Chinese Hackers | Breaking Cybersecurity News | The Hacker News

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad , a malware widely shared by Chinese state-sponsored actors. "FamousSparrow deployed two previously undocumented versions of the SparrowDoor backdoor, one of them modular," ESET said in a report shared with The Hacker News. "Both versions constitute considerable progress over previous ones and implement parallelization of commands." FamousSparrow was first documented by the Slovak cybersecurity company in September 2021 in connection with a series of cyber attacks aimed at hotels, governments, engineering companies, and law firms with SparrowDoor, an implant exclusively used by the group. Since then, there have been reports of the adversarial...

The China-linked advanced persistent threat (APT) group known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include governments, Catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place over a period of 10 months between January and October 2022, has been codenamed Operation FishMedley by ESET. "Operators used implants – such as ShadowPad, SodaMaster, and Spyder – that are common or exclusive to China-aligned threat actors," security researcher Matthieu Faou said in an analysis. Aquatic Panda , also called Bronze University, Charcoal Typhoon, Earth Lusca, and RedHotel, is a cyber espionage group from China that's known to be active since at least 2019. The Slovakian cybersecurity company is tracking the hacking crew under the name FishMonger. Sai...

Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model , exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity measures.  The Essence of Shared Responsibility  Think of cloud security like a well-maintained building: the property manager handles structural integrity and common areas, while tenants secure their individual units. Similarly, the shared responsibility model creates a clear division of security duties between cloud providers and their users. This partnership approach ensures comprehensive protection through clearly defined roles and responsibilities.  What Your Cloud Provider Handles  Microsoft maintains comprehensive responsibility for securing the foundational eleme...

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo , which is scheduled to kick off in Osaka, Japan, next month. The activity has been codenamed Operation AkaiRyū (Japanese for RedDragon). Active since at least 2019, MirrorFace is also referred to as Earth Kasha. It's assessed to be a subgroup within the APT10 umbrella. While known for its exclusive targeting of Japanese entities, the threat actor's attack on a European organization marks a departure from its typical victimology footprint. That's not all. The intrusion is also notable for deploying a heavily customized variant of AsyncRAT and ANEL (aka UPPERCUT), a backdoor previously linked to APT10. The use ...

The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun Information Technology Co. Ltd. (安洵信息技术有限公司) also known as i-Soon , and members of Advanced Persistent Threat 27 ( APT27 , aka Budworm, Bronze Union, Emissary Panda, Lucky Mouse, and Iron Tiger) - Wu Haibo (吴海波), Chief Executive Officer Chen Cheng (陈诚), Chief Operating Officer Wang Zhe (王哲), Sales Director Liang Guodong (梁国栋), Technical Staff Ma Li (马丽), Technical Staff Wang Yan (王堰), Technical Staff Xu Liang (徐梁), Technical Staff Zhou Weiwei (周伟伟), Technical Staff Wang Liyu (王立宇), MPS Officer Sheng Jing (盛晶), MPS Officer Yin Kecheng (尹可成), APT27 actor aka "YKC" Zhou Sh...

The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately," Acting Secretary Benjamine C. Huffman said in a January 20, 2025, memo. "Future committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS's strategic priorities." This includes members of the Cybersecurity and Infrastructure Security Agency's (CISA) Cyber Safety Review Board (CSRB), which last year issued a scathing report excoriating Microsoft for a "cascade" of avoidable errors that led to its infrastructure being abused by a China-based nation-st...