#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Chinese Hackers | Breaking Cybersecurity News | The Hacker News

Category — Chinese Hackers
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

Sep 11, 2024 Network Security / Hacking
The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French cybersecurity company Sekoia. "The Quad7 botnet operators appear to be evolving their toolset, introducing a new backdoor and exploring new protocols, with the aim of enhancing stealth and evading the tracking capabilities of their operational relay boxes (ORBs)," researchers Felix Aimé, Pierre-Antoine D., and Charles M. said .  Quad7, also called 7777, was first publicly documented by independent researcher Gi7w0rm in October 2023, highlighting the activity cluster's pattern of ensnaring TP-Link routers and Dahua digital video recorders (DVRs) into a botnet. The botnet, which gets its name from the fact it opens TCP port 7777 on compromised devices,
Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

Sep 09, 2024 Cyber Espionage / Malware
The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. "This threat actor used Visual Studio Code's embedded reverse shell feature to gain a foothold in target networks," Palo Alto Networks Unit 42 researcher Tom Fakterman said in a report, describing it as a "relatively new technique" that was first demonstrated in September 2023 by Truvis Thornton. The campaign is assessed to be a continuation of a previously documented attack activity aimed at an unnamed Southeast Asian government entity in late September 2023. Mustang Panda , also known by the names BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, and Red Lich, has been operational since 2012, routinely conducting cyber espionage campaigns targeting government and religious entities across Europe and Asia, particul
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Sep 09, 2024SaaS Security / Risk Management
Designed to be more than a one-time assessment— Wing Security's SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it's free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can't afford to overlook the constantly evolving risks in their SaaS ecosystems. New SaaS apps, shifting permissions, and emerging threats mean risks are always in motion. SaaS Pulse makes it easy to treat SaaS risk management as an ongoing practice, not just an occasional check-up. Security teams instantly get a real-time security "health" score, prioritized risks, contextualized threat insights, and the organization's app inventory—without setups or integrations. SaaS is a Moving Target SaaS stacks don't stand still. Business critical apps can easily slip into a state of vulnerability (i.e. supply chain attacks, account takeovers
New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

Sep 05, 2024 Cyber Attack / Malware
The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems. "KTLVdoor is a highly obfuscated malware that masquerades as different system utilities, allowing attackers to carry out a variety of tasks including file manipulation, command execution, and remote port scanning," Trend Micro researchers Cedric Pernet and Jaromir Horejsi said in an analysis published Wednesday. Some of the tools KTLVdoor impersonates include sshd, Java, SQLite, bash, and edr-agent, among others, with the malware distributed in the form of dynamic-link library (.dll) or a shared object (.so). Perhaps the most unusual aspect of the activity cluster is the discovery of more than 50 command-and-control (C&C) s
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

Aug 22, 2024 Network Security / Zero-Day
Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control over the compromised system, facilitating both data exfiltration and persistent access. "The zero-day exploit allows an attacker with valid administrator credentials to the Switch management console to escape the NX-OS command line interface (CLI) and execute arbitrary commands on the Linux underlying operating system," cybersecurity company Sygnia said in a report shared with The Hacker News. Velvet Ant first caught the attention of researchers at the Israeli cybersecurity company in connection with a multi-year campaign that targeted an unnamed organization located in Eas
APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

Aug 02, 2024 Cyber Espionage / Malware
A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike. It has been attributed with medium confidence to a prolific hacking group tracked as APT41 . "The ShadowPad malware used in the current campaign exploited an outdated vulnerable version of Microsoft Office IME binary as a loader to load the customized second-stage loader for launching the payload," security researchers Joey Chen, Ashley Shen, and Vitor Ventura said . "The threat actor compromised three hosts in the targeted environment and was able to exfiltrate some documents from the network." Cisco Talos said it discovered the activity in August 2023 after detecting what it described we
Expert Insights / Articles Videos
Cybersecurity Resources