Security News

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers. "The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions," the team wrote in a report published on Monday.

ESET researchers discovered CloudMensis, a macOS backdoor that spies on users of compromised Macs and uses public cloud storage services to communicate back and forth with its operators. Outline of how CloudMensis uses cloud storage services.

A cyber-spy group is targeting Microsoft Exchange deployments to steal data related to mergers and acquisitions and large corporate transactions, according to Mandiant. The infosec giant's researchers have dubbed the cyber-espionage threat group UNC3524.

The Threat Hunter Team team is attributing the attacks to Cicada, also known as APT10 - a group that has been operating for more than a decade and that intelligence agencies in the US have linked to China's Ministry of State Security. The researchers are pointing at Cicada because a custom loader and custom malware that have been used exclusively by the group were found in victims' networks.

A prolific Middle East team with links to Hamas is said to be using malware and infrastructure to target high-ranking Israeli officials and steal sensitive data from Windows and Android devices. The advanced persistent threat group - known by some as APT-C-23, Arid Viper, Desert Falcon, and FrozenCell, among other names - set up an elaborate cyberespionage campaign, spending months rolling out fake Facebook accounts to target specific potential Israeli victims, according to Cybereason's Nocturnus threat intelligence team.

"In most of the web application compromises, APT41 conducted.NET deserialization attacks; however, we have also observed APT41 exploiting SQL injection and directory traversal vulnerabilities," they said. APT41 "Heavily" used the Windows version of the KEYPLUG backdoor at state government victims between June 2021 and December 2021, researchers said.

State-sponsored attackers from China conducted a two-month campaign against Taiwanese financial services firms, according to CyCraft, a security consultancy from the island nation. CyCraft's analysis of the incident alleges that the attack run started in November 2021, when the malicious actors - named as Chinese gang APT10 - used supply chain attacks to target software used by Taiwanese financial institutions.

Online work accounts of News Corporation journalists were broken into by snoops with ties to China, it was claimed today. The cyber-attack "Included the targeting of emails and documents of some employees, including journalists," wrote defense editor Larisa Brown.

China's Ministry of State Security released details this week of three alleged security breaches that saw sensitive data illegally transferred abroad. State-sponsored Xinhua News Agency described the breaches as "Endangering the security of important data" and said by disclosing them, the Ministry sought to build awareness of non-traditional security and, by doing so, better maintain national security. The announcement, which deliberately coincides with the seventh anniversary of the country's anti-espionage law, described airline data stolen by an overseas intelligence agency, shipping data collected by a consulting firm that provided it to a foreign spy agency, and the construction of weather devices to transfer sensitive meteorological data abroad. It is unclear whether one or more foreign intelligence agencies conducted the alleged attacks, or if the actions were linked.

Mordechai Guri from the abovementioned Ben Gurion University of the Negev in Israel has recently published a new 'data exfiltration' paper detailing an unexpectedly effective way of sneaking very small amounts of data out of a cabled network without using any obvious sort of interconnection. How to split a network into two parts, running at different security levels, that can nevertheless co-operate and even exchange data when needed, but only in strictly controlled and well-monitored ways.