#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Winnti Hacking Group | Breaking Cybersecurity News | The Hacker News

Category — Winnti Hacking Group
Chinese 'Spyder Loader' Malware Spotted Targeting Organizations in Hong Kong

Chinese 'Spyder Loader' Malware Spotted Targeting Organizations in Hong Kong

Oct 18, 2022
The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed  Operation CuckooBees . Active since at least 2007,  Winnti  (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly aimed at stealing technology secrets from organizations in developed economies. The threat actor's campaigns have targeted healthcare, telecoms, high-tech, media, agriculture, and education sectors, with infection chains primarily relying on spear-phishing emails with attachments to initially break into the victims' networks. Earlier this May, Cybereason  disclosed  long-running attacks orchestrated by the group since 2019 to siphon intellectual property from technology and manufacturing companies mainly located in East Asia, Western Europe, and North America. The intrusions, clubb
Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Oct 22, 2019
Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily. Dubbed Skip-2.0 , the backdoor malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running MSSQL version 11 and version 12 by using a "magic password." What's more? The malware manages to remain undetected on the victim's MSSQL Server by disabling the compromised machine's logging functions, event publishing, and audit mechanisms every time the "magic password" is used. With these capabilities, an attacker can stealthily copy, modify, or delete the content stored in a database, the impact of which varies from application to application integrated with targeted servers. "This could be used, for example, to manipulate in-game currencies for financial gai
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Expert Insights / Articles Videos
Cybersecurity Resources