In a recent investigation by Bitdefender Labs, a series of cyberattacks targeting high-level organizations in South China Sea countries revealed a previously unknown threat actor. We’ve designated this group “Unfading Sea Haze” based on their persistence and focus on the region. The targets and nature of the attacks suggest alignment with Chinese interests.…
Tag: CHINA
As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, cyber threats are becoming more sophisticated and frequent, presenting substantial risks to businesses across all sectors.…
Summary
As part of our continuous hunting efforts across the Asia-Pacific region, BlackBerry discovered Pakistani-based advanced persistent threat group Transparent Tribe (APT36) targeting the government, defense and aerospace sectors of India. This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist.…
XLab’s CTIA(Cyber Threat Insight Analysis) System continuously tracks and monitors the active mainstream DDoS botnets. Recently, our system has observed that CatDDoS-related gangs remain active and have exploited over 80 vulnerabilities over the last three months. Additionally, the maximum number of targets has been observed to exceed 300+ per day.…
Summary: This content discusses a previously unknown threat actor called “Unfading Sea Haze” that has been targeting military and government entities in the South China Sea region since 2018.
Threat Actor: Unfading Sea Haze | Unfading Sea Haze Victim: Military and government entities in the South China Sea region | Military and government entities in the South China Sea region
Key Point :
A previously unknown threat actor named “Unfading Sea Haze” has been conducting targeted attacks on military and government entities in the South China Sea region since 2018.…This post is also available in: 日本語 (Japanese)
Executive SummaryA Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This campaign has been targeting political entities in the Middle East, Africa and Asia since at least late 2022.…
Written by: Michael Raggi
Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers.…
Summary: The Environmental Protection Agency (EPA) has reported that over 70% of water systems in the US fail to meet security standards, making them vulnerable to cyberattacks that can disrupt water sanitation and wastewater systems nationwide.
Threat Actor: Cybercriminals | Cybercriminals Victim: Water systems in the US | Water systems in the US
Key Point :
Over 70% of water systems in the US fail to meet security standards set by the EPA, exposing them to potential cyberattacks.…Politically-motivated hacktivist groups are increasingly utilizing ransomware payloads both to disrupt targets and draw attention to their political causes. Notable among these hacktivist groups is Ikaruz Red Team, a threat actor that is currently leveraging leaked ransomware builders.
In attacks occurring over recent months, we have observed Ikaruz Red Team and aligned groups such as Turk Hack Team and Anka Underground (aka Anka Red Team) conduct attacks against Philippine targets and hijack branding and imagery belonging to the government’s Computer Emergency Response Program (CERT-PH).…
Summary: Germany is considering removing Huawei and ZTE equipment from its 5G networks due to national security concerns.
Threat Actor: Huawei and ZTE | Huawei and ZTE Victim: Germany | Germany
Key Point :
Germany is planning to remove critical components made by Huawei and ZTE from core networks by January 1, 2026, and reduce dependency on Chinese parts in access and transport networks by 2029.…Summary: Two Chinese nationals have been arrested and indicted for their alleged role in a multimillion-dollar investment fraud scheme known as “pig butchering.”
Threat Actor: Daren Li and Yicheng Zhang
Victim: Not specified
Key Point:
Daren Li and Yicheng Zhang managed an international gang that laundered $73 million from crypto scams known as “pig butchering.”…Summary: This content discusses a recent cyber campaign called UNK_SweetSpecter that targets organizations involved in artificial intelligence (AI) in the United States. The campaign utilizes the SugarGh0st RAT and employs AI-themed lures to distribute malware.
Threat Actor: Chinese-speaking threat actors | Chinese-speaking threat actors Victim: Organizations involved in artificial intelligence endeavors in the United States | organizations involved in artificial intelligence endeavors in the United States
Key Point:
A cyber campaign named UNK_SweetSpecter has been targeting AI-related organizations in the United States.…Summary: The U.S. is offering a reward for information on a network of individuals who scammed companies on behalf of North Korea, resulting in nearly $7 million in losses.
Threat Actor: North Korea | North Korea Victim: Companies | companies
Key Point :
The U.S. is offering a reward of up to $5 million for information on individuals involved in a scheme where companies were scammed of nearly $7 million on behalf of North Korea.…The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the Log4j campaign. Initially detected within our honeypot collection, upon discovery, the team promptly initiated an in-depth analysis to delve into the complexities of this dynamic campaign.…
Rape Ransomware Team Seeks Partners for Enterprise Windows Network Access, Offering 80% Profit Share
Threat Actor: Rape Ransomware Team | Rape Ransomware Team Victim: Enterprise Windows networks | Enterprise Windows networks Price: 80% profit share Exfiltrated Data Type: Not specified
Additional Information:
The Rape Ransomware team is seeking partners experienced in accessing enterprise Windows networks. Partners will receive 80% of the ransom profits for each system they facilitate access to.…Summary: The National Cyber Security Centre (NCSC) in the UK has introduced a new initiative called the Personal Internet Protection (PIP) service to provide an additional layer of security to individuals at high risk of cyberattacks ahead of the upcoming election year.
Threat Actor: N/A Victim: N/A
Key Point :
The Personal Internet Protection (PIP) service aims to protect individuals at high risk of cyberattacks such as spear-phishing and malware.…Summary: Adobe has released Patch Tuesday updates to address multiple code execution vulnerabilities in its products, including Adobe Acrobat and Reader software.
Threat Actor: None identified.
Victim: Adobe | Adobe
Key Point :
Adobe has fixed 35 security vulnerabilities in its Patch Tuesday updates, with 12 of these issues impacting Adobe Acrobat and Reader software.…ESET researchers discovered two previously unknown backdoors – which we named LunarWeb and LunarMail – compromising a European ministry of foreign affairs (MFA) and its diplomatic missions abroad. We believe that the Lunar toolset has been used since at least 2020 and, given the similarities between the tools’ tactics, techniques, and procedures (TTPs) and past activities, we attribute these compromises to the infamous Russia-aligned cyberespionage group Turla, with medium confidence.…
Summary: The US Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help civil society organizations mitigate cyber threats, particularly those posed by state-sponsored actors from nations like Russia, China, Iran, and North Korea.
Threat Actor: State-sponsored actors | state-sponsored actors Victim: Civil society organizations | civil society organizations
Key Point :
The guide, titled “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society,” provides actionable steps for civil society organizations to enhance their cybersecurity defenses.…Summary: Singapore has updated its cybersecurity regulations, giving more power to the agency responsible for enforcing the rules and requiring critical information infrastructure operators to report any cybersecurity incidents to the government.
Threat Actor: N/A
Victim: N/A
Key Point :
Singapore has updated its cybersecurity regulations to address the impact of running critical infrastructure management systems on cloud infrastructure and the use of third-party providers by critical infrastructure operators.…