Tag: CHINA

SideWinder APT Group: Maritime & Nuclear Targets, Evolved Malware
Summary: The SideWinder APT group has intensified its cyber-espionage efforts, specifically targeting maritime and nuclear sectors, while continuously evolving its malware and persistence strategies. Kaspersky Labs highlights notable increases in attacks across South and Southeast Asia, the Middle East, and Africa, as the group demonstrates refined techniques to maintain operational stealth.…
Read More
New Ballista IoT Botnet Linked to Italian Threat Actor
Summary: Cato Networks has identified a new IoT botnet named Ballista, which exploits a vulnerability in TP-Link Archer routers to spread malware. Linked to an Italian threat actor, the botnet poses a threat to organizations across various sectors globally. It has been actively targeting vulnerable devices since early January 2023, exploiting a known vulnerability tracked as CVE-2023-1389.…
Read More
Critical PHP RCE vulnerability mass exploited in new attacks
Summary: GreyNoise has alerted that the critical CVE-2024-4577 PHP remote code execution vulnerability affecting Windows systems is currently being exploited on a large scale. This flaw allows unauthenticated attackers to compromise systems completely through PHP running in CGI mode. Recent attacks have expanded globally, targeting numerous countries, with evidence of persistent threats and varied malicious intentions behind the exploitation.…
Read More
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
Summary: CISA has issued a warning to U.S. federal agencies regarding three critical vulnerabilities in Ivanti Endpoint Manager, which can allow remote attackers to compromise servers. The vulnerabilities were patched by Ivanti, but proof-of-concept exploits have been released, escalating concerns about their active exploitation. Federal agencies are mandated to secure their systems within three weeks against these vulnerabilities to mitigate potential cyber threats.…
Read More
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Summary: A new botnet campaign named Ballista targets unpatched TP-Link Archer routers through a high-severity vulnerability (CVE-2023-1389), allowing remote code execution. The botnet has been active since January 10, 2025, exploiting routers to deploy various malware including the Mirai and AndroxGh0st families. Researchers have linked the campaign to an unidentified Italian threat actor and identified over 6,000 infected devices across multiple countries.…
Read More

Victim: bank.pingan.com (CN) By Babuk Locker 2.0 Country : CN Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/358c4d15c88f881a4fe9b4009fea92875bd9569160533db6cbea77d6fbdee3be/ Discovered: 2025-03-10 22:22:57.951986 Published: 2025-03-10 22:03:00.000000 Description : Sure! Here are the keypoints based on the website bank.pingan.com formatted as a list: Comprehensive banking services including savings, loans, and investment options. User-friendly online banking platform with easy navigation.…
Read More
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
Summary: An advanced persistent threat (APT) group known as SideWinder has been targeting maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa, as well as various diplomatic entities. The group uses sophisticated techniques, including a modular post-exploitation toolkit named StealerBot, to capture sensitive information and evade detection.…
Read More
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
Summary: The U.S. Cybersecurity and Infrastructure Security Agency has added five critical vulnerabilities to its Known Exploited Vulnerabilities catalog, affecting Advantive VeraCore and Ivanti Endpoint Manager. These vulnerabilities, actively exploited by threat actors, include file upload and SQL injection flaws in Advantive and multiple path traversal issues in Ivanti.…
Read More
SideWinder targets the maritime and nuclear sectors with an updated toolset
SideWinder, an advanced persistent threat (APT) group, has intensified attacks targeting military, government, and logistics entities in various regions, particularly in Asia, Africa, and beyond. With sophisticated malware and exploitation techniques, including those leveraging CVE-2017-11882, their operations indicate a strategic focus on maritime infrastructures and nuclear energy sectors.…
Read More
Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links
Summary: A new malware campaign targeting the Middle East and North Africa has been utilizing a modified version of AsyncRAT since September 2024, attributed to a threat actor known as Desert Dexter. The campaign exploits social media to distribute malware and has affected around 900 victims, primarily from various sectors in countries like Libya, Saudi Arabia, and Egypt.…
Read More
⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
Summary: The evolving landscape of cyber threats raises critical concerns around cybersecurity resilience, particularly as state-sponsored groups and new ransomware tactics emerge. Notable events this week include charges against Chinese nationals for hacking and the dismantling of Garantex, a cryptocurrency exchange linked to money laundering. This edition explores the complexities of modern cyber threats and ongoing countermeasures by global law enforcement.…
Read More
MITRE EMB3D for OT & ICS Threat Modeling Takes Flight
Summary: A variety of threat modeling frameworks, including MITRE’s newly launched EMB3D, are gaining popularity among manufacturers of devices and industrial control systems (ICS). These frameworks aim to categorize potential threats and provide mitigations for device security during the design phase. By enhancing collaboration among device manufacturers, cybersecurity vendors, and infrastructure operators, these models seek to improve overall security resilience against emerging threats.…
Read More
March Kicks Off with Major Exploits! | Weely Reports | Loginsoft
In March, the CISA catalog added nine new vulnerabilities, significantly impacting various platforms like VMware, Hitachi Vantara, Linux, and more. New botnet threats emerged alongside advanced threat actor tactics, emphasizing the critical importance of prompt patching and security measures. Key vulnerabilities include critical issues in VMware, Progress WhatsUp Gold, and Hitachi Vantara products which have already seen active exploitation.…
Read More
Two US Army soldiers charged with selling military secrets to China
Summary: Three U.S. Army soldiers are accused of stealing classified military materials and selling them to contacts in China. The charges include conspiracy to commit bribery, theft of government property, and transmitting national defense information. This case is part of ongoing concerns about espionage at Joint Base Lewis-McChord, highlighted by previous similar prosecutions.…
Read More
Zero-Days Put Tens of 1,000s of Orgs at Risk for VM Escape Attacks
Summary: Three critical zero-day vulnerabilities in VMware products have been identified, exposing over 41,000 ESXi instances globally to potential virtual machine escapes. The vulnerabilities, disclosed by Broadcom, could allow attackers, once they gain administrator privileges, to breach the hypervisor and compromise other VMs. Organizations are urged to apply patches immediately to mitigate this serious security risk.…
Read More
GZR Observer Daily, Mar 7, 2025
The U.S. has introduced tariffs on Canadian goods, leading to retaliatory actions that may increase costs for 1.5 million customers in border states. This situation mirrors past global economic crises and highlights growing geopolitical tensions, trade wars, and implications for domestic industries. Affected: U.S. customers in border states, Canadian goods

Keypoints :

The U.S.…
Read More