CHINA Archives - Page 2 of 60 - Cybersecurity News Everyday

Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017

Summary: An unpatched security vulnerability in Microsoft Windows allows 11 state-sponsored groups to execute hidden malicious commands through crafted .LNK files, leading to significant risks of data theft and cyber espionage. Discovered by Trend Micro’s Zero Day Initiative (ZDI), the flaw has been utilized since 2017, targeting various organizations globally.…

Cyber Security News

China identifies Taiwanese hackers allegedly behind cyberattacks and espionage

March 18, 2025 CybersecurityNews

Summary: China’s Ministry of State Security has accused four individuals linked to Taiwan’s military of cyberattacks and espionage against Chinese infrastructure. The allegations, which Taiwan denies, highlight the increasing cyber tensions between the two entities amid an ongoing complex relationship. Reports from Chinese cybersecurity firms suggest coordinated efforts with the government to address alleged threats from Taiwan.…

Threat Research

Silk Typhoon Targeting IT Supply Chain

March 18, 2025March 18, 2025 microsoft

Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…

Cyber Security News

BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse

March 18, 2025 CybersecurityNews

Summary: The BADBOX 2.0 scheme involves at least four distinct threat actors operating a large-scale ad fraud and residential proxy operation, utilizing compromised consumer devices to create a massive botnet. This sophisticated fraud ring targets inexpensive Android devices worldwide, causing significant financial damage through various forms of cybercrime.…

Cyber Security News

China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation

March 18, 2025 CybersecurityNews

Summary: A recent malware campaign by the China-aligned MirrorFace threat actor has targeted a Central European diplomatic organization, employing a backdoor known as ANEL. The campaign, called Operation AkaiRyū, marks a notable shift as it extends beyond the group’s usual focus on Japanese entities. Enhanced operational security measures have complicated the incident investigation, reflecting the evolved tactics of this cyber threat group.…

Threat Research

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

March 18, 2025 ESET-welivesecurity

In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…

Threat Research

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

March 18, 2025 Reliaquest

This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…

Threat Research

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog

March 18, 2025March 18, 2025 Securonix

Mandiant’s discovery in mid-2024 revealed that the China-nexus espionage group, UNC3886, deployed custom backdoors on Juniper Networks’ Junos OS routers, utilizing various capabilities to maintain long-term access while circumventing security protections. Mandiant urges organizations to upgrade their Juniper devices to mitigate these vulnerabilities and recommends security measures.…

Interesting Stuff

Tuesday Morning Threat Report: March 18, 2025

March 18, 2025March 18, 2025 Infosecwriteups

This article discusses several significant cybersecurity incidents, including a DDoS attack on the social media platform X, multiple instances of malware infection, and breaches by foreign hacking groups. Key highlights include record fraud losses reported by the FTC, a patched vulnerability in Apple’s WebKit, and ongoing security challenges with AI-generated code hosting on GitHub.…

Threat Research

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security Blog

March 18, 2025March 18, 2025 iocOne

In November 2024, Microsoft Incident Response uncovered StilachiRAT, a remote access trojan that employs sophisticated evasion techniques and data exfiltration capabilities, targeting sensitive information such as credentials, digital wallet data, and clipboard contents. StilachiRAT establishes command-and-control connectivity with remote servers, and Microsoft has issued guidance to bolster defenses against this growing threat.…

Cyber Security News

THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

March 17, 2025 CybersecurityNews

Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…

Ransom Monitor

Ransom! pinduoduo.com

March 17, 2025 Monitorman

Victim: pinduoduo.com Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/4b72823357eb26a73b059f6030eb9aeffe8ab73756f1e4ea50e2581ace156f49/ Discovered: 2025-03-17 02:50:24.950621 Published: 2025-03-17 02:49:17.841865 Description : Here are some key points about Pinduoduo: Pinduoduo is a Chinese e-commerce platform that focuses on social commerce. It allows users to participate in group buying deals for discounts on various products.…

Ransom Monitor

Ransom! taobao.com

March 17, 2025 Monitorman

Victim: taobao.com Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/3455587bd83dc1208ce17d662972ee350216ecdf624c956e6c96050fee82a060/ Discovered: 2025-03-17 02:51:54.254234 Published: 2025-03-17 02:50:47.436420 Description : Sure! Here are the key points about Taobao.com presented in a list format: Online shopping platform based in China Founded by Alibaba Group in 2003 Offers a wide variety of products, including clothing, electronics, and home goods Features both individual sellers and small businesses Utilizes consumer-to-consumer (C2C) and business-to-consumer (B2C) sales models Supports multiple payment methods, including Alipay Includes user reviews and ratings to help guide purchases Mobile app available for convenient shopping Hosts frequent promotional events, such as Singles’ Day (November 11) Provides integrated logistics and customer service support

About Country: China (Country Code = CN) stands as a significant player in the global cybersecurity landscape, characterized by its robust cybersecurity policies and initiatives aimed at safeguarding its vast digital infrastructure.…

Ransom Monitor

Ransom! CNS

March 17, 2025 Monitorman

Victim: CNS Country : CN Actor: trinity Source: http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion/articles/13 Discovered: 2025-03-16 21:23:11.372451 Published: 2025-03-16 21:21:54.700495 Description : Sure! Please provide the content you would like me to summarize into keypoints, and I will format it accordingly.

About Country: China (Country Code = CN) has emerged as a significant player in the global cybersecurity landscape, grappling with an increasing number of ransomware incidents that target both public and private sectors.…

Cyber Security News

Man-in-the-Middle Vulns Provide New Research Opportunities for Car Security

March 15, 2025 CybersecurityNews

Summary: A well-known China-based automotive manufacturer has multiple critical security vulnerabilities affecting over 150,000 vehicles sold in 2024. Security researchers Yingjie Cao and Xinfeng Chen uncovered weaknesses that could allow remote car control through man-in-the-middle attacks. Their findings highlight the broader cybersecurity issues in the automotive industry, stressing the need for improved defenses against such exploits.…

Threat Research

Lookout Discovers North Korean APT37 Mobile Spyware | Threat Intel

March 15, 2025March 15, 2025 iocOne

The Lookout Threat Lab has uncovered a new Android surveillance tool named KoSpy, linked to the North Korean APT group ScarCruft. This spyware targets Korean and English-speaking users, utilizing fake utility applications to infect devices. It has been distributed via Google Play Store and Firebase Firestore, now secured by Google.…

Threat Research

Cato CTRL, Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers

March 15, 2025March 15, 2025 iocOne

A recent global campaign has been identified that targets TP-Link Archer routers through a remote code execution (RCE) vulnerability (CVE-2023-1389). The campaign exploits these routers to create a botnet, with the potential for widespread impact given the number of vulnerable devices connected to the internet. The malware dropper utilizes a bash script to install and execute additional malware while maintaining evasion techniques.…

Tag: CHINA