Victim: GuangDong South Land pharmaceutical Country : CN Actor: ransomhouse Source: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/89583126fb1f0578b410bd88ad34d7f87d9f9d68 Discovered: 2024-11-25 10:16:47.327251 Published: 2024-10-10 00:00:00.000000 Description : Nan guo Pharmaceutical is located in Fenton Industrial Zone, Zhanjiang. It has built a digital intelligent production base, and has dozens of modern pharmaceutical production workshops.…
Tag: CHINA
Victim: INFiLED Country : CN Actor: ransomhouse Source: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/bad9aff23876dff0639d6b68e21a5e71e20181a8 Discovered: 2024-11-25 13:50:56.789366 Published: 2024-11-01 00:00:00.123456 Description : INFiLED is a high-tech enterprise specialized in developing and manufacturing large LED video equipment
Ransomware Victims – ALL Other Victims by ransomhouse
Ransomware Incident Overview
Ransomware Incident Overview Victim: INFiLED INFiLED is a high-tech enterprise specializing in the development and manufacturing of large LED video equipment.…Threat Actor: Unknown | unknown Victim: Fujian Provincial Government | Fujian Provincial Government Price: Not disclosed Exfiltrated Data Type: Sensitive government information
Key Points :
A database from the Fujian provincial government in China has been leaked online. The exposed data includes sensitive information that may impact individuals and organizations in the region.…### #EarthKasha #APT10 #CyberEspionage
Summary: Earth Kasha, a threat actor associated with APT10, has broadened its targeting to India, Taiwan, and Japan, employing advanced tactics such as spear-phishing and exploiting vulnerabilities in public-facing applications. Their operations involve the use of various backdoors, including NOOPDOOR, to maintain persistent access to compromised networks, posing a significant threat to organizations in advanced technology and government sectors.…
### #GelsemiumEspionage #LinuxThreats #StateSponsoredAttacks
Summary: A China-linked state-sponsored threat actor, Gelsemium, has launched a new espionage campaign targeting Linux systems with previously unknown malware strains. This marks a significant shift in their tactics, as they have primarily focused on Windows systems in the past.
Threat Actor: Gelsemium | Gelsemium Victim: Unknown | unknown victim
Key Point :
Gelsemium has been active since at least 2014, primarily targeting East Asia and the Middle East.…### #TibetanCyberEspionage #TAG112 #CobaltStrikeThreat
Summary: A China-linked threat group, TAG-112, has compromised Tibetan media and university websites to deploy the Cobalt Strike toolkit for cyber espionage. This campaign highlights ongoing attacks targeting Tibetan entities, utilizing malicious JavaScript to trick users into downloading harmful software.
Threat Actor: TAG-112 | TAG-112 Victim: Tibet Post, Gyudmed Tantric University | Tibet Post, Gyudmed Tantric University
Key Point :
TAG-112 embedded malicious JavaScript in Tibetan websites to deliver a disguised Cobalt Strike payload.…
Summary:
This article discusses GLASSBRIDGE, a network of companies operating inauthentic news sites that promote narratives aligned with the People’s Republic of China (PRC). These firms create numerous domains masquerading as independent news outlets, disseminating misleading content globally. Google has blocked over a thousand such sites for violating its policies.…
Read More
### #ScamPrevention #TransnationalCrime #DigitalFraud
Summary: Meta has dismantled over 2 million accounts linked to pig butchering scams originating from Southeast Asia and the UAE, highlighting the scale and sophistication of these organized crime operations. The company is collaborating with law enforcement and tech firms to combat these scams, which often exploit victims through deceptive investment schemes.…
### #MaliciousPackages #OpenSourceThreats #SupplyChainRisks
Summary: Researchers have identified two malicious packages on the Python Package Index (PyPI) that impersonated popular AI models to distribute an information stealer known as JarkaStealer. The packages, which were downloaded over 3,500 times, have since been removed from the repository.
