Tag: CHINA

Crims Backdoored Their Backdoors. Then the Domains Lapsed
Summary: Researchers from watchTowr Labs have uncovered over 4,000 unique backdoors utilizing expired domains, exposing government and academic hosts to potential hijacking by malicious actors. This study highlights the risks associated with abandoned infrastructure and the ease with which attackers can exploit these vulnerabilities.

Threat Actor: Criminals exploiting backdoors | criminals exploiting backdoors Victim: Government and academic institutions | government and academic institutions

Key Point :

WatchTowr Labs identified over 4,000 compromised systems, including government and educational institutions.…
Read More
How Nation-State Actors and Organized Hackers Engage in Cyber Attacks
The article explores the merging tactics of nation-state actors and organized cybercriminals, highlighting their shared methods and objectives in the evolving cyber threat landscape. It emphasizes the implications for global cybersecurity as both groups increasingly adopt similar strategies. Affected: Russia’s APT28, China’s APT10, Volt Typhoon, APT29, APT33, Lazarus Group, REvil, DarkSide, BianLian

Keypoints :

The distinction between nation-state actors and organized cybercriminals is becoming less clear.…
Read More
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
Summary: A variant of the Mirai botnet, dubbed “gayfemboy,” is exploiting a newly disclosed vulnerability in Four-Faith industrial routers to conduct DDoS attacks, leveraging over 20 known security flaws and weak credentials. This botnet has been active since February 2024 and targets various entities globally, with significant activity noted in late 2024.…
Read More
AT&T, Verizon say they evicted Salt Typhoon from their networks | Cybersecurity Dive
Summary: AT&T and Verizon have successfully evicted the China-sponsored threat group Salt Typhoon from their networks, asserting that their systems are now secure. Both companies have confirmed containment of the cyber incident and are cooperating with federal officials in ongoing investigations.

Threat Actor: Salt Typhoon | Salt Typhoon Victim: AT&T and Verizon | AT&T and Verizon

Key Point :

AT&T and Verizon reported no current activity from nation-state actors in their networks.…
Read More
Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban
Summary: The US Department of Defense has designated Tencent as a Chinese military business, restricting its ability to supply technology or services to the federal government. This decision follows sanctions against a cybersecurity company linked to cyber-intrusions targeting US critical infrastructure.

Threat Actor: US Department of Defense | US Department of Defense Victim: Tencent | Tencent

Key Point :

Tencent’s shares dropped nearly 10% following the announcement, resulting in significant financial losses.…
Read More
New Mirai botnet targets industrial routers with zero-day exploits
Summary: A new Mirai-based botnet has emerged, utilizing zero-day exploits to target vulnerabilities in industrial routers and smart home devices, significantly increasing its sophistication and attack capabilities.

Threat Actor: Unknown | Mirai-based botnet Victim: Various | industrial routers and smart home devices

Key Point :

The botnet exploits over 20 vulnerabilities, including the zero-day CVE-2024-12856 in Four-Faith routers.…
Read More
Chinese Tech Companies Tencent, CATL and Others Protest US Listings as Army-Linked Companies
Summary: The U.S. Defense Department has added multiple Chinese companies, including Tencent, SenseTime, and CATL, to its list of companies linked to China’s military, prompting protests and legal actions from the affected firms. This designation restricts U.S. defense procurement from these companies starting June 2026, as part of broader efforts to limit technology sharing deemed a national security threat.…
Read More
Chinese Hackers Double Cyber-Attacks on Taiwan
Summary: In 2024, Taiwanese government networks faced an alarming rise in cyber-attacks, averaging 2.4 million daily, primarily attributed to Chinese state-backed hackers. This marks a significant escalation from the previous year’s figures, highlighting the intensifying cyber threat landscape in the region.

