operation known to spy on Pakistani and South Asian targets, since at least 2013. A report from California-based cybersecurity firm Lookout has revealed counterfeit Android apps laden with malware that was used by pro-India actors to spy on Pakistan's military and nuclear authorities, in addition to Kashmir's election officials.

Researchers have uncovered two novel Android surveillanceware families being used by an advanced persistent threat group to target military, nuclear and election entities in Pakistan and Kashmir. The two malware families, which researchers call "Hornbill" and "SunBird," have sophisticated capabilities to exfiltrate SMS messages, encrypted messaging app content and geolocation, as well as other types of sensitive information.