Victim: Ronglian Group [Source code of RONGLIAN GROUP company developments] Country : CN Actor: ransomhouse Source: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/e86f5395fb94c30e26dad9f03c64f4ebd405fdc5 Discovered: 2024-08-12 09:02:17.049146 Published: 2024-06-29 00:00:00.000000 Description : One of the leaders of China digital revolution, helping customers for digital business transformation. Providing global and local expertise on technology and industry to the world wide nterprise customers.…
Tag: CHINA
Summary: Researchers from the CISPA Helmholtz Center have discovered critical vulnerabilities in Alibaba’s T-Head Semiconductor RISC-V processors, particularly the C910 CPU cores, which could allow attackers to execute arbitrary code and take control of devices. The most severe vulnerability, dubbed GhostWrite, enables unprivileged users to bypass memory protection mechanisms, posing significant security risks.…
“`html
Short SummaryThe blog post discusses the ongoing threat posed by the Quad7 botnet, which has evolved to include a new tranche of bots operating on a different port. The analysis reveals the botnet’s resilience and adaptability, highlighting its continued activity and the need for robust security measures to combat such threats.…
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Microsoft COM for Windows, tracked as CVE-2018-0824, to its Known Exploited Vulnerabilities catalog. This vulnerability allows remote code execution through deserialization of untrusted data, posing significant risks to affected systems.
Threat Actor: APT41 | APT41 Victim: Taiwanese government-affiliated research institute | Taiwanese government-affiliated research institute
Key Point :
CVE-2018-0824 is a deserialization vulnerability in Microsoft COM for Windows with a CVSS score of 7.5.…“`htmlShort Summary:
The article discusses the increasing trend of threat actors utilizing legitimate cloud services for their attacks, highlighting various espionage operations and malware tools that exploit these services. Notable tools mentioned include GoGra, Grager, and MoonTag, which leverage Microsoft Graph API for command-and-control operations. The article emphasizes the need for organizations to monitor and protect against these evolving threats.…
Threat Actor: ByteDance | ByteDance Victim: Millions of children | Millions of children Price: Up to $51,744 per violation per day (potentially billions in total) Exfiltrated Data Type: Personal information including names, ages, email addresses, phone numbers, device and location information, photos, videos, and audio files
Key Points :
The U.S.…Summary: Evasive Panda, a cyber espionage group, compromised an Internet Service Provider (ISP) in mid-2023 to deliver malicious software updates, showcasing an escalation in their tactics. Known for using various backdoors and malware strains, the group has targeted sensitive entities, particularly in the context of supply chain attacks and DNS poisoning.…
Summary: Leaders from the U.S. and allied nations convened to discuss national security risks associated with connected cars, emphasizing the need for cybersecurity standards. The meeting highlighted concerns over data privacy and potential foreign threats, particularly from China, regarding the collection of sensitive information through these vehicles.…
Summary: The aviation industry faces increasing cybersecurity threats, particularly in its supply chain, necessitating enhanced risk measurement and mitigation strategies. Recent reports highlight significant vulnerabilities, especially among aviation-specific software vendors, and emphasize the urgent need for improved security practices as regulatory requirements tighten globally.
Threat Actor: Ransomware Operators | ransomware operators Victim: Aviation Industry | aviation industry
Key Point :
The aviation industry scores a “B” on cybersecurity, with significant disparities in risk exposure among organizations.…Summary: German authorities have identified a Beijing-backed threat actor as responsible for a cyberattack on the country’s Federal Agency for Cartography and Geodesy in 2021, marking a significant diplomatic response from Germany. This incident highlights ongoing concerns regarding Chinese cyber espionage targeting critical infrastructure and government processes in Germany and Europe.…
Victim: Jangho Group Country : CN Actor: hunters Source: https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion/companies/2708805266 Discovered: 2024-08-02 20:40:28.873188 Published: 2024-08-02 20:07:37.000000 Description : Country : China – Exfiltraded data : yes – Encrypted data : yes
Ransomware Victims – ALL Other Victims by hunters…
Summary: The Senate Armed Services Committee has advanced Michael Sulmeyer’s nomination as the Pentagon’s first assistant secretary of defense for cyber policy, aiming to enhance the Defense Department’s focus on cybersecurity. Sulmeyer emphasized the importance of building combat power and retention within U.S. Cyber Command amid rising cyber threats from adversaries like China and Russia.…
[Law] The US indicts a North Korean hacker for ransomware attacks on hospitals, NASA, military bases
Summary: US authorities have indicted Rim Jong Hyok, a member of the North Korean hacking group Andariel, for cyberattacks against various American and international entities, including healthcare providers and NASA. The indictment details efforts to steal sensitive data and deploy ransomware, as well as laundering the proceeds through a Chinese bank to fund further cyber operations.…
“`html Short Summary:
APT40, a Chinese cyber-espionage group linked to the Ministry of State Security, has been active since 2009, targeting various sectors such as maritime, defense, and technology. The group employs a range of tactics, techniques, and procedures (TTPs) to infiltrate networks, maintain persistence, and exfiltrate sensitive data, aligning its activities with China’s strategic objectives.…
“`html Short Summary:
Cisco Talos uncovered a malicious campaign targeting a Taiwanese government-affiliated research institute, attributed to the hacking group APT41. The campaign involved the use of ShadowPad malware, Cobalt Strike, and other tools for post-compromise activities, exploiting vulnerabilities in Microsoft Office. The investigation revealed overlaps in tactics and infrastructure with previous campaigns, indicating a sophisticated and persistent threat actor.…
SideWinder Leverages Enhanced Infrastructure to Focus on Mediterranean Ports and Maritime Facilities
“`html
Short Summary: The BlackBerry Threat Research and Intelligence team has identified a new campaign by the nation-state threat actor SideWinder, targeting maritime facilities in the Indian Ocean and Mediterranean Sea. The campaign utilizes upgraded infrastructure and tactics, focusing on espionage and intelligence gathering, particularly against countries like Pakistan, Egypt, and Sri Lanka.…Victim: Lago Group Spa Country : ES Actor: ransomhouse Source: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/56ef09a90ce4af6f818907d1168ee130de1dbc6f Discovered: 2024-07-26 11:38:12.879028 Published: 2024-06-04 00:00:00.000000 Description : Lago Group started to export in the early 90s though the birth of the export division came into being in 2002. Since then we have growing continuously reaching todays, ’ numbers: More than 50Mio/€ of annual revenue.…
This post is also available in: 日本語 (Japanese)
Executive SummaryIn this post, we explore the evolution of domain registration and network attacks associated with terms related to generative AI (GenAI). These trends are strongly correlated with the key milestones and developments in GenAI such as the launch of ChatGPT and its integration into the Bing search engine – and the buzz of interest around these events.…
Date Reported: 2024-07-04 Country: China Victim: Alps Alpine | alpsalpine.com Additional Information :
On July 4, 2024, Alps Alpine confirmed that its Chinese subsidiary, Ningbo Alps Electronics Co., Ltd., experienced unauthorized access by third parties. The incident involved a ransomware attack. In response to the attack, measures such as shutting down or isolating the affected servers were implemented.…Summary: A North Korean hacker, Rim Jong Hyok, has been indicted for his involvement in ransomware attacks targeting U.S. hospitals and defense contractors, using the Maui strain to disrupt healthcare services. The U.S. government has issued a warrant for his arrest and is offering a reward for information leading to his capture, while also highlighting the ongoing threat posed by the North Korean Andariel Unit in cyber espionage and ransomware activities.…