Chinese Hackers | Breaking Cybersecurity News | The Hacker News

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name  Billbug , citing the use of tools previously attributed to this actor. The activity appears to be driven by espionage and data-theft, although no data is said to have been stolen to date. Billbug , also called Bronze Elgin, Lotus Blossom, Lotus Panda,  Spring Dragon , and  Thrip , is an advanced persistent threat (APT) group that is believed to operate on behalf of Chinese interests. Primary targets include government and military organizations in South East Asia. Attacks mounted by the adversary in 2019 involved the use of backdoors like  Hannotog and Sagerunex , with the intrusions observed in Hong Kong, Macau, Indonesia, Malaysia, the Philippines, and Vietnam.

Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of  APT41 , a prolific Chinese advanced persistent threat (APT). Cybersecurity firm Trend Micro, which  christened  the espionage crew  Earth Longzhi , said the actor's long-running campaign can be split into two based on the toolset deployed to attack its victims. The first wave from May 2020 to February 2021 is said to have targeted government, infrastructure, and healthcare industries in Taiwan and the banking sector in China, whereas the succeeding set of intrusions from August 2021 to June 2022 infiltrated high-profile victims in Ukraine and several countries in Asia. This included defense, aviation, insurance, and urban development industries in Taiwan, China, Thailand, Malaysia, Indonesia, Pakistan, and Ukraine. The victimology patterns and the targeted sectors overlap with attacks mounted by a distinct subordinate group of  APT41

The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations, and think-tanks in Japan, according to  twin   reports  published by Kaspersky. Stone Panda , also called  APT10 , Bronze Riverside, Cicada, and Potassium, is a cyber  espionage group  known for its intrusions against organizations identified as strategically significant to China. The threat actor is believed to have been active since at least 2009. The group has also been linked to attacks using malware families like SigLoader, SodaMaster , and a web shell called Jackpot against multiple Japanese domestic organizations since April 2021, per cybersecurity firm Trend Micro, which is tracking the group under the name Earth Tengshe . The latest set of attacks, observed between March and June 2022, involve the use of a bogus Microsoft Word fi

An advanced persistent threat (APT) group of Chinese origin codenamed  DiceyF  has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to  Earth Berberoka  (aka  GamblingPuppet ) and  DRBControl , citing tactical and targeting similarities as well as the abuse of secure messaging clients. "Possibly we have a mix of espionage and [intellectual property] theft, but the true motivations remain a mystery," researchers Kurt Baumgartner and Georgy Kucherin  said  in a technical write-up published this week. The starting point of the investigation was in November 2021 when Kaspersky said it detected multiple  PlugX loaders  and other payloads that were deployed via an employee monitoring service and a security package deployment service. The initial infection method – the distribution of the framework through security solution packages

The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed  Operation CuckooBees . Active since at least 2007,  Winnti  (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly aimed at stealing technology secrets from organizations in developed economies. The threat actor's campaigns have targeted healthcare, telecoms, high-tech, media, agriculture, and education sectors, with infection chains primarily relying on spear-phishing emails with attachments to initially break into the victims' networks. Earlier this May, Cybereason  disclosed  long-running attacks orchestrated by the group since 2019 to siphon intellectual property from technology and manufacturing companies mainly located in East Asia, Western Europe, and North America. The intrusions, clubb