Search results for Chinese hackers | Breaking Cybersecurity News | The Hacker News

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name  Blackwood . It's said to be active since at least 2018. The NSPX30 implant has been observed deployed via the update mechanisms of known software such as Tencent QQ, WPS Office, and Sogou Pinyin, with the attacks targeting Chinese and Japanese manufacturing, trading, and engineering companies as well as individuals located in China, Japan, and the U.K. "NSPX30 is a multistage implant that includes several components such as a dropper, an installer, loaders, an orchestrator, and a backdoor," security researcher Facundo Muñoz  said . "Both of the latter two have their own sets of plugins." "The implant was designed around the attackers

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks," the cybersecurity agency said. Over the past 12 months, the victims were identified through sources such as Shodan , the Common Vulnerabilities and Exposure ( CVE ) database, and the National Vulnerabilities Database (NVD), exploiting the public release of a vulnerability to pick vulnerable targets and further their motives. By compromising legitimate websites and leveraging spear-phishing emails with malicious links pointing to attacker-owned sites in order to gain initial access, the Chinese

The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," Cisco Talos  said  in a new report detailing the group's evolving modus operandi. The group is known to have targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access. Phishing messages attributed to the campaign contain malicious lures masquerading as official European Union reports on the ongoing conflict in Ukraine or Ukrainian government reports, both of which download malware onto compromised machines. Also observed are phishing messages tailored to ta

Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs are essentially units of measurement used to quantify the time and effort professionals spend on maintaining and enhancing skills and knowledge in the field of cybersecurity, and they act as points that demonstrate a commitment to staying current. CPEs are best understood in terms of other professions: just like medical, legal and even CPA certifications require continuing education to stay up-to-date on advancements and industry changes, cybersecurity professionals need CPEs to stay informed about the latest hacking tactics and defense strategies. CPE credits are crucial for maintaining certifications issued by various cybersecurity credentialing organizations, such as (ISC)², ISACA, and C

The White House acknowledged Monday that one of its computer networks was hit by a cyber attack, but said there was no breach of any classified systems and no indication any data was lost. Including systems used by the military for nuclear commands were breached by Chinese hackers. A conservative newspaper that has been regularly critical of the Obama administration, called The Washington Free Beacon, first published the report on Sunday and said that the attackers were linked to the Chinese government. One official said the cyber breach was one of Beijing's most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks. Disclosure of the cyber attack also comes amid heightened tensions in Asia, as the Pentagon moved two U.S. aircraft carrier strike groups and Marine amphibious units near waters by Japan's Senkaku islands. The official called the incident a " spear-phishing " a

Chinese hackers suspected in compromise of Australian PM 's computer The parliamentary computers of Prime Minister Julia Gillard and at least two other senior ministers are suspected of being hacked. Ms Gillard's parliamentary computer, along with those of several cabinet ministers including Foreign Minister Kevin Rudd and Defence Minister Stephen Smith were believed to have been compromised, News Ltd newspapers report. Thousands of emails are believed to have been accessed in the cyber attacks. Advertisement: Story continues below Four Australian government sources confirmed with the newspapers they had been told Chinese intelligence agencies were part of a list of suspected hackers. US intelligence officials alerted their Australian counterparts and News Ltd believes ASIO has started an investigation. The cyber attacks are believed to be on the Australian Parliament House email network, the less secure of two networks used by MPs. Ministers use a departmental network for more

An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020. The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called " Webdav-O " that was detected in the intrusions, with the cybersecurity firm observing similarities between the tool and that of popular Trojan called " BlueTraveller ," that's known to be connected to a Chinese threat group called TaskMasters and deployed in malicious activities with the aim of espionage and plundering confidential documents. "Chinese APTs are one of the most numerous and aggressive hacker communities," researchers Anastasia Tikhonova and Dmitry Kupin  said . "Hackers mostly target state agencies, industrial facilities, military contractors, and research institutes. The main objective is espionage: attackers gain access to confidential data

Hackers took control of two satellites for few minutes According to a US report recently claimed that hackers had managed to interfere with two military satellites, but one expert argues the amount of energy required would be too great for ordinary hackers. The hackers took control of the Landsat-7 and Terra AM-1 satellites for a grand total of 12 minutes and two minutes respectively. One might hope that the communications satellites suspended in orbit above the earth might be one component of the planet's technology infrastructure that is safely out of harm's way. But as satellite communications enthusiast Paul Marsh explained at the London Security B-Sides event in April, there are reasons to doubt the reports. He spoke about a similar story, reported in the late 1990s, about hackers supposedly accessing UK military satellite communications network SkyNet and 'nudging' one satellite out of synch. Whether Chinese hackers have that capability now is just one more matter of specu

A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called  SugarGh0st RAT . The activity, which commenced no later than August 2023, leverages two different infection sequences to deliver the malware, which is a customized variant of  Gh0st RAT  (aka Farfli). It comes with features to "facilitate the remote administration tasks as directed by the C2 and modified communication protocol based on the similarity of the command structure and the strings used in the code," Cisco Talos researchers Ashley Shen and Chetan