Chinese
-
Blog
Australian IT Pros Urged to Guard Against Chinese Cybersecurity Threats
The Australian Signals Directorate and the Australian Cyber Security Centre have joined cybersecurity institutions from the U.S., Canada, and New Zealand in warning local technology professionals to beware of threat actors affiliated with China, including Salt Typhoon, infiltrating their critical communications infrastructure. The news comes weeks after the Australian Signals Directorate’s Annual Cyber Threat Report 2023-2024, where the agency warned…
Read More » -
Blog
New EagleMsgSpy Android spyware used by Chinese police, researchers say
A previously undocumented Android spyware called ‘EagleMsgSpy’ has been discovered and is believed to be used by law enforcement agencies in China to monitor mobile devices. According to a new report by Lookout, the spyware was developed by Wuhan Chinasoft Token Information Technology Co., Ltd. and has been operational since at least 2017. Lookout presents abundant evidence linking EagleMsgSpy to…
Read More » -
Blog
U.S. org suffered four month intrusion by Chinese hackers
A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. According to Symantec’s threat researchers, the operation appeared to focus on intelligence gathering, involving multiple compromised machines and targeting Exchange Servers, likely for email and data exfiltration. The researchers did not explicitly name…
Read More » -
Blog
Warning issued after Chinese hacker group breaches telco firms in “dozens of countries”
A senior national security adviser in the Biden Administration has warned that a Chinese state-sponsored hacking group has breached telecommunications firms in “dozens of countries”. Anne Neuberger, President Biden’s deputy national security adviser, said the campaign attributed to the threat actor known as Salt Typhoon is ongoing, and has breached at least eight US telcos, according to reporting in the…
Read More » -
Blog
Chinese hackers breached T-Mobile’s routers to scope out network
T-Mobile says the Chinese “Salt Typhoon” hackers who recently compromised its systems as part of a series of telecom breaches first hacked into some of its routers to explore ways to navigate laterally through the network. However, the company says its engineers blocked the threat actors before they could spread further on the network and access customer information. Also tracked…
Read More » -
Blog
Chinese hackers target Linux with new WolfsBane malware
A new Linux backdoor called ‘WolfsBane’ has been discovered, believed to be a port of Windows malware used by the Chinese ‘Gelsemium’ hacking group. ESET security researchers who analyzed WolfsBane report that WolfsBane is a complete malware tool featuring a dropper, launcher, and backdoor, while it also uses a modified open-source rootkit to evade detection. The researchers also discovered ‘FireWood,’ another…
Read More » -
Blog
Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Chinese threat actors use a custom post-exploitation toolkit named ‘DeepData’ to exploit a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client that steal credentials. The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device Volexity researchers report that they discovered this flaw earlier this summer and reported it to Fortinet, but…
Read More » -
Blog
US consumer protection agency bans employee mobile calls amid Chinese hack fears
The US Consumer Financial Protection Bureau (CFPB) has issued an urgent directive barring employees and contractors from using mobile phones for work-related calls, following a major breach in US telecommunications infrastructure attributed to Chinese-linked hackers. According to an internal memo, CFPB’s chief information officer advised staff to move sensitive discussions to secure platforms like Microsoft Teams and Cisco WebEx, reported…
Read More » -
Blog
Chinese hackers use Quad7 botnet to steal credentials
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. Quad7, also known as CovertNetwork-1658 or xlogin, is a botnet first discovered by security researcher Gi7w0rm that consists of compromised SOHO routers. Later reports by Sekoia and Team Cymru reported that the threat actors are targeting routers and networking devices from TP-Link,…
Read More » -
Blog
Sophos reveals 5-year battle with Chinese hackers attacking network devices
Sophos disclosed today a series of reports dubbed “Pacific Rim” that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos. For years, cybersecurity firms have warned enterprises that Chinese threat actors exploit flaws in edge networking devices to install custom malware that…
Read More »