Summary: The QiAnXin Threat Intelligence Center has revealed details of “Operation DevilTiger,” a sophisticated cyber espionage campaign by the APT-Q-12 group, also known as “Pseudo Hunter,” targeting East Asian entities. This advanced persistent threat utilizes zero-day vulnerabilities and covert tactics to infiltrate high-value systems, with a focus on geopolitical intelligence related to semiconductor competition.…
Tag: CHINA
Short Summary:
The WhoisXML API research team has identified thousands of election-related cybersquatting domains that could be exploited for profit or malicious purposes. Their study revealed over 3,300 domains linked to presidential candidates, with many being unattributable and potentially harmful. The investigation highlights the need for vigilance in the face of election-related cyber threats.…
Victim: huntongroup.com Country : CN Actor: lockbit3 Source: http://lbb6ud2vyf23z4hw6fzskr5gru7eftbjfbd6yzra3hzuqqvjy63blqqd.onion//post/gpcQsRx2ftSVONKh66d09970c1079 Discovered: 2024-08-30 07:52:15.912679 Published: 2024-08-29 15:53:00.000000 Description : Hunton Group is a synergistic group of Companies focused on innovative systems, comprehensive solutions, and Trane’s high-quality products.
Ransomware Victims – ALL Other Victims by lockbit3
Victim: Huntongroup.com, part of a synergistic group of companies, specializes in innovative systems and comprehensive solutions, particularly in HVAC and energy management.…Short Summary:
The Securonix Threat Research team has identified a covert campaign named SLOW#TEMPEST, targeting Chinese-speaking users with Cobalt Strike payloads delivered via phishing emails. The attackers successfully moved laterally, established persistence, and remained undetected for over two weeks, leveraging sophisticated techniques such as DLL hijacking and credential harvesting.…
Short Summary:
ESET researchers identified a code execution vulnerability (CVE-2024-7262) in WPS Office for Windows, exploited by the APT-C-60 group to target East Asian countries. A subsequent analysis revealed another vulnerability (CVE-2024-7263). Both vulnerabilities have been patched, and this blog post discusses the technical details of the findings.…
Summary: The Volt Typhoon group from China has been exploiting a zero-day vulnerability in Versa Networks’ Director Servers to harvest credentials for future attacks, affecting all versions prior to 22.1.4. The vulnerability, tracked as CVE-2024-39717, allows attackers to gain privileged access through exposed management ports.
Threat Actor: Volt Typhoon | Volt Typhoon Victim: Various organizations | Versa Networks
Key Point :
The vulnerability allows attackers to escalate privileges and gain administrator credentials.…Summary: ESET has uncovered a cyber-espionage campaign linked to the South Korean APT-C-60 group, exploiting a remote code execution vulnerability in WPS Office to deploy a custom backdoor named “SpyGlace.” The campaign primarily targeted victims in East Asia through a maliciously crafted spreadsheet document that triggered the exploit upon interaction.…
Summary: India’s critical infrastructure sectors are increasingly vulnerable to cyberattacks, with significant incidents reported across finance, government, and healthcare. The Reserve Bank of India has highlighted the risks associated with rapid digitization, indicating a dramatic rise in cyber incidents, particularly targeting financial institutions.
Threat Actor: Hackers | hackers Victim: Boat | Boat
Key Point :
Cyber incidents in India’s financial sector surged to 16 million in 2023, compared to 53,000 in 2017.…Short Summary:
APT-Q-12, also known as Pseudo Hunter, is a Chinese APT group targeting entities in Northeast Asia. The group utilizes various techniques for information collection and exploitation, including complex email probes and 0day vulnerabilities in mail clients. Their operations have evolved over the years, showing overlaps with other APT groups like Darkhotel.…
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting risks associated with Dahua cameras and Microsoft Exchange Server. These vulnerabilities could allow remote attackers to exploit systems if not addressed promptly.
Threat Actor: China-linked threat actors | China-linked threat actors Victim: Dahua camera users and Microsoft Exchange Server users | Dahua camera users, Microsoft Exchange Server users
Key Point :
Two authentication bypass vulnerabilities in Dahua cameras (CVE-2021-33044 and CVE-2021-33045) can be exploited by attackers to gain unauthorized access.…Summary: Researchers at Sygnia have reported that the China-linked APT group Velvet Ant exploited the zero-day vulnerability CVE-2024-20399 in Cisco switches to deploy custom malware and gain control over the devices. This vulnerability allows attackers with administrative credentials to execute arbitrary commands on the underlying operating system, leading to significant security risks.…
Fortinet has identified a new variant of the Meduza Stealer that exploits the Microsoft Windows SmartScreen vulnerability (CVE-2024-21412). This malware campaign uses malicious PDF files to bypass security warnings and deliver the Meduza Stealer, which steals data from victims and sends it to a command-and-control server.…
Summary: The Log4j vulnerability, known as Log4Shell, continues to be exploited by various threat actors for malicious activities such as crypto-mining and system compromise, despite being discovered over two years ago. Recent campaigns utilize obfuscated LDAP requests to execute scripts that establish persistence, conduct reconnaissance, and exfiltrate data from compromised systems.…
Short Summary:
The Log4j vulnerability, known as Log4Shell, continues to pose a significant threat over two years after its discovery. Recent campaigns exploit this vulnerability for crypto-mining and system compromise, utilizing obfuscated LDAP requests to execute malicious scripts that establish persistence, perform reconnaissance, and exfiltrate data.…
Summary: OpenAI has banned ChatGPT accounts linked to an Iranian group, Storm-2035, that was suspected of spreading disinformation about the upcoming US presidential election. Despite their efforts to create fake news articles and social media comments, the operation failed to gain significant audience engagement.
Threat Actor: Storm-2035 | Storm-2035 Victim: US Presidential Election | US Presidential Election
Key Point :
OpenAI identified 12 accounts on X and one on Instagram involved in the influence operation.…Summary: Two US House Representatives have urged the Department of Commerce to investigate Chinese-made TP-Link Wi-Fi routers due to concerns over hacking and espionage risks. They highlighted vulnerabilities linked to the routers and the potential for state-sponsored infiltration by Chinese intelligence.
Threat Actor: Camaro Dragon, Volt Typhoon | Camaro Dragon, Volt Typhoon Victim: United States | United States
Key Point :
Congress members express concerns over the security of TP-Link routers manufactured in China.…Threat Actor: Unknown | unknown Victim: China Mobile | China Mobile Price: Not disclosed Exfiltrated Data Type: Personal information (names, addresses, phone numbers, IMEI numbers)
Key Points :
Threat actor claims to sell data from over 1.2 billion China Mobile users. Data breach allegedly exposes personal information from China’s IMEI database.…Short Summary:
Check Point Research has uncovered Styx Stealer, a new malware variant capable of stealing sensitive data from browsers, messaging apps, and cryptocurrency wallets. The developer, linked to the Agent Tesla threat actor, made significant operational security mistakes that led to the exposure of personal and operational details.…