Tag: CHINA

CISA: Treasury was only federal agency impacted by recent China breach
Summary: A recent breach by state-backed Chinese hackers primarily affected the U.S. Treasury Department, which was targeted for its sensitive information regarding potential sanctions. The Cybersecurity and Infrastructure Security Agency (CISA) is collaborating with the Treasury and BeyondTrust to address the incident’s implications.

Threat Actor: Chinese state-backed hackers | Chinese state-backed hackers Victim: U.S.…

Read More

Summary: A new Android spyware called “FireScam” masquerades as a fake Telegram Premium app to steal sensitive data from victims’ devices. This campaign highlights the evolving tactics of threat actors who exploit legitimate applications and services to distribute malware.

Threat Actor: Unknown | FireScam Victim: Individuals and organizations | Android users

Key Point :

FireScam uses a phishing site to deliver a malicious version of Telegram Premium.…
Read More

Summary: Chinese state-backed hackers known as Salt Typhoon have targeted multiple US telecom companies, raising concerns about cybersecurity in the sector. The Cybersecurity and Infrastructure Security Agency (CISA) is advising organizations to adopt stronger security measures in response to these breaches.

Threat Actor: Salt Typhoon | Salt Typhoon Victim: Charter Communications, Consolidated Communications, Windstream | Charter Communications, Consolidated Communications, Windstream

Key Point :

Salt Typhoon has previously targeted major telecom companies like AT&T and Verizon.…
Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed that a recent breach of the Treasury Department by Chinese state-sponsored hackers did not affect other federal agencies. The breach involved a compromised BeyondTrust instance, targeting specific offices to gather intelligence on potential sanctions.

Threat Actor: Chinese state-sponsored hackers | Chinese state-sponsored hackers Victim: U.S.…

Read More

Summary: A wave of breaches by the Chinese state-backed threat group Salt Typhoon has targeted multiple U.S. telecommunications firms, leading to unauthorized access to sensitive communications. The U.S. government is responding with proposed legislation and security measures to protect telecom infrastructure.

Threat Actor: Salt Typhoon | Salt Typhoon Victim: AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, Windstream | AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, Windstream

Key Point :

Salt Typhoon has breached several U.S.…
Read More

Victim: yoniot.cn Country : CN Actor: darkvault Source: http://mdhby62yvvg6sd5jmx5gsyucs7ynb5j45lvvdh4dsymg43puitu7tfid.onion//post/NzdhZDA1YWY0NTcwYTE4Yzk2ZWU3NT Discovered: 2025-01-06 14:00:22.402819 Published: 2025-01-06 13:59:13.864337

Description : 有,你物联”是一家专注于物联网科技、智能家居、智慧社区的软硬件研发与应用的国家高新技术企业。凭借在物联网领域深耕10余年的研发团队,不断自主研发,形成了以智慧社区、智能家居为一体的智慧系统解决方案。致力于让智能家居成为家庭的一员。

Ransomware Victims – ALL Other Victims by darkvault

Security Overview Victim Website: yoniot.cn Description: A platform focused on IoT technology, smart home solutions, and intelligent community systems. Industry: High-tech, specifically in the Internet of Things (IoT) and smart home sectors.…
Read More

Summary: Recent developments in cybersecurity reveal significant vulnerabilities in trusted software like browser extensions and voice assistants, exposing sensitive user data to malicious actors. This week’s focus highlights the ongoing risks associated with digital convenience and the importance of vigilance in online activities.

Threat Actor: Flax Typhoon (Chinese state-sponsored) | Flax Typhoon Victim: Cyberhaven | Cyberhaven

Key Point :

Dozens of Google Chrome extensions were found stealing sensitive data from 2.6 million devices.…
Read More

Summary: The U.S. has sanctioned the Chinese cybersecurity firm Integrity Technology Group for its involvement in facilitating cyberattacks by the state-sponsored hacking group Flax Typhoon, which targets critical infrastructure. The sanctions freeze the company’s U.S. assets and restrict financial interactions due to its ties with the Chinese government and its role in a botnet operation.…
Read More

Summary: The US Department of Treasury has sanctioned Integrity Technology Group Inc. for its involvement in cyber intrusions linked to the Chinese state-sponsored group Flax Typhoon, which has targeted US critical infrastructure. Additionally, the Treasury Department reported a breach in its own systems due to a third-party vendor, BeyondTrust, allowing data theft by Chinese threat actors.…
Read More

Summary: This week’s cybersecurity news roundup highlights significant incidents and vulnerabilities that have emerged, including data leaks, ransomware attacks, and hacking incidents involving major companies.

Threat Actor: Various | Various Victim: Volkswagen, Pittsburgh Regional Transit, Ford, NTT Docomo, US Treasury, and others | Volkswagen, Pittsburgh Regional Transit, Ford, NTT Docomo, US Treasury

Key Point :

Volkswagen experienced a data leak affecting 800,000 electric cars due to unsecured AWS storage.…
Read More

### #SaltTyphoon #CyberEspionage #OFACIncident

Summary: Chinese state-backed hackers have breached the Office of Foreign Assets Control (OFAC) in a significant cybersecurity incident, targeting U.S. economic sanctions programs. The attackers, linked to the group “Salt Typhoon,” have also compromised multiple U.S. telecom firms, raising concerns about national security and communication interception.…

Read More

### #DataProtection #NationalSecurity #ForeignInterference

Summary: The U.S. Department of Justice has implemented a final rule to prevent the mass transfer of citizens’ personal data to countries deemed as national security threats. This initiative aims to protect sensitive information from being exploited by adversarial nations.

Threat Actor: Countries of concern | countries of concern Victim: U.S.…

Read More

### #APTThreats #SupplyChainSecurity #RemoteAccessExploitation

Summary: The U.S. Treasury Department experienced a significant cybersecurity breach attributed to suspected Chinese threat actors, enabling remote access to unclassified documents. This incident highlights vulnerabilities in third-party software services and the ongoing threat posed by state-sponsored actors.

Threat Actor: Chinese APT | Chinese APT Victim: U.S.…

Read More

### #DigitalDefense #ThreatIntelligence #CyberAwareness

Summary: This week’s cybersecurity update highlights significant threats and vulnerabilities impacting various sectors, emphasizing the need for vigilance and proactive measures to safeguard digital environments. Key developments include high-severity flaws, emerging malware, and notable cybercrime incidents involving threat actors.

Threat Actor: TraderTraitor | TraderTraitor Victim: DMM Bitcoin | DMM Bitcoin

Key Point :

High-severity PAN-OS flaw could lead to denial-of-service attacks on vulnerable devices.…
Read More

### #APTThreats #GovernmentCybersecurity #SupplyChainExploitation

Summary: The U.S. Department of the Treasury has reported a significant cybersecurity breach involving unauthorized access to sensitive information through a third-party software vulnerability. This incident, linked to a state-sponsored threat actor from China, highlights critical concerns regarding the security of government systems.…

Read More