Tag: CHINA

⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More

Victim: pinduoduo.com Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/4b72823357eb26a73b059f6030eb9aeffe8ab73756f1e4ea50e2581ace156f49/ Discovered: 2025-03-17 02:50:24.950621 Published: 2025-03-17 02:49:17.841865 Description : Here are some key points about Pinduoduo: Pinduoduo is a Chinese e-commerce platform that focuses on social commerce. It allows users to participate in group buying deals for discounts on various products.…
Read More

Victim: taobao.com Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/3455587bd83dc1208ce17d662972ee350216ecdf624c956e6c96050fee82a060/ Discovered: 2025-03-17 02:51:54.254234 Published: 2025-03-17 02:50:47.436420 Description : Sure! Here are the key points about Taobao.com presented in a list format: Online shopping platform based in China Founded by Alibaba Group in 2003 Offers a wide variety of products, including clothing, electronics, and home goods Features both individual sellers and small businesses Utilizes consumer-to-consumer (C2C) and business-to-consumer (B2C) sales models Supports multiple payment methods, including Alipay Includes user reviews and ratings to help guide purchases Mobile app available for convenient shopping Hosts frequent promotional events, such as Singles’ Day (November 11) Provides integrated logistics and customer service support

About Country: China (Country Code = CN) stands as a significant player in the global cybersecurity landscape, characterized by its robust cybersecurity policies and initiatives aimed at safeguarding its vast digital infrastructure.…

Read More

Victim: CNS Country : CN Actor: trinity Source: http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion/articles/13 Discovered: 2025-03-16 21:23:11.372451 Published: 2025-03-16 21:21:54.700495 Description : Sure! Please provide the content you would like me to summarize into keypoints, and I will format it accordingly.

About Country: China (Country Code = CN) has emerged as a significant player in the global cybersecurity landscape, grappling with an increasing number of ransomware incidents that target both public and private sectors.…

Read More

Victim: JD.com Inc (Chinese) Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/79296199a4f112d4be2996b7f1f7288fa0a02db21fd752c9ccc203e7c6bd4162/ Discovered: 2025-03-16 23:45:02.891531 Published: 2025-03-16 23:43:56.693858 Description : Sure! Here are the key points about JD.com Inc in English:JD.com Inc is one of the largest e-commerce companies in China. It was founded in 1998 by Richard Liu (Liu Qiangdong).…
Read More
Man-in-the-Middle Vulns Provide New Research Opportunities for Car Security
Summary: A well-known China-based automotive manufacturer has multiple critical security vulnerabilities affecting over 150,000 vehicles sold in 2024. Security researchers Yingjie Cao and Xinfeng Chen uncovered weaknesses that could allow remote car control through man-in-the-middle attacks. Their findings highlight the broader cybersecurity issues in the automotive industry, stressing the need for improved defenses against such exploits.…
Read More
Cato CTRL, Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers
A recent global campaign has been identified that targets TP-Link Archer routers through a remote code execution (RCE) vulnerability (CVE-2023-1389). The campaign exploits these routers to create a botnet, with the potential for widespread impact given the number of vulnerable devices connected to the internet. The malware dropper utilizes a bash script to install and execute additional malware while maintaining evasion techniques.…
Read More
Can TikTok help Frank McCourt reinvent the internet?
Summary: Frank McCourt, primarily known for his real estate success, is now aiming to acquire TikTok and reshape the internet through his Project Liberty initiative. He believes that the current internet landscape is flawed, leading to misinformation and loss of individual data ownership. McCourt’s vision aims to empower users by giving them control over their data and creating a new internet that prioritizes individual rights over corporate interests.…
Read More
Europe’s telecoms sector under increased threat from cyber spies, warns Denmark
Summary: Denmark’s cybersecurity agency has issued a threat assessment highlighting a rise in state-sponsored cyber espionage aimed at the telecommunications sector in Europe. This assessed threat aligns closely with U.S. concerns regarding a Chinese cyber spying campaign, referred to as Salt Typhoon, although specific attribution was not confirmed.…
Read More
Juniper Issues Urgent Fix for Actively Exploited Junos OS Flaw – CVE-2025-21590
Summary: Juniper Networks has issued a security bulletin regarding an actively exploited vulnerability (CVE-2025-21590) in multiple versions of Junos OS that could allow local attackers to execute arbitrary code. The vulnerability affects several versions prior to specific release thresholds and has been linked to reports of exploitation by a China-based espionage group.…
Read More
Android Banking Trojan – OctoV2, masquerading as Deepseek AI
This article discusses the emergence of Deepseek, an AI-based application, and the subsequent rise in malware targeting its users through deceptive phishing tactics. It highlights how malicious actors create counterfeit websites and applications that mimic Deepseek, deceiving users into downloading malware. Affected: mobile users, cybersecurity sector

