Tag: CHINA

FBI Uses Malware’s Own ‘Self-Delete’ Trick to Erase Chinese PlugX From US Computers
Summary: The FBI, in collaboration with French law enforcement and cybersecurity firm Sekoia.io, successfully utilized the self-delete feature of the PlugX malware to remove it from over 4,200 infected computers in the U.S. This operation targeted the Mustang Panda group, a hacking organization linked to the Chinese government, which has been using PlugX as a Remote Access Trojan since 2008.…
Read More
Hackers use Google Search ads to steal Google Ads accounts
Summary: Cybercriminals are exploiting Google search advertisements to promote phishing sites that impersonate Google Ads, tricking users into revealing their credentials. These fake ads lead victims to counterfeit login pages hosted on Google Sites, which closely mimic the official Google Ads interface. The attackers, operating from various regions, aim to steal accounts for resale and further malicious activities.…
Read More

Victim: barilga.gov.mn Country : MN Actor: funksec Source: http://funknqn44slwmgwgnewne6bintbooauwkaupik4yrlgtycew3ergraid.onion/barilga-gov-mn Discovered: 2025-01-15 15:24:20.897975 Published: 2025-01-15 15:24:20.897975 Description : [AI generated] Barilga.gov.mn is a Mongolian company that provides comprehensive information, support and professional solutions related to the real estate market. Major services include updates about real estate laws, listings for properties, and advertisements for property companies.…
Read More
Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says
Summary: Ukrainian cyber agencies report a rise in sophisticated cyberattacks primarily attributed to three Russia-linked hacker groups targeting government and critical services. The attacks have focused on espionage, financial theft, and psychological warfare, with the most active group being UAC-0010, also known as Gamaredon. Over the past year, Ukraine’s cybersecurity incident response center has addressed over 1,000 incidents, indicating a significant threat to national security.…
Read More
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
Summary: Cybersecurity researchers have uncovered links between North Korean threat actors involved in fraudulent IT worker schemes and a 2016 crowdfunding scam. These actors have been infiltrating companies globally under false identities to generate revenue for North Korea, while also being connected to previous scams. Recent findings highlight the evolution of their tactics and the ongoing threat they pose in cyberspace, particularly in cryptocurrency thefts.…
Read More
FBI Removes PlugX Malware from 4200 US Computers in PRC Linked Cyber Operation
The U.S. Department of Justice and FBI successfully removed PlugX malware from over 4,200 computers in a coordinated operation targeting a hacking group linked to the People’s Republic of China. This operation highlights the importance of international collaboration in combating cyber threats. Affected: U.S. businesses, European and Asian governments, Chinese dissident groups

Keypoints :

The DOJ and FBI conducted a multi-month operation to remove PlugX malware.…
Read More
US, Japan, South Korea Blame North Korean Hackers for 0M Crypto Heists
Summary: In 2024, North Korean hackers stole approximately $660 million in cryptocurrency, with the funds allegedly supporting Pyongyang’s weapons programs. The US, Japan, and South Korea issued a joint statement warning the blockchain industry about the persistent threat posed by these cybercriminals.

Threat Actor: North Korean hackers | North Korean hackers Victim: Cryptocurrency exchanges and users | cryptocurrency exchanges

Key Point :

North Korean hackers conducted at least five major cryptocurrency heists in 2024.…
Read More
Volt Typhoon: Analyzing Espionage Campaigns Against Critical Infrastructure
Volt Typhoon, a Chinese state-sponsored APT group, is known for targeting critical infrastructure in the US, UK, Canada, and Australia by exploiting vulnerabilities in outdated SOHO devices. Their stealthy tactics involve using legitimate tools to blend malicious activities with normal network traffic, making detection difficult. Affected: United States, United Kingdom, Canada, Australia

Keypoints :

Volt Typhoon is linked to espionage and information gathering targeting critical infrastructure.…
Read More
New Year, Old Threats: What Does the DNS Reveal About 2025?
This article discusses the emergence of advanced phishing attacks in 2025, utilizing generative AI and focusing on domain threats. Researchers analyzed 1,000 suspicious domains containing the string “2025,” revealing numerous malicious connections and trends in domain registration. Affected: WhoisXML API, First Watch Malicious Domains Data Feed

Keypoints :

Advanced phishing attacks are increasingly leveraging generative AI.…
Read More
As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks
Summary: In 2024, China’s cyber-operations groups significantly escalated their attacks on Taiwanese organizations, particularly targeting government and telecommunications sectors, resulting in over 2.4 million daily attack attempts. The Taiwanese National Security Bureau reported a 20% increase in successful attacks compared to the previous year, highlighting the aggressive tactics employed by China in cyberspace.…
Read More
FBI Wraps Up Eradication Effort of Chinese ‘PlugX’ Malware
Summary: The US Justice Department and FBI successfully removed “PlugX” malware from thousands of devices globally, targeting a China-sponsored hacking group known as “Mustang Panda.” This operation revealed the extensive reach of the malware, which has infected numerous victims since 2014, including dissident groups and individuals across multiple continents.…
Read More
US issues final rule barring Chinese, Russian connected car tech
Summary: The U.S. Commerce Department has announced a new rule prohibiting the import of certain vehicle connectivity technologies from China and Russia, citing national security concerns. This regulation aims to prevent foreign adversaries from accessing sensitive data and potentially manipulating connected vehicles.

Threat Actor: Chinese and Russian state-sponsored cyber actors | Volt Typhoon Victim: U.S.…

Read More
Hegseth says debate over Cyber Command, NSA leadership would reach ‘conclusion’
Summary: President-elect Donald Trump’s nominee for Defense Secretary, Pete Hesgeth, aims to resolve the ongoing debate regarding the dual-hat leadership of U.S. Cyber Command and the NSA. He acknowledges the complexities of this relationship and emphasizes the need for effective cybersecurity measures against foreign threats.

Threat Actor: Salt Typhoon, Volt Typhoon | Salt Typhoon, Volt Typhoon Victim: U.S.…

Read More
Cyber Insights 2025: Cyber Threat Intelligence
Summary: SecurityWeek’s Cyber Insights 2025 explores expert predictions on the evolution of Cyber Threat Intelligence (CTI) over the next year, emphasizing its critical role in proactive cybersecurity strategies. The report highlights the need for accurate, actionable intelligence to combat increasingly sophisticated cyber threats.

Threat Actor: Various | threat actors Victim: Organizations globally | organizations globally

Key Point :

CTI is essential for understanding the nature of cyber threats and enabling proactive defense strategies.…
Read More
Products and people are in place for CISA to succeed, agency’s departing No. 2 official says
Summary: Nitin Natarajan reflects on his tenure at CISA, highlighting the agency’s growth and key initiatives in cybersecurity, particularly in response to increasing digital threats. As he prepares to transition leadership, he emphasizes the importance of continuity and resilience in protecting U.S. critical infrastructure.

Threat Actor: China-linked hackers | China-linked hackers Victim: U.S.…

Read More