Date Reported: 2024-06-14 Country: Taiwan Victim: GlobalWafers | gw-semi.com Additional Information :

GlobalWafers, a manufacturer of silicon wafers for semiconductors, has reported a cyberattack that has affected certain production lines. The company will use existing stocks to fulfill orders, but delivery delays may occur until the third quarter.…
Read More

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

This blog is based on our presentation at Botconf 2024. It can be viewed here.

Introduction

Since 2022, we have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor.…

Read More

Check Point Research reported a Foxit PDF Reader vulnerability that threat actors have begun exploiting, putting the application’s users at risk. When exploited, the bug triggers security warnings that may deceive unsuspecting users into executing harmful commands.

The WhoisXML API research team, in a bid to shed more light on the issue by uncovering more potential attack vectors, thus expanded a public list of indicators of compromise (IoCs).…

Read More

Summary: Chinese crime syndicates have shifted their operations from illicit gambling houses to online cybercrime fraud, targeting vulnerable victims worldwide through romance scams and other long-con cyber fraud.

Threat Actor: Chinese crime syndicates posing as investors | Chinese crime syndicates Victim: Vulnerable victims worldwide | vulnerable victims

Key Point :

Chinese crime syndicates have shifted their operations from illicit gambling houses to online cybercrime fraud.…
Read More

Summary: The content discusses the increase in vulnerabilities in Internet of Things (IoT) devices, with a particular focus on the most vulnerable device types and the targeting of enterprise IoT devices by threat actors.

Threat Actor: Not specified | N/A Victim: Not specified | N/A

Key Point :

The proportion of IoT devices with vulnerabilities has risen from 14% in 2023 to 33% in 2024, according to a report by Forescout.…
Read More

Key Takeaways: 

Cyble Research and Intelligence Labs (CRIL) recently came across a campaign employing Windows shortcut (LNK) files associated with the Mustang Panda APT group. 

Mustang Panda, with its Chinese affiliation, suggests potential state-sponsored or state-affiliated cyber espionage activities targeting government organizations, nonprofits, religious institutions, and other NGOs across the U.S.,…
Read More

Threat Actor: Unknown | Unknown Victim: State Grid Corporation of China (SGCC) | State Grid Corporation of China Price: $1000 Exfiltrated Data Type: Corporate user accounts, user information, department details, roles, eIDs, usernames, phone numbers, emails, employee numbers, passwords

Additional Information:

A threat actor claims to have gained access to a third-party system and acquired sensitive information belonging to the State Grid Corporation of China (SGCC).…
Read More

Summary: Chinese threat actors are targeting vulnerable ThinkPHP applications to install a persistent web shell named Dama, allowing further exploitation of breached endpoints.

Threat Actor: Chinese threat actors | Chinese threat actors Victim: ThinkPHP applications | ThinkPHP applications

Key Point :

Chinese threat actors are exploiting the vulnerabilities CVE-2018-20062 and CVE-2019-9082 in ThinkPHP applications to install the Dama web shell.…
Read More

Cybercriminals can launch distributed denial-of-service (DDoS) attacks with relative ease these days by using DDoS booter services, online services that automate the DDoS attack process.

WhoisXML API threat researcher Dancho Danchev recently uncovered a list of the user information for a popular DDoS booter service, which our research team used to create a profile and expand to identify related artifacts.…

Read More

Summary: A severe security flaw in the design of RISC-V processors has been identified, posing a threat to China’s domestic semiconductor sector and enabling cyber attackers to bypass security measures.

Threat Actor: Chinese research team | Chinese research team Victim: China’s expanding domestic semiconductor/Chip sector | China’s expanding domestic semiconductor/Chip sector

Key Point :

A severe security flaw has been discovered in the design of RISC-V processors, allowing cyber attackers to bypass security measures without administrative rights.…
Read More

Written by: Michelle Cantos, Jamie Collier

 

Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations.  Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event. …
Read More

In May 2023, in a threat hunt across Sophos Managed Detection and Response telemetry, Sophos MDR’s Mark Parsons uncovered a complex, long-running Chinese state-sponsored cyberespionage operation we have dubbed “Crimson Palace” targeting a high-profile government organization in Southeast Asia.

MDR launched the hunt after the discovery of a DLL sideloading technique that exploited VMNat.exe,…

Read More

Published On : 2024-06-06

Mustang Panda, also known as Bronze President, is a Chinese cyber threat actor, active since 2012. This group has launched cyberattacks against organizations worldwide, targeting foreign governments, NGOs, and other entities deemed adversaries of the Chinese Communist Party. Mustang Panda is notorious for its sophisticated spear-phishing campaigns, which utilize the target’s native language and often impersonate government services.…

Read More

Summary: Chinese state-aligned threat clusters collaborated to steal sensitive military and political secrets from a high-profile government organization in Southeast Asia.

Threat Actor: Chinese state-aligned threat clusters | Chinese state-aligned threat clusters Victim: High-profile government organization in Southeast Asia | High-profile government organization in Southeast Asia

Key Point :

The attack, known as “Operation Crimson Palace,” involved new malware tools, DLL sideloading efforts, and evasion techniques.…
Read More

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.

Summary

The TargetCompany ransomware group is now employing a new Linux variant that uses a custom shell script as a means of payload delivery and execution, a technique not seen in previous variants.…
Read More

Sophos Managed Detection and Response initiated a threat hunt across all customers after the detection of abuse of a vulnerable legitimate VMware executable (vmnat.exe) to perform dynamic link library (DLL) side-loading on one customer’s network. In a search for similar incidents in telemetry, MDR ultimately uncovered a complex, persistent cyberespionage campaign targeting a high-profile government organization in Southeast Asia.…

Read More