Keypoints :

Deepseek is an advanced AI developed in China, with its first chatbot application due for release in January 2025.…
Read More

Victim: Intelligence Bureau of the Joint Staff Department of the Central Military Commission China Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/39b1b6646b2110e79ac532e169720824c3d842d02ce0c61e95658835ac24d084/ Discovered: 2025-03-14 07:56:32.049126 Published: 2025-03-14 07:55:27.110559 Description :Intelligence Bureau operates under the Joint Staff Department of China’s Central Military Commission. Responsible for gathering and analyzing military intelligence.…
Read More
DCRat Malware Exploits YouTube to Hijack User Credentials
Summary: In 2025, a new wave of DCRat backdoor attacks has emerged, utilizing the Malware-as-a-Service model, where attackers not only distribute the malware but also provide support infrastructure. They exploit YouTube to distribute the Trojan via fake accounts, targeting gamers with counterfeit software. The attack highlights the increasing sophistication of cybercrime and the importance of downloading software only from trusted sources.…
Read More
Major Cyber Attacks Targeting the Finance Industry
The finance industry is facing an increasing number of cyberattacks, with significant recent incidents exposing vast amounts of sensitive data. Notable breaches have involved major financial institutions and data theft, highlighting vulnerabilities and the need for robust cybersecurity measures. The financial sector must adapt to evolving threats, including ransomware attacks and Dark Web exploitation, to safeguard personal and financial information.…
Read More
Juniper patches bug that let Chinese cyberspies backdoor routers
Summary: Juniper Networks has issued emergency security updates to address a vulnerability (CVE-2025-21590) in Junos OS that has been exploited by Chinese hackers to create backdoors in routers. This medium severity flaw allows local attackers to execute arbitrary code, compromising device integrity. Affected customers are advised to upgrade their systems promptly and restrict shell access to mitigate risks.…
Read More
The Invisible Battlefield Behind LLM Security Crisis – NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
This article discusses a series of data breaches involving large language models (LLMs) that occurred between January and February 2025. These incidents highlighted vulnerabilities in the deployment of LLMs across enterprises, resulting in extensive data leaks including API keys, user credentials, and sensitive information. The incidents serve as a wake-up call regarding “AI-driven risks” and underscore the need for improved security practices.…
Read More
North Korean Hackers Distributed Android Spyware via Google Play
Summary: A North Korean APT group, ScarCruft, has been distributing a surveillance tool known as KoSpy via Google Play, targeting primarily Korean and English-speaking users. The spyware, disguised as utility applications, enables extensive data collection from infected devices, including SMS, call logs, and location data. Lookout, a cybersecurity firm, has identified multiple instances of this malware and noted its active use since March 2022.…
Read More

Victim: CNQC Country : CN Actor: akira Source: Discovered: 2025-03-12 12:44:53.532366 Published: 2025-03-12 00:00:00.000000 Description :CNQC was established in 1952. Mainly engaged in domestic and international construction projects and investment. Involved in real estate development, capital management, logistics, and design consulting. Ready to upload over 90 GB of essential corporate documents.…
Read More
The Rise of AI-Driven Cyber Attacks: How LLMs Are Reshaping the Threat Landscape
This article discusses the transformative impact of generative AI on cyberattacks, enhancing their speed and effectiveness, particularly through the use of Large Language Models (LLMs). It highlights how various Advanced Persistent Threat (APT) groups are employing AI for reconnaissance, phishing, vulnerability discovery, and malware development. As AI capabilities advance, cybersecurity professionals face growing challenges in defending against sophisticated AI-driven threats.…
Read More