Summary: CeranaKeeper, a newly identified threat actor, has been linked to a series of data exfiltration attacks targeting governmental institutions in Southeast Asia, particularly in Thailand. The group employs sophisticated …
Tag: CHINA
Summary: A report by Sekoia’s Threat Detection & Research team reveals a sophisticated cyber threat involving two malware variants, GobRAT and Bulbature, targeting edge devices globally, particularly linked to Chinese …
Since mid-2023, the Sekoia Threat Detection & Research team has been investigating a sophisticated cyber attack infrastructure that utilizes compromised edge devices as Operational Relay Boxes (ORBs). This …
Short Summary:
ESET researchers have identified a new China-aligned threat actor named CeranaKeeper, which has been targeting governmental institutions in Thailand since 2023. This group utilizes advanced techniques and tools, …
Summary: In 2024, the Iran-linked threat group Handala has gained attention for its cyber activities, including a breach of Vidisco security scanners and a mass text campaign targeting Israeli citizens. …
Short Summary:
Symantec’s Threat Hunter Team has identified ongoing financially motivated attacks by the North Korean Stonefly group against U.S. organizations. Despite an indictment and a reward for information, the …
Summary: A critical vulnerability known as KartLANPwn (CVE-2024-45200) has been discovered in Mario Kart 8 Deluxe, allowing potential remote code execution during multiplayer sessions. The flaw, found in Nintendo’s Pia …
Summary: Recent analyses reveal that the Patchwork APT group has initiated a sophisticated cyber campaign utilizing a new backdoor called “Nexe” to target Chinese entities, employing advanced evasion tactics. This …
The Gorilla Botnet, a new botnet family, emerged in September 2024, launching over 300,000 DDoS attack commands across 113 countries, with China and the U.S. being the most …
Short Summary:
This report discusses a series of cyberattacks attributed to the 8220 Gang, targeting Oracle WebLogic servers through the exploitation of critical vulnerabilities. The attackers deployed various malware, including …
Summary: An advanced threat actor known as SloppyLemming, with ties to India, is utilizing various cloud services for credential harvesting and malware delivery, primarily targeting government and law enforcement entities …
Summary: Recent cyber espionage campaigns linked to China have targeted U.S. internet service providers, with the Salt Typhoon operation focusing on intelligence gathering and potential disruptions. Investigations are ongoing to …
Short Summary:
The article discusses the Polyfill supply chain attack, where threat actors compromised popular open-source polyfill projects by injecting malicious JavaScript code. This led to users being redirected to …
In March 2024, Elastic Security Labs uncovered a sophisticated Linux malware campaign targeting vulnerable servers. The attackers exploited an Apache2 web server to gain initial access and deployed …
The Patchwork APT group has launched a sophisticated campaign targeting Chinese entities and Bhutan, utilizing a malicious LNK file to initiate infections. The campaign employs DLL sideloading techniques …
Cloudforce One has investigated an advanced threat actor known as SloppyLemming, who employs multiple cloud service providers for credential harvesting, malware delivery, and command and control operations. This …
DLL Hijacking is a technique that exploits legitimate applications to execute malicious code. This write-up provides an overview of DLL Hijacking, its purpose, and the various documented instances …
Short Summary:
The article discusses the activities of IT workers operating on behalf of North Korea, specifically focusing on their tactics to gain employment in Western companies. These workers use …
Threat Actor: Unknown | unknown Victim: China Natural Gas Group | China Natural Gas Group Price: Available for sale on dark web Exfiltrated Data Type: Personal information, ID cards
Key …
Summary: Song Wu, a Chinese national, has been charged in the US for wire fraud and identity theft after allegedly leading a multi-year spearphishing campaign to steal proprietary software from …
[Law] Law enforcement op disrupts a massive botnet that infected over 200K network devices worldwide
Summary: The FBI has successfully taken control of a botnet operated by the Chinese state-backed hacking group Flax Typhoon, which targeted critical infrastructure in the US and abroad. This botnet, …
Summary: Researchers from Lumen’s Black Lotus Labs have identified a new botnet named Raptor Train, primarily composed of compromised SOHO and IoT devices, believed to be controlled by the China-linked …
Victim: rccauto.com Country : CN Actor: ElDorado Source: Discovered: 2024-09-19 19:55:23.458979 Published: 2024-09-19 19:55:20.203478 Description : RCC Auto is an automotive company specializing in high-quality aftermarket parts and accessories. They …
Short Summary:
Earth Baxia, a threat actor likely based in China, has targeted government organizations in Taiwan and other APAC countries using spear-phishing and exploiting the GeoServer vulnerability CVE-2024-36401. The …
Summary: Broadcom has released critical updates to address a severe security vulnerability in VMware vCenter Server that could allow remote code execution. The flaws, identified as CVE-2024-38812 and CVE-2024-38813, were …
Threat Actor: Unknown | unknown Victim: Major Chinese Oil Company | Major Chinese Oil Company Price: Not disclosed Exfiltrated Data Type: Personal and corporate information
