Tag: CHINA

Threat Context Monthly: Executive Intelligence Briefing for February 2025 – Black Basta, & M_A_G_A
This article highlights the recent activities of the Black Basta ransomware group, focusing on their internal operations and significant data leaks. Furthermore, it discusses another threat actor, M_A_G_A, who is engaged in distributing malware. The insights provided shed light on the evolving tactics and techniques employed by these cybercriminals.…
Read More
In Other News: Krispy Kreme Breach Cost, Pwn2Own Berlin, Disney Hack Story
Summary: This week’s cybersecurity news roundup highlights key developments in the field, including Google’s post-quantum computing strategy and a novel analysis method for hacktivist attacks. It also covers significant incidents like a ransomware attack on Krispy Kreme and the financial impact on Southern Water. The roundup encapsulates essential updates, research findings, and industry events worth noting in the cybersecurity landscape.…
Read More
Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme
Summary: Microsoft has unveiled four individuals involved in a cybercrime network, known as Storm-2139, that exploited unauthorized access to Azure’s generative AI services for harmful activities, including creating illicit content. The campaign, referred to as LLMjacking, encompasses a broader network of individuals engaged in modifying and reselling access to these malicious AI tools.…
Read More
Vo1d Botnet Evolves as It Ensnares 1.6 Million Android TV Boxes
Summary: The Vo1d botnet has significantly expanded, currently infecting 1.3 million Android TV boxes globally, with continuous enhancements in its stealth and resilience. Cybercriminals utilize advanced encryption methods to improve communication security and maintain command and control capabilities. The malicious activities associated with this botnet include anonymous proxy services and ad fraud, posing risks for massive DDoS attacks and unauthorized content distribution.…
Read More
Microsoft Names Suspects in Lawsuit Against AI Hackers
Summary: Microsoft has revealed the identities of four individuals allegedly linked to a network named Storm-2139, involved in exploiting AI services for malicious purposes. The lawsuit targets those who develop and distribute tools that manipulate generative AI, primarily to create harmful content like deepfakes. Microsoft is also working with international law enforcement to combat this cybercrime operation.…
Read More
Summary: Kaspersky ICS CERT has identified a new malware campaign named “Operation SalmonSlalom” targeting industrial organizations in the Asia-Pacific region. The attackers utilize a sophisticated multi-stage payload delivery system that leverages legitimate Chinese cloud services to evade detection and compromise critical infrastructure. The campaign focuses on various industries, employing tactics such as phishing and DLL sideloading to execute the FatalRAT remote access trojan (RAT).…
Read More
Vo1d malware botnet grows to 1.6 million Android TVs worldwide
Summary: A new variant of the Vo1d malware botnet has infected over 1.5 million Android TV devices globally, using them as part of anonymous proxy networks. Researchers highlight its advanced capabilities, including sophisticated encryption and resilient infrastructure, allowing it to thrive even after exposure. The botnet operates as a multi-purpose tool for cybercrime, engaging in activities such as ad fraud and illegal traffic relays.…
Read More
Privacy tech firms warn France’s encryption and VPN laws threaten privacy
Summary: Privacy-focused email provider Tuta and the VPN Trust Initiative are voicing concerns over proposed French laws that would impose backdoors in encrypted communication systems and restrict VPN access to pirate sites. The amendments, supported by law enforcement, threaten user privacy and security, with potential legal conflicts against European GDPR and Germany’s IT security regulations.…
Read More
Thousands rescued from scam compounds in Myanmar now stuck at Thai border
Summary: Over 7,000 victims rescued from scam operations in Myanmar are currently detained at a center near the Thai border, with their repatriation delayed due to validation issues from their home countries. While some individuals have been successfully repatriated to Indonesia and China, many others remain in poor conditions as authorities navigate the complexities of international cooperation.…
Read More
26 New Threat Groups Spotted in 2024: CrowdStrike
Summary: CrowdStrike’s 2025 Global Threat Report highlights significant trends in cybersecurity for 2024, including a surge in China-linked activities and a decrease in breakout time for cyber intrusions. The report shows a concerning rise in identity-based attacks and emphasizes the shift towards malware-free detections. Proactive defense strategies are recommended to counter these evolving threats.…
Read More
Belgium probes if Chinese hackers breached its intelligence service
Summary: The Belgian federal prosecutor is investigating a breach of the State Security Service (VSSE), allegedly linked to Chinese state-backed hackers. The attackers accessed and siphoned roughly 10% of the agency’s emails from an external server used for communication with various governmental bodies. There are concerns over the potential exposure of sensitive personal data belonging to VSSE staff and past applicants, although no evidence of data being sold or ransom demands has surfaced so far.…
Read More
Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations
Summary: A new phishing campaign targets companies in Taiwan using malware known as Winos 4.0, disguised as communications from the National Taxation Bureau. This campaign utilizes malicious attachments that impersonate official documents to deploy malware capable of various data-gathering activities. The evolving malware has links to other variants such as ValleyRAT, with specific targeting of Chinese and Vietnamese speakers indicated.…
Read More
Belgium probes suspected Chinese hack of state security service
Summary: Belgium is investigating a cyberattack attributed to Chinese hackers, which compromised the email system of the state security service (VSSE). The attack reportedly siphoned off 10% of the agency’s emails between 2021 and 2023 using a vulnerability in Barracuda Networks’ software. Concerns have been raised regarding the potential exposure of personal data from nearly half of the VSSE’s staff and past applicants due to this breach.…
Read More
Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations
This article details a malicious actor identified as CL-STA-0049, connected to a suspected Chinese threat group targeting governments and critical sectors in Southeast Asia and South America since March 2023. The group employs sophisticated tactics, including a backdoor known as Squidoor, to steal sensitive information and maintain covert communication channels.…
Read More

https://github.com/jivoi/awesome-osint

A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources).

This list is to help all of those who are into Cyber Threat Intellience (CTI), threat hunting, or OSINT.…

Read More
Summary: A large-scale cyberattack campaign has been discovered that exploits a vulnerable driver, Truesight.sys version 2.0.2, to disable endpoint security and deploy Gh0st RATs for malicious purposes. Over 2,500 unique driver variants were created to evade detection, primarily affecting systems in China, Singapore, and Taiwan. Following these findings, Microsoft updated its Vulnerable Driver Blocklist to mitigate further exploitation of these vulnerabilities.…
Read More

Victim: Nationz Technologies Inc. Country : CN Actor: ransomhouse Source: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/2a0ebf1562e8e97209454614bec840b64d07eac6 Discovered: 2025-02-26 21:10:27.574049 Published: 2025-02-08 00:00:00.000000 Description : Specializes in the development and production of microcontrollers (MCUs) Focuses on automotive and industrial solutions Offers secure chips for enhanced protection Produces wireless RF modules Committed to security, convenience, intelligence, and sustainability in its products

About Country CN (China) – Cybersecurity Perspective and Ransomware Cases

– Cybersecurity Landscape: China has a robust cybersecurity framework that includes laws and regulations aimed at protecting information and critical infrastructure.…

Read More