Tag: CHINA

Cyber threats impacting the financial sector in 2024 – focus on the main actors
This report discusses the evolving landscape of cybercrime and state-sponsored threats targeting the financial sector, focusing on Initial Access Brokers (IABs), ransomware groups, and Trojan operators. It highlights the roles of various actors and techniques, showcasing the persistent threat posed by these entities through sophisticated malware, exploitation of vulnerabilities, and collaborative tactics.…
Read More
Summary: A Chinese cybersecurity report claims that the U.S. NSA was behind a significant cyberattack on Northwestern Polytechnical University in 2022, using various advanced malware and tactics. The report details specific tools and methods allegedly employed by the NSA’s Tailored Access Operations division, linking the attack to previous NSA operations.…
Read More
China-linked hackers target European healthcare orgs in suspected espionage campaign
Summary: Researchers have uncovered a hacking group, dubbed Green Nailao, targeting European healthcare organizations with spyware and ransomware, potentially linked to state-backed Chinese hackers. The campaign exploited a vulnerability in cybersecurity products, enabling unauthorized access to sensitive data. Identified malware includes ShadowPad, PlugX, and a new strain, NailaoLocker, raising questions about the motivations behind the attacks.…
Read More
Ghost Ransomware Targets Orgs in 70+ Countries
Summary: The China-backed Ghost ransomware group has attacked over 70 nations since 2021, exploiting vulnerabilities in internet-facing systems to quickly deploy ransomware. The Cybersecurity and Infrastructure Security Agency (CISA) warns organizations to address outdated software and implement better security measures to prevent these rapid attacks. The advisory also highlights the group’s tactics and variations in their ransomware deployment, which have resulted in significant threats across diverse industries.…
Read More
Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines
Summary: China-linked advanced persistent threat (APT) espionage tools are emerging in corporate ransomware attacks, challenging security teams to reassess their strategies against state-backed cyber actors. Researchers from Symantec and Trend Micro have found that these sophisticated tools, traditionally used for espionage, are being used for financially motivated attacks, indicating potential collusion between threat actors or individual operatives engaging in dual activities.…
Read More
AI Can Supercharge Productivity, But we Still Need a Human-in-the-Loop
Summary: The emergence of Stargate, a significant AI infrastructure project in the U.S., has sparked interest in AI’s development, while also highlighting the necessity for human supervision in AI applications due to potential issues like hallucinations. Concerns surrounding AI trust and safety have heightened, leading to the delay of notable AI products from major companies like Amazon and Apple.…
Read More
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
Summary: A newly identified threat activity cluster, codenamed Green Nailao, targeted European healthcare organizations using the PlugX and ShadowPad malware to eventually deploy the NailaoLocker ransomware. Exploiting a recently patched vulnerability in Check Point network gateway products, attackers performed lateral movement and data exfiltration before executing ransomware.…
Read More
CISA, FBI Warn of China-Linked Ghost Ransomware Attacks
Summary: The US cybersecurity agency CISA and the FBI have warned about a Chinese ransomware operation named Ghost that has impacted organizations in over 70 countries since 2021. Known also as Cring, this ransomware targets critical infrastructure, government, and various other sectors for financial gain, utilizing sophisticated methods to complicate tracking and attribution.…
Read More
Ghost Cring Ransomware Detection: The FBI CISA and Partners Warn of Increasing China Backed Group’s Attacks for Financial Gain – SOC Prime
Increasing ransomware volumes, particularly from China-affiliated Ghost (Cring) ransomware groups, have raised global cyber risk concerns. Organizations across multiple sectors face significant financial losses, with recovery costs reaching .73 million in 2024. The FBI and CISA have issued alerts to enhance awareness and proactive measures. Affected: critical infrastructure, healthcare, government, education, technology, manufacturing

Keypoints :

Surge in ransomware incidents targeting multiple sectors globally.…
Read More
Snake Keylogger Targets Chrome, Edge, and Firefox Users in New Attack Campaign
Summary: A new variant of the Snake Keylogger (404 Keylogger) has been detected, targeting major web browsers to steal sensitive user information. Identified by FortiGuard Labs, this malware employs sophisticated evasion techniques and is linked to over 280 million blocked infection attempts worldwide. Organizations are urged to enhance their email security and adopt advanced detection tools to combat this threat effectively.…
Read More
Cracked Games, Cryptojacked PCs: The StaryDobry Campaign
Summary: A cyber campaign named StaryDobry targeted users globally, distributing the XMRig cryptominer through trojanized versions of popular games shared on torrent sites during the holiday season. The sophisticated malware incorporated multiple evasion techniques to prevent detection and primarily affected individual users, with notable cases in Russia, Brazil, Germany, Belarus, and Kazakhstan.…
Read More
This joint Cybersecurity Advisory highlights the threat posed by Ghost (Cring) ransomware, detailing its tactics, techniques, and indicators of compromise (IOCs) as observed mainly since early 2021. Ghost actors exploit vulnerabilities in outdated software to target various sectors, resulting in significant impacts worldwide. Affected: critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, small- and medium-sized businesses

Keypoints :

Ghost ransomware actors have been compromising networks worldwide since early 2021.…
Read More
CISA and FBI: Ghost ransomware breached orgs in 70 countries
Summary: Ghost ransomware has affected numerous organizations across over 70 countries, including critical infrastructure sectors such as healthcare, government, and education. The attacks leverage vulnerabilities in outdated software and target specific security flaws. Recommendations for defense include regular backups, patching vulnerabilities, network segmentation, and enforcing multi-factor authentication.…
Read More
Recent Ghost/Cring ransomware activity prompts alert from FBI, CISA
Summary: The FBI and CISA have issued an alert regarding the Ghost ransomware group, which has been exploiting software and firmware vulnerabilities since January, affecting organizations across over 70 countries. Known for its indiscriminate targeting of poorly patched systems, the group has compromised various sectors including healthcare, education, and critical infrastructure.…
Read More
New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
Summary: A new variant of the Snake Keylogger malware is actively targeting Windows users in several countries and has been associated with over 280 million blocked infection attempts this year. This malware employs advanced techniques like AutoIt scripting to bypass detection, captures sensitive information, and maintains persistence on infected systems.…
Read More
Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
Summary: The Winnti threat actor has been connected to the RevivalStone campaign targeting Japanese companies in the manufacturing and energy sectors in March 2024, utilizing advanced malware techniques for cyber espionage. This campaign is associated with APT41, known for its stealthy and methodical attacks, which involve exploiting vulnerabilities in systems for persistent access.…
Read More
China-Linked Threat Group Targets Japanese Orgs’ Servers
Summary: Winnti, a China-affiliated threat actor, has initiated a new cyber campaign named RevivalStone, targeting Japanese companies in manufacturing, materials, and energy sectors. The group has leveraged vulnerabilities in applications, notably IBM Lotus Domino, to deploy advanced malware and exploit SQL injection vulnerabilities. Researchers expect Winnti to continue evolving its malware with enhanced features to further its cyber espionage activities in the Asia-Pacific region.…
Read More