Tag: CHINA

CISA and FBI Warn of Ransomware Gang Ghost
The US authorities, CISA and FBI, have issued warnings about the Chinese ransomware group Ghost, which has been active since 2021 and has targeted vulnerable systems in over 70 countries, including the US. Their operations span various sectors from critical infrastructure to small businesses, predominantly using publicly available exploit code to compromise outdated software and demanding ransoms while threatening data leaks.…
Read More
Cybersecurity News Review, — Week 8 (2025)
This week’s cybersecurity updates reveal critical vulnerabilities in several platforms like OpenSSH, Atlassian products, and Palo Alto Networks firewalls. There are also reports of new phishing techniques, malware campaigns targeting sensitive data, and alarming data breaches affecting healthcare organizations. Affected: OpenSSH, Atlassian (Confluence, Bamboo, Bitbucket, Jira, Crowd), Palo Alto Networks, Signal Messenger, Australian Infrastructure, HCRG Care Group, DM Clinical Research

Keypoints :

Two critical vulnerabilities in OpenSSH could lead to man-in-the-middle and denial-of-service attacks.…
Read More
Data Leak Exposes TopSec’s Role in China’s Censorship-as-a-Service Operations
Summary: An analysis of a data leak from Chinese cybersecurity company TopSec has revealed its involvement in censorship-as-a-service solutions for state-owned enterprises. The leak includes extensive employee work logs and references to online monitoring tools designed to manage public opinion by identifying sensitive keywords. This sheds light on the intricate connections between China’s government and private cybersecurity firms in enforcing censorship.…
Read More
Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics
Summary: Cisco’s Talos Intelligence Group reported that the Chinese hacking group Salt Typhoon breached US telecom networks by exploiting unpatched vulnerabilities and using stolen credentials. The group successfully leveraged the CVE-2018-0171 vulnerability in legacy systems, showcasing their capability to manipulate network infrastructure with minimal detection. Despite these discoveries, there is no evidence of new exploitations beyond known vulnerabilities.…
Read More
AI-Powered Deception is a Menace to Our Societies
Summary: The article discusses the historical and contemporary impact of propaganda and information manipulation, particularly in the context of AI and social media. It highlights how AI tools have evolved to deceive people, leading to polarized viewpoints and potentially undermining democratic processes. The need for awareness and education to combat these deception tactics is emphasized for individuals and organizations.…
Read More
Cyber threats impacting the financial sector in 2024 – focus on the main actors
This report discusses the evolving landscape of cybercrime and state-sponsored threats targeting the financial sector, focusing on Initial Access Brokers (IABs), ransomware groups, and Trojan operators. It highlights the roles of various actors and techniques, showcasing the persistent threat posed by these entities through sophisticated malware, exploitation of vulnerabilities, and collaborative tactics.…
Read More
Summary: A Chinese cybersecurity report claims that the U.S. NSA was behind a significant cyberattack on Northwestern Polytechnical University in 2022, using various advanced malware and tactics. The report details specific tools and methods allegedly employed by the NSA’s Tailored Access Operations division, linking the attack to previous NSA operations.…
Read More
China-linked hackers target European healthcare orgs in suspected espionage campaign
Summary: Researchers have uncovered a hacking group, dubbed Green Nailao, targeting European healthcare organizations with spyware and ransomware, potentially linked to state-backed Chinese hackers. The campaign exploited a vulnerability in cybersecurity products, enabling unauthorized access to sensitive data. Identified malware includes ShadowPad, PlugX, and a new strain, NailaoLocker, raising questions about the motivations behind the attacks.…
Read More
Ghost Ransomware Targets Orgs in 70+ Countries
Summary: The China-backed Ghost ransomware group has attacked over 70 nations since 2021, exploiting vulnerabilities in internet-facing systems to quickly deploy ransomware. The Cybersecurity and Infrastructure Security Agency (CISA) warns organizations to address outdated software and implement better security measures to prevent these rapid attacks. The advisory also highlights the group’s tactics and variations in their ransomware deployment, which have resulted in significant threats across diverse industries.…
Read More
Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines
Summary: China-linked advanced persistent threat (APT) espionage tools are emerging in corporate ransomware attacks, challenging security teams to reassess their strategies against state-backed cyber actors. Researchers from Symantec and Trend Micro have found that these sophisticated tools, traditionally used for espionage, are being used for financially motivated attacks, indicating potential collusion between threat actors or individual operatives engaging in dual activities.…
Read More
AI Can Supercharge Productivity, But we Still Need a Human-in-the-Loop
Summary: The emergence of Stargate, a significant AI infrastructure project in the U.S., has sparked interest in AI’s development, while also highlighting the necessity for human supervision in AI applications due to potential issues like hallucinations. Concerns surrounding AI trust and safety have heightened, leading to the delay of notable AI products from major companies like Amazon and Apple.…
Read More
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
Summary: A newly identified threat activity cluster, codenamed Green Nailao, targeted European healthcare organizations using the PlugX and ShadowPad malware to eventually deploy the NailaoLocker ransomware. Exploiting a recently patched vulnerability in Check Point network gateway products, attackers performed lateral movement and data exfiltration before executing ransomware.…
Read More
CISA, FBI Warn of China-Linked Ghost Ransomware Attacks
Summary: The US cybersecurity agency CISA and the FBI have warned about a Chinese ransomware operation named Ghost that has impacted organizations in over 70 countries since 2021. Known also as Cring, this ransomware targets critical infrastructure, government, and various other sectors for financial gain, utilizing sophisticated methods to complicate tracking and attribution.…
Read More
Ghost Cring Ransomware Detection: The FBI CISA and Partners Warn of Increasing China Backed Group’s Attacks for Financial Gain – SOC Prime
Increasing ransomware volumes, particularly from China-affiliated Ghost (Cring) ransomware groups, have raised global cyber risk concerns. Organizations across multiple sectors face significant financial losses, with recovery costs reaching .73 million in 2024. The FBI and CISA have issued alerts to enhance awareness and proactive measures. Affected: critical infrastructure, healthcare, government, education, technology, manufacturing

Keypoints :

Surge in ransomware incidents targeting multiple sectors globally.…
Read More
Snake Keylogger Targets Chrome, Edge, and Firefox Users in New Attack Campaign
Summary: A new variant of the Snake Keylogger (404 Keylogger) has been detected, targeting major web browsers to steal sensitive user information. Identified by FortiGuard Labs, this malware employs sophisticated evasion techniques and is linked to over 280 million blocked infection attempts worldwide. Organizations are urged to enhance their email security and adopt advanced detection tools to combat this threat effectively.…
Read More