Tag: CHINA

Unveiled the Threat Actors
This article explores various threat actors known for their significant cyber attacks, detailing their origins, techniques, and famous hacks. It categorizes these actors by their affiliations, such as state-sponsored and financially motivated groups, providing insight into their behaviors and methodologies. Affected: Government networks, financial institutions, healthcare, energy sector, retail, hospitality, media, technology, and more.…
Read More
China Chopper & INMemory: Weaver Ant’s Arsenal of Advanced Web Shells
Summary: Sygnia reported on a sophisticated cyberattack by a China-nexus threat actor named Weaver Ant targeting a major telecommunications company in Asia. The group utilized complex methods, including web shell tunneling and advanced evasion techniques, to maintain persistent access for espionage purposes. Their persistent approach integrated multiple web shell types and various stealth techniques, demonstrating high adaptability and evasion from detection mechanisms.…
Read More
Chinese hackers spent four years inside Asian telco’s networks
Summary: A major Asian telecommunications company suffered a four-year-long breach by Chinese government-affiliated hackers known as “Weaver Ant.” The attackers compromised home routers from Zyxel to infiltrate the telco, utilizing various advanced tools and backdoors to maintain persistent access and extract sensitive information. Sygnia, the incident response firm, highlights the sophistication and stealthiness of the threat actors in their campaign targeting critical infrastructure.…
Read More
The Crazy Hunter ransomware attack exploited Active Directory misconfigurations and utilized Bring-Your-Own-Vulnerable-Driver (BYOVD) techniques to escalate privileges and distribute ransomware through Group Policy Objects. Despite claims of data exfiltration, forensic investigations found no supporting evidence. This attack resulted in significant operational disruptions and highlighted the importance of proactive threat intelligence in cybersecurity.…
Read More
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
Summary: Recent cyber threats highlight vulnerabilities in open-source tools, escalating ad fraud through mobile apps, and advanced ransomware tactics targeting critical defenses. Notably, attacks have leveraged AI, and a supply chain breach at Coinbase exemplifies these risks. A rise in stolen credentials further underscores the urgent need for improved cybersecurity measures.…
Read More
Operation FishMedley
The US Department of Justice has indicted employees of the Chinese contractor I‑SOON for conducting espionage campaigns, particularly targeting governments, NGOs, and think tanks through the FishMonger APT group. The campaign, termed Operation FishMedley, involved complex techniques and tools typically used by China-aligned threat actors, leading to the compromise of several organizations across various continents.…
Read More
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
Summary: The China-linked APT group Aquatic Panda has been implicated in a global espionage campaign targeting various organizations across multiple countries in 2022. This operation, codenamed “Operation FishMedley,” involved sophisticated malware tools and is attributed to a collective recognized for reusing well-known hacking mechanisms. The campaign underscores ongoing cybersecurity threats posed by state-sponsored actors using advanced techniques for espionage.…
Read More

Victim: mohrss.gov.cn ( Ministry of Human Resources and Social Security ) Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/510429e17162390c459b585ebf19fb755af45bb3ee0655376d0e6ec48fb7927d/ Discovered: 2025-03-20 23:53:53.224611 Published: 2025-03-20 23:52:47.777769 Description : The Ministry of Human Resources and Social Security in China, represented by the domain mohrss.gov.cn, has fallen victim to a ransomware attack perpetrated by the cybercriminal group known as Babuk2.…
Read More
Taiwan critical infrastructure targeted by hackers with possible ties to Volt Typhoon
Summary: Hackers linked to China-based groups, especially UAT-5918, are targeting critical infrastructure in Taiwan to gain long-term access and steal sensitive information. This malicious activity aligns with tactics used by other state-backed groups, such as Volt Typhoon and Flax Typhoon, which have been known to exploit vulnerabilities in internet-facing systems.…
Read More

Victim: Intelligence Bureau of the Joint Staff Department of the Central Military Commission… Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/39b1b6646b2110e79ac532e169720824c3d842d02ce0c61e95658835ac24d084/ Discovered: 2025-03-19 18:28:07.133447 Published: 2025-03-19 18:27:01.692335 Description :Intelligence Bureau is a key component of the Joint Staff Department. Part of the Central Military Commission of China, which oversees the armed forces.…
Read More
China Names Four Hackers of Taiwan’s Cyber Army Targeting Beijing Critical Infrastructure
Summary: China has accused four Taiwanese individuals of being part of a military cyber force responsible for cyberattacks on Chinese infrastructure, escalating tensions between the two nations. Taiwan’s Ministry of National Defense rejected these allegations, asserting that their cyber units focus solely on defense, while detailing Beijing’s invasive cyber tactics.…
Read More
Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers
Summary: A significant vulnerability affecting Microsoft Windows shortcuts, exploited by numerous state-sponsored and criminal groups since 2017, has come under scrutiny. Despite identification by researchers at the Zero Day Initiative, Microsoft has classified the vulnerability as low severity and is not prioritizing a patch. The exploitation primarily targets espionage and data theft, impacting various organizations globally, particularly in the U.S.…
Read More
New Windows zero-day exploited by 11 state hacking groups since 2017
Summary: Multiple state-sponsored hacking groups have been exploiting a Windows vulnerability known as ZDI-CAN-25373 for cyber espionage and data theft since 2017. Despite the identification of nearly a thousand exploit samples, Microsoft has deemed the issue as not warranting immediate security updates. Researchers indicate the vulnerability allows attackers to execute arbitrary code on affected systems while remaining hidden from users.…
Read More
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
Summary: An unpatched security vulnerability in Microsoft Windows allows 11 state-sponsored groups to execute hidden malicious commands through crafted .LNK files, leading to significant risks of data theft and cyber espionage. Discovered by Trend Micro’s Zero Day Initiative (ZDI), the flaw has been utilized since 2017, targeting various organizations globally.…
Read More
China identifies Taiwanese hackers allegedly behind cyberattacks and espionage
Summary: China’s Ministry of State Security has accused four individuals linked to Taiwan’s military of cyberattacks and espionage against Chinese infrastructure. The allegations, which Taiwan denies, highlight the increasing cyber tensions between the two entities amid an ongoing complex relationship. Reports from Chinese cybersecurity firms suggest coordinated efforts with the government to address alleged threats from Taiwan.…
Read More
Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
Summary: The BADBOX 2.0 scheme involves at least four distinct threat actors operating a large-scale ad fraud and residential proxy operation, utilizing compromised consumer devices to create a massive botnet. This sophisticated fraud ring targets inexpensive Android devices worldwide, causing significant financial damage through various forms of cybercrime.…
Read More