Security News

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat known as Cycldek, according to Kaspersky researchers, who added that the group has been active since at least 2013.

Facebook has taken on a group of hackers in China that target the Uyghur ethnic group with cyberespionage activity. The hacking group, known as Earth Empusa or Evil Eye, was targeting activists, dissidents and journalists involved in the Uyghur community, primarily those living abroad in Australia, Canada, Kazakhstan, Syria, Turkey and the United States, among other countries, by using fake Facebook accounts for fictitious people sympathetic to the Uyghur community.

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The dropper, dubbed Clast82, was disguised in benign apps, which don't fetch a malicious payload until they have been vetted and cleared by Google Play Protect.

Dubbed "Earth Vetala" by Trend Micro, the latest finding expands on previous research published by Anomali last month, which found evidence of malicious activity aimed at UAE and Kuwait government agencies by exploiting ScreenConnect remote management tool. The cybersecurity firm linked the ongoing attacks with moderate confidence to a threat actor widely tracked as MuddyWater, an Iranian hacker group known for its offensives primarily against Middle Eastern nations.

Microsoft has spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. An exploit allows remote attackers with administrator permissions to run code as SYSTEM on the Exchange server.

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said in an analysis.

A vulnerability in an SDK that allows users to make video calls in apps like eHarmony, Plenty of Fish, MeetMe and Skout allows threat actors to spy on private calls without the user knowing. Healthcare apps such as Talkspace, Practo and Dr. First's Backline, among various others, also use the SDK for their call technology.

The malware strains named Hornbill and SunBird have been delivered as fake Android apps by the Confucius advanced persistent threat group, a pro-India state-sponsored operation known to spy on Pakistani and South Asian targets, since at least 2013. A report from California-based cybersecurity firm Lookout has revealed counterfeit Android apps laden with malware that was used by pro-India actors to spy on Pakistan's military and nuclear authorities, in addition to Kashmir's election officials.

Following up on a disputed 2018 claim in its BusinessWeek publication that tiny spy chips were found on Supermicro server motherboards in 2015, Bloomberg on Friday doubled down by asserting that Supermicro's products were targeted by Chinese operatives for over a decade, that US intelligence officials have been aware of this, and that authorities kept this information quiet while crafting defenses in order to study the attack. The article - a follow-on to BusinessWeek's 2018 spy chip bombshell - cites three specific incidents: the 2010 discovery by the Defense Department that thousands of its computers were sending military network data to China due to code hidden in chips that handle the server startup process; Intel's discovery in 2014 that a Chinese hacking group penetrated its network via a server that fetched malware from an unidentified supplier's update site; and a 2015 warning issued by the FBI to multiple companies that Chinese agents had hidden an extra chip with backdoored code on one manufacturer's servers.

UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten, Anomali said the "Objective of this activity is to install a remote management tool called ScreenConnect with unique launch parameters that have custom properties," with malware samples and URLs masquerading as the Ministry of Foreign Affairs of Kuwait and the UAE National Council.