Chinese Hackers | Breaking Cybersecurity News | The Hacker News

A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state. According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a grain of rice, has been found hidden in the servers used by nearly 30 American companies, including Apple and Amazon. The malicious chips, which were not part of the original server motherboards designed by the U.S-based company Super Micro, had been inserted during the manufacturing process in China. The report, based on a 3-year-long top-secret investigation in the United States, claims that the Chinese government-affiliated groups managed to infiltrate the supply chain to install tiny surveillance chips to motherboards which ended up in servers deployed by U.S. military, U.S. intelligence agencies, and many U.S. companies like Apple and Amazon. "Apple made its discovery of suspi

A highly popular top-tier app in Apple's Mac App Store that's designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China. What's more concerning? Even after Apple was warned a month ago, the company did not take any action against the app. The app in question is "Adware Doctor," the Mac App Store No. 1 paid utility and also ranked as the fourth most popular paid app on the store, which sells for $4.99 and markets itself to be the "best app" to prevent "malware and malicious files from infecting your Mac." However, a security researcher with the @privacyis1st Twitter handle detected Adware Doctor's suspicious spyware-like behavior almost a month ago and also uploaded a proof-of-concept video demonstration of how the user's browser history is exfiltrated. The researcher informed Apple about

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers from Kaspersky Labs, who have attributed these attacks to a Chinese-speaking threat actor group called LuckyMouse . LuckyMouse, also known as Iron Tiger, EmissaryPanda, APT 27 and Threat Group-3390, is the same group of Chinese hackers who was found targeting Asian countries with Bitcoin mining malware early this year. The group has been active since at least 2010 and was behind many previous attack campaigns resulting in the theft of massive amounts of data from the directors and managers of US-based defense contractors. This time the group chose a national data center as its target from an unnamed country in Central Asia in an attempt to gain "access to a wide range of government

A years ago when the mysterious hacking group ' The Shadow Brokers ' dumped a massive trove of sensitive data stolen from the US intelligence agency NSA, everyone started looking for secret hacking tools and zero-day exploits . A group of Hungarian security researchers from CrySyS Lab and Ukatemi has now revealed that the NSA dump doesn't just contain zero-day exploits used to take control of targeted systems , but also include a collection of scripts and scanning tools the agency uses to track operations of hackers from other countries. According to a report published today by the Intercept, NSA's specialized team known as Territorial Dispute (TeDi) developed some scripts and scanning tools that help the agency to detect other nation-state hackers on the targeted machines it infects. NSA hackers used these tools to scan targeted systems for 'indicators of compromise' (IoC) in order to protect its own operations from getting exposed, as well as to fin

Security researchers have discovered a custom-built piece of malware that's wreaking havoc in Asia for past several months and is capable of performing nasty tasks, like password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems. Dubbed Operation PZChao , the attack campaign discovered by the security researchers at Bitdefender have been targeting organizations in the government, technology, education, and telecommunications sectors in Asia and the United States. Researchers believe nature, infrastructure, and payloads, including variants of the Gh0stRAT trojan, used in the PZChao attacks are reminiscent of the notorious Chinese hacker group— Iron Tiger . However, this campaign has evolved its payloads to drop trojan, conduct cyber espionage and mine Bitcoin cryptocurrency. The PZChao campaign is attacking targets across Asia and the U.S. by using similar attack tactics as of Iron Tiger, which, according to the researchers, si