Key Points :
A threat…Victim: Chernan Technology Country : CN Actor: orca Source: http://orca66hwnpciepupe5626k2ib6dds6zizjwuuashz67usjps2wehz4id.onion/r/AOSAJmxbeylOjkrruiRMveWykVfaMJhQ8wYEv+C3zcLkbMl5qcsaVusyRjrSKPqJ1QIrY3LNBLyTXtmUPpCvENTN0RhN1RJ/1 Discovered: 2024-09-18 13:00:34.104943 Published: 2024-09-18 13:00:33.130379 Description : Chernan Technology Co. Ltd. was founded on April 10th, 1984, as a …
Summary: A Chinese national, Wu Song, has been indicted for a phishing campaign targeting U.S. academics and engineers to steal software developed for NASA, which could have military applications. The …
In mid-2023, Black Lotus Labs uncovered a significant botnet named “Raptor Train,” believed to be operated by the Chinese threat actors known as Flax Typhoon. This botnet has …
Victim: miit.gov.cn Country : CN Actor: killsec Source: http://kill432ltnkqvaqntbalnsgojqqs2wz4lhnamrqjg66tq6fuvcztilyd.onion/post/m7f29d2WwLid6sGwx0RE2aXwz Discovered: 2024-09-17 21:40:00.232846 Published: 2024-09-17 21:39:59.791377 Description : The Ministry of Industry and Information Technology (MIIT) is the sixth-ranked executive department …
Victim: natcoglobal.com Country : US Actor: cactus Source: https://cactusbloguuodvqjmnzlwetjlpj6aggc6iocwhuupb47laukux7ckid.onion/posts/NATCO Discovered: 2024-09-17 17:00:21.012603 Published: 2024-09-17 09:10:48.901000 Description :
Business Services
“Founded in 1991, North American Textile Company, LLC (NATco) is a …
Notified by: ymh Date: Mon, 15 Jun 2015 06:59:58 +0000 URL: http://www.luqiaodj.gov.cn/tong/new.asp Country: China Sector: Government – This sector encompasses various governmental departments and agencies responsible for public administration and …
Summary: Strider Technologies, a strategic intelligence startup, has raised $55 million in Series C funding to enhance its AI-driven intelligence services, particularly for government and international sectors. The investment aims …
Summary: The U.K. government has officially designated data centers as critical national infrastructure to enhance their security against cyber threats, particularly in light of increasing reliance on cloud computing and …
Summary: A Mandiant report highlights the escalating cyber threats faced by Mexico, driven by a mix of global espionage and local cybercrime targeting various sectors. The report reveals that nation-state …
Summary: A congressional examination revealed that China installed unauthorized cellular modems in ship-to-shore cranes, creating significant security vulnerabilities in U.S. port operations. The report highlights concerns over the integrity of …
Summary: Cisco Talos has revealed a new threat actor named “DragonRank,” which primarily targets web application services in Asia and Europe to manipulate search engine rankings through the deployment of …
Summary: India is enhancing its cybersecurity measures to protect its growing space capabilities, particularly following the successful Chandrayaan-3 lunar mission. The Indian Space Research Organization emphasizes the need for robust …
Short Summary:
GlorySec is a rising hacktivist group known for targeting governments and institutions they view as corrupt, particularly in Russia and Venezuela. They operate primarily through Telegram, sharing details …
Summary: Two Romanian nationals have been sentenced in Australia for their roles in an ATM shimming scam that defrauded victims of $36,000. The criminals used devices to capture ATM card …
Threat Actor: RipperSec | RipperSec Threat Actor: NoName057(16) | NoName057(16) Victim: Taiwanese Government Websites | Taiwanese Government Websites Price: Not specified Exfiltrated Data Type: Not applicable (DDoS attacks do not …
Summary: Cybercriminals are exploiting large language models (LLMs) to execute sophisticated attacks, including jailbreaking and data poisoning, which pose significant risks to enterprises. Effective protection against these threats requires a …
Short Summary:
Cisco Talos has identified a new cyber threat named “DragonRank,” which targets web application services primarily in Asia and parts of Europe. This threat utilizes the PlugX and …
Short Summary:
The cyber threat landscape in Mexico is characterized by a mix of global and local threats, including cyber espionage from state-sponsored actors and increasing incidents of ransomware and …
Victim: www.avf-biomedical.com Country : CN Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/4215ba13-b6b6-4fce-9012-b3ef16112c3f/ Discovered: 2024-09-09 20:40:07.387378 Published: 2024-09-09 15:04:52.000000 Description : AVF Biomedical is a company specializing in innovative medical technologies and solutions. They …
Short Summary:
The ToneShell backdoor, linked to Mustang Panda, targets government organizations in Southeast and East Asia for cyber espionage. Recently, it has been associated with an attack aimed at …
Threat Actor: Unknown | unknown Victim: Dingding Talk | Dingding Talk Price: For Sale (exact price not disclosed) Exfiltrated Data Type: User Information
Key Points :
Threat actor leaked a…Short Summary:
Certain versions of WeChat contain a type confusion vulnerability (CVE-2023-3420) that allows remote code execution. Although patched in the V8 engine, the WeChat Webview component remains vulnerable. Cisco …
Summary: CISA has identified three critical vulnerabilities in its KEV catalog, emphasizing their active exploitation and urging immediate patching by organizations. Notably, vulnerabilities in Draytek routers and Kingsoft WPS Office …