Threat Actor: Xeroline | Xeroline Victim: Users of PyPI | Python Package Index
Key Point :
Two malicious packages, gptplus and claudeai-eng, were designed to mimic AI services but contained harmful code.…### #IndustrialControlSystems #OTSecurity #ICSExposures Summary: Recent research reveals over 145,000 internet-exposed Industrial Control Systems (ICS) globally, with significant vulnerabilities particularly in the U.S. and Europe. The study highlights the need for improved security measures as these systems remain foundational yet outdated in their security protocols.
Threat Actor: Unknown | FrostyGoop Victim: Energy Company in Ukraine | Energy Company in Ukraine
Key Point :
145,000 ICS devices exposed across 175 countries, with the U.S.…### #TelecomThreats #LiminalPanda #ChinaCyberOps Summary: CrowdStrike’s Adam Meyers will testify about the state-sponsored actor LIMINAL PANDA, which has been targeting telecommunications entities since 2020. The adversary employs sophisticated techniques for covert access and data exfiltration, raising concerns over critical infrastructure security.
Threat Actor: LIMINAL PANDA | LIMINAL PANDA Victim: Telecommunications Providers | Telecommunications Providers
Key Point :
LIMINAL PANDA has targeted telecom entities using custom tools for covert access and data exfiltration since at least 2020.…### #VMwareVulnerabilities #CyberSecurity #RemoteCodeExecution Summary: Broadcom has issued a warning about active exploitation of two critical vulnerabilities in VMware vCenter Server, one being a remote code execution flaw. Security researchers have highlighted the urgency for affected customers to apply the latest patches to mitigate these threats.…
### #CyberSecurity #MalwareAnalysis #ThreatIntelligence Summary: Volexity’s analysis reveals a vulnerability in Fortinet’s FortiClient VPN client exploited by the Chinese state-affiliated threat actor BrazenBamboo, leading to the development of the DEEPDATA malware family. This malware is capable of extracting sensitive information, including user credentials, from compromised systems.…
### #CyberSecurity #Phishing #FraudAlert Summary: A financially motivated Chinese threat actor known as “SilkSpecter” is operating thousands of fake online stores to steal payment card details from shoppers in the U.S. and Europe, particularly during the Black Friday shopping season. The campaign has resulted in the creation of nearly 4,700 fraudulent domains impersonating well-known brands.…
Summary: In April 2024, BlackBerry reported significant advancements in the LightSpy malware campaign, attributed to APT41, which introduced a new modular surveillance framework named DeepData, enhancing its data theft capabilities. This evolution includes sophisticated plugins for extensive data collection and improved command-and-control infrastructure, targeting various communication platforms and sensitive information.…
Summary: Google has reported that cybercriminals are using landing page cloaking to impersonate legitimate websites and conduct scams, including selling counterfeit products and tricking users into revealing sensitive information. The company is actively combating these tactics and plans to release advisories on online fraud every six months to raise awareness.…
Summary: A China-linked hacker group, TAG-112, has compromised Tibetan media and university websites in an espionage campaign aimed at gathering intelligence for Beijing. This attack is part of a broader pattern of targeting the Tibetan community, which has been under threat from various Chinese cyber-espionage groups.…
Summary:
The report outlines the structure and dynamics of China’s offensive cyber operations, highlighting the roles of state actors like the PLA, MSS, and MPS, as well as the increasing involvement of private companies and patriotic hackers. It emphasizes the shift in cyber activities post-2015 and the complexities in attributing cyber attacks to specific entities.…Summary:
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites to deliver Cobalt Strike malware. The attackers embedded malicious JavaScript that spoofed a TLS certificate error, tricking visitors into downloading a disguised security certificate. This incident highlights ongoing cyber-espionage efforts targeting Tibetan entities, linking TAG-112’s infrastructure to other Chinese operations.…Summary:
This report provides an in-depth analysis of cyber threats and security incidents affecting the financial industry, both in Korea and globally. It highlights malware and phishing attacks, significant data breaches, and ransomware incidents, along with statistics on compromised accounts and the implications for financial institutions.…