Threat Actor: Chinese state-backed hackers | Chinese state-backed hackers Victim: Taiwanese government networks | Taiwanese government networks

Key Point :

Daily cyber-attacks on Taiwan’s government networks doubled from 1.2 million in 2023 to 2.4 million in 2024.…
Read More
Chinese Hackers Breach Marcos,’ Office: Philippine Government Downplay Severity of Cyberattack
Threat Actor: APT41 | APT41 Victim: Office of the President (OPS) | Office of the President (OPS) Price: Not disclosed Exfiltrated Data Type: Military documents, diplomatic communicationsKey Points : Chinese state-sponsored hackers breached sensitive systems at the Office of the President under Ferdinand “Bongbong” Marcos Jr.…
Read More
State-aligned APT groups are increasingly deploying ransomware – and that’s bad news for everyone
Summary: The distinction between cybercrime and state-sponsored attacks is increasingly blurred, with state actors employing ransomware for both financial gain and as a cover for espionage. This shift poses significant challenges for IT and security leaders in mitigating risks and responding to attacks.

Threat Actor: North Korean and Iranian groups | North Korean and Iranian groups Victim: Aerospace and defense organizations | aerospace and defense organizations

Key Point :

State-sponsored hackers are increasingly using ransomware as a revenue-generating tool.…
Read More
Gayfemboy: A Zombie Network Spreading via 4G Industrial Router 0DAY
The article discusses the evolution of the Gayfemboy botnet, which has transformed from a basic Mirai variant into a sophisticated threat utilizing multiple vulnerabilities, including 0day exploits. It highlights the botnet’s growth, its active presence, and the aggressive tactics employed by its developers. Affected Platform: Mirai, Four-Faith Industrial Router, Neterbit Router, Vimar Smart Home Device

Keypoints :

Gayfemboy botnet was first discovered in February 2024.…
Read More
Washington Attorney General Sues T-Mobile Over 2021 Data Breach
Summary: Washington State Attorney General Bob Ferguson has filed a lawsuit against T-Mobile over a significant data breach in 2021 that compromised the personal information of millions. The lawsuit claims T-Mobile failed to implement adequate security measures and misled customers about the breach’s severity.

Threat Actor: John Binns | John Binns Victim: T-Mobile | T-Mobile

Key Point :

The 2021 breach affected over 76.6 million individuals, including more than 2 million Washington residents.…
Read More
Ministry of Foreign Affairs: China Strongly Opposes U.S. Claims of “Chinese Hacker Attacks” and Sanctions; National Cybersecurity Center Discovers a Batch of Malicious Foreign Websites and IPs
This article discusses various cybersecurity incidents and responses, including China’s opposition to U.S. sanctions regarding alleged hacking, the discovery of malicious URLs and IPs targeting China, vulnerabilities in BeyondTrust systems, and the emergence of a phishing plugin for WordPress. Affected Platform: China, United States, WordPress

Keypoints :

China’s Foreign Ministry condemns U.S.…
Read More
CISA: No Federal Agency Beyond Treasury Impacted by BeyondTrust Incident
Summary: The US cybersecurity agency CISA reported that the recent cybersecurity incident involving a BeyondTrust service primarily affected the Department of the Treasury, with no other federal agencies impacted. The attack, attributed to Chinese state-sponsored hackers, exploited a compromised API key, leading to unauthorized access to Treasury workstations and documents.…
Read More

In an increasingly complex digital landscape, the emergence of various types of malware continues to be a significant concern for internet users. One such malware that has recently captured widespread attention is EAGERBEE. Known for its sophisticated capabilities, EAGERBEE has become a hot topic among researchers and cybersecurity professionals alike.…

Read More
China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks
Summary: The U.S. Treasury has sanctioned the Beijing-based cybersecurity firm Integrity Technology Group for its alleged involvement in hacking incidents targeting critical U.S. infrastructure, prompting a strong denial and condemnation from China. Chinese officials assert that the U.S. is misrepresenting the situation to defame China while also reporting cyberattacks on its own networks.…
Read More
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing
Summary: Recent cyber attacks attributed to Chinese state-sponsored threat actors have targeted the U.S. Treasury Department and Taiwanese entities, raising concerns over national security and critical infrastructure. The attacks involve sophisticated techniques, including exploiting vulnerabilities and disinformation campaigns, highlighting the escalating cyber threat landscape.

Threat Actor: Chinese state-sponsored threat actors | Chinese state-sponsored threat actors Victim: U.S.…

Read More