Tag: CHINA

Major Cyber Attacks Targeting the Finance Industry
The finance industry is facing an increasing number of cyberattacks, with significant recent incidents exposing vast amounts of sensitive data. Notable breaches have involved major financial institutions and data theft, highlighting vulnerabilities and the need for robust cybersecurity measures. The financial sector must adapt to evolving threats, including ransomware attacks and Dark Web exploitation, to safeguard personal and financial information.…
Read More
Juniper patches bug that let Chinese cyberspies backdoor routers
Summary: Juniper Networks has issued emergency security updates to address a vulnerability (CVE-2025-21590) in Junos OS that has been exploited by Chinese hackers to create backdoors in routers. This medium severity flaw allows local attackers to execute arbitrary code, compromising device integrity. Affected customers are advised to upgrade their systems promptly and restrict shell access to mitigate risks.…
Read More
The Invisible Battlefield Behind LLM Security Crisis – NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
This article discusses a series of data breaches involving large language models (LLMs) that occurred between January and February 2025. These incidents highlighted vulnerabilities in the deployment of LLMs across enterprises, resulting in extensive data leaks including API keys, user credentials, and sensitive information. The incidents serve as a wake-up call regarding “AI-driven risks” and underscore the need for improved security practices.…
Read More
North Korean Hackers Distributed Android Spyware via Google Play
Summary: A North Korean APT group, ScarCruft, has been distributing a surveillance tool known as KoSpy via Google Play, targeting primarily Korean and English-speaking users. The spyware, disguised as utility applications, enables extensive data collection from infected devices, including SMS, call logs, and location data. Lookout, a cybersecurity firm, has identified multiple instances of this malware and noted its active use since March 2022.…
Read More

Victim: CNQC Country : CN Actor: akira Source: Discovered: 2025-03-12 12:44:53.532366 Published: 2025-03-12 00:00:00.000000 Description :CNQC was established in 1952. Mainly engaged in domestic and international construction projects and investment. Involved in real estate development, capital management, logistics, and design consulting. Ready to upload over 90 GB of essential corporate documents.…
Read More
The Rise of AI-Driven Cyber Attacks: How LLMs Are Reshaping the Threat Landscape
This article discusses the transformative impact of generative AI on cyberattacks, enhancing their speed and effectiveness, particularly through the use of Large Language Models (LLMs). It highlights how various Advanced Persistent Threat (APT) groups are employing AI for reconnaissance, phishing, vulnerability discovery, and malware development. As AI capabilities advance, cybersecurity professionals face growing challenges in defending against sophisticated AI-driven threats.…
Read More
China continues cyberattacks on routers, this time targeting Juniper Networks devices
Summary: A Chinese espionage group known as UNC3886 has been specifically targeting Juniper Networks’ routers, deploying custom malware to exploit vulnerabilities. Their sophisticated tactics focus on maintaining long-term access to networks, primarily within defense, technology, and telecommunications sectors in the US and Asia. Mandiant’s analysis indicates that organizations using end-of-life hardware should upgrade to mitigate risks associated with these advanced threats.…
Read More
Volt Typhoon hackers were in Massachusetts utility’s systems for 10 months
Summary: Chinese hackers associated with the Volt Typhoon campaign infiltrated the systems of Littleton Electric Light and Water Department in Massachusetts for nearly a year, aiming for data theft and potential sabotage. The breach, discovered in November 2023, revealed that while customer-sensitive data was not compromised, the hackers sought critical operational information on energy grid operations.…
Read More
Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers
Summary: Mandiant researchers uncovered custom backdoors on deprecated Juniper Networks Junos OS routers, deployed by a Chinese cyberespionage group known as UNC3886. These backdoors allow for unauthorized access while evading security measures and were aimed at organizations within the defense, technology, and telecommunications sectors. Mandiant recommends immediate upgrades to the latest software versions to protect against these threats.…
Read More
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
Summary: The China-nexus cyber espionage group UNC3886 is targeting end-of-life MX routers from Juniper Networks to deploy custom backdoors that undermine security infrastructure. Recent developments indicate the group’s advanced capabilities to exploit network devices and evade detection by disabling logging mechanisms. Organizations are urged to update their Juniper systems to safeguard against these sophisticated attacks.…
Read More
Chinese cyberspies backdoor Juniper routers for stealthy access
Summary: Chinese hackers, linked to the UNC3886 group, have been identified deploying custom backdoors on end-of-life Juniper Networks’ Junos OS MX routers. The backdoors, primarily based on the TinyShell malware, exploit vulnerabilities to facilitate unauthorized access and data exfiltration. Mandiant’s report emphasizes the need for immediate device replacement and enhanced security measures to mitigate these threats.…
Read More
SideWinder APT Group: Maritime & Nuclear Targets, Evolved Malware
Summary: The SideWinder APT group has intensified its cyber-espionage efforts, specifically targeting maritime and nuclear sectors, while continuously evolving its malware and persistence strategies. Kaspersky Labs highlights notable increases in attacks across South and Southeast Asia, the Middle East, and Africa, as the group demonstrates refined techniques to maintain operational stealth.…
Read More
New Ballista IoT Botnet Linked to Italian Threat Actor
Summary: Cato Networks has identified a new IoT botnet named Ballista, which exploits a vulnerability in TP-Link Archer routers to spread malware. Linked to an Italian threat actor, the botnet poses a threat to organizations across various sectors globally. It has been actively targeting vulnerable devices since early January 2023, exploiting a known vulnerability tracked as CVE-2023-1389.…
Read More
Critical PHP RCE vulnerability mass exploited in new attacks
Summary: GreyNoise has alerted that the critical CVE-2024-4577 PHP remote code execution vulnerability affecting Windows systems is currently being exploited on a large scale. This flaw allows unauthenticated attackers to compromise systems completely through PHP running in CGI mode. Recent attacks have expanded globally, targeting numerous countries, with evidence of persistent threats and varied malicious intentions behind the exploitation.…
Read More
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
Summary: CISA has issued a warning to U.S. federal agencies regarding three critical vulnerabilities in Ivanti Endpoint Manager, which can allow remote attackers to compromise servers. The vulnerabilities were patched by Ivanti, but proof-of-concept exploits have been released, escalating concerns about their active exploitation. Federal agencies are mandated to secure their systems within three weeks against these vulnerabilities to mitigate potential cyber threats.…
Read More
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Summary: A new botnet campaign named Ballista targets unpatched TP-Link Archer routers through a high-severity vulnerability (CVE-2023-1389), allowing remote code execution. The botnet has been active since January 10, 2025, exploiting routers to deploy various malware including the Mirai and AndroxGh0st families. Researchers have linked the campaign to an unidentified Italian threat actor and identified over 6,000 infected devices across multiple countries.…
Read More