### #IoTSecurity #MalwareDisruption #BotnetMitigation
Summary: Germany’s BSI has successfully disrupted the BadBox malware, which was pre-installed on over 30,000 Android-based IoT devices, by employing DNS sinkholing techniques. This operation is part of a broader effort to combat a botnet linked to malicious apps and firmware that has affected over 280,000 devices globally.…
Key Points :
An alleged Bureau of Immigration document listing over 8,000 Philippine Offshore Gaming Operators (POGO) workers was leaked online in early December.…Keypoints :
Salt Typhoon is a Chinese state-sponsored cyber threat actor.…Summary :
Cybereason Security Services has released a Threat Analysis report detailing the increasing activity of the LummaStealer malware, which operates as a Malware-as-a-Service (MaaS) offering. The report highlights diverse infection vectors, advanced social engineering tactics, and the significant risks posed by this malware to individuals and organizations.…
Summary: Researchers from Claroty Team82 have identified and reported 10 critical vulnerabilities in Ruijie Networks’ Reyee cloud management platform, which could allow attackers to gain control over thousands of IoT devices. The vulnerabilities have been patched, but the potential for exploitation raises significant concerns about the security of cloud-connected IoT devices.…
Summary: Germany’s cybersecurity agency has reported that over 30,000 internet-connected devices were found to be infected with pre-installed BadBox malware, primarily targeting Android devices. The agency has implemented measures to block communication between these devices and the attackers’ control servers, but risks remain for devices with outdated software.…
Summary: The Winnti hacking group has introduced a new PHP backdoor named ‘Glutton’ that targets organizations in China and the U.S., as well as other cybercriminals. This advanced yet flawed malware is designed for modular attacks and stealthy execution.
Threat Actor: Winnti Group | Winnti Victim: Various Organizations | Various Organizations
Key Point :
Glutton is an ELF-based modular backdoor that allows for tailored attacks by activating specific components.…Description : π€€,** Oops, Beike Logistics been hacked ****π₯****
[+] Beike Logistics is an international logistics company that offers shipping, import and export services, and transportation solutions worldwide.
[+] ****www.beikelogistics.com****
Dragons ****π****.**…
Description : **,π Oops, Oak English been hacked π₯
[+] Oak English is an online platform for learning English.
[+] ****oakenglish.com****
Dragons π.**
Ransomware Victims β ALL Other Victims by dragonransomware
Ransomware Incident Overview
Ransomware Incident Overview Victim Information 1.…Summary :
Salt Typhoon, a Chinese state-sponsored APT, has been actively targeting critical communication networks for espionage since 2020, utilizing advanced malware and sophisticated techniques to gather sensitive data from high-profile organizations in North America and Southeast Asia. #SaltTyphoon #CyberEspionage #APTThreats
Keypoints :
Salt Typhoon is linked to China’s Ministry of State Security and has been active since 2020.…Key Points :
A database containing company addresses in China has been leaked. The breach raises concerns about the privacy and security of corporate information.…Summary :
The telecommunication industry faces a surge in cyber attacks, particularly from the Chinese APT group Salt Typhoon, targeting major companies for espionage and data theft. The ongoing threats highlight vulnerabilities in telecom infrastructure and the need for stronger cybersecurity measures. #TelecomSecurity #CyberEspionage #SaltTyphoon
Keypoints :
The telecom sector is a prime target for cyber attacks due to its sensitive data and critical infrastructure.…The video discusses a significant cybersecurity threat affecting the U.S. telecommunications system, highlighting the infiltration of several U.S. Telco companies by a China-backed hacking group called Salt Typhoon.
Key Points The FBI and several intelligence agencies are now recommending secure messaging apps like Signal and WhatsApp over default messaging tools.…Summary: Researchers have uncovered a sophisticated surveillance tool, EagleMsgSpy, used by Chinese law enforcement to collect extensive data from mobile devices, requiring physical access for installation. This tool has been operational since at least 2017 and is linked to a private technology company in Wuhan.…
### #ZeroDayExploitation #SQLInjection #StateSponsoredHacking
Summary: US authorities have charged Chinese national Guan Tianfeng for exploiting a zero-day vulnerability to hack tens of thousands of Sophos firewall devices globally. His actions are linked to state-sponsored cyber operations, raising concerns about national security.
Threat Actor: Guan Tianfeng | Guan Tianfeng
Key Point :
Guan exploited the SQL injection vulnerability (CVE-2020-12271) to compromise approximately 81,000 devices.…Summary: U.S. officials have imposed sanctions on the Chinese cybersecurity firm Sichuan Silence and its employee Guan Tianfeng for exploiting a zero-day vulnerability to compromise thousands of firewalls globally, including those protecting critical infrastructure in the U.S. The Justice Department has indicted Guan and offered a reward for information on the company and its activities.…
Threat Actor: Wuhan Chinasoft Token Information Technology Co., Ltd. | Wuhan Chinasoft Token Information Technology Co., Ltd. Victim: Various mobile device users | mobile device users Price: Not publicly disclosed Exfiltrated Data Type: Sensitive personal information
Key Points :
EagleMsgSpy is a sophisticated surveillance tool used by law enforcement in China since at least 2017.…### #MoqHaoMalware #RoamingMantis #MobilePhishing
Summary: MoqHao, a mobile malware family associated with the Roaming Mantis group, utilizes SMS phishing (smishing) to deliver malicious payloads targeting both Android and iOS users. This analysis reveals the sophisticated tactics employed in their campaigns, including localized phishing pages and the use of trusted services for malware distribution.…
### #OperationDigitalEye #VisualStudioCodeExploitation #ChinaNexusAPT
Summary: Operation Digital Eye is a cyberespionage campaign attributed to a suspected China-nexus threat actor targeting IT service providers in Southern Europe, leveraging innovative techniques such as Visual Studio Code tunneling for command and control. The campaign highlights the strategic nature of these attacks, aiming to establish footholds within critical digital supply chains.…