#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Chinese Hackers | Breaking Cybersecurity News | The Hacker News

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

Mar 24, 2023 Cyber Attack / Hacking
A recent campaign undertaken by  Earth Preta  indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The  threat actor , active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. Attack chains mounted by the group commence with a spear-phishing email to deploy a wide range of tools for backdoor access, command-and-control (C2), and data exfiltration. These messages come bearing with malicious lure archives distributed via Dropbox or Google Drive links that employ DLL side-loading, LNK shortcut files, and fake file extensions as arrival vectors to obtain a foothold and drop backdoors like  TONEINS, TONESHELL, PUBLOAD , and  MQsTTang  (aka QMAGENT). Similar infection chains utilizing Google Drive links have been observed  delivering Cobalt Strike  as early as April 2021. "Earth Preta tends to hide malicious payloads
Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

Mar 18, 2023 Network Security / Cyber Espionage
The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet  FortiOS  operating system has been linked to a suspected Chinese hacking group. American cybersecurity company Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments. The Google-owned threat intelligence and incident response firm is tracking the malicious operation under its uncategorized moniker UNC3886 , describing it as a China-nexus threat actor. "UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns," Mandiant researchers  said  in a technical analysis. "UNC3886 has been observed targeting firewall and virtualization technologies which lack EDR support. Their ability to manipulate firewall firmware and exploit a zero-da
cyber security

external linkTraditional App Security is No Longer Enough

websitewww.nonamesecurity.comAPI Security
When it comes to ensuring the security of your APIs, there are four critical capabilities.
Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments

Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments

Mar 08, 2023 Advanced Persistent Threat
High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains observed in 2021. Israeli cybersecurity company Check Point  said  the "long-running" activities have historically singled out countries such as Vietnam, Thailand, and Indonesia. Sharp Panda was  first documented  by the firm in June 2021, describing it as a "highly-organized operation that placed significant effort into remaining under the radar." The use of the Soul backdoor in real-world attacks was first  detailed  by Broadcom's Symantec in October 2021 in connection to an unattributed espionage operation targeting defense, healthcare, and ICT sectors in Southeast Asia. The implant's origins, according to  research  published by Fo
Chinese Hackers Targeting European Entities with New MQsTTang Backdoor

Chinese Hackers Targeting European Entities with New MQsTTang Backdoor

Mar 03, 2023 Threat Intelligence / Cyber Attack
The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called  MQsTTang  as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly available projects," ESET researcher Alexandre Côté Cyr  said  in a new report. Attack chains orchestrated by the group have stepped up targeting of European entities in the wake of  Russia's full-scale invasion of Ukraine  last year. The victimology of the current activity is unclear, but the Slovak cybersecurity company said the decoy filenames are in line with the group's previous campaigns that target European political organizations. That said, ESET also observed attacks against unknown entities in Bulgaria and Australia, as well as a governmental institution in Taiwan, indicating a broader focus on Europe and Asia. Mustang Panda has a  history  of using
Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

Jan 18, 2023 Cyber Espionage / Cyber Risk
The threat actor known as  BackdoorDiplomacy  has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its  constellation-themed  moniker  Playful Taurus , said it observed the government domains attempting to connect to malware infrastructure previously identified as associated with the adversary. Also known by the names APT15, KeChang, NICKEL, and Vixen Panda, the Chinese APT group has a history of cyber espionage campaigns aimed at government and diplomatic entities across North America, South America, Africa, and the Middle East at least since 2010. Slovak cybersecurity firm ESET, in June 2021,  unpacked  the intrusions mounted by the hacking crew against diplomatic entities and telecommunication companies in Africa and the Middle East using a custom implant known as Turian. Then in December 2021, Microsoft  announced  the seizure of 42 domains operated
Cybersecurity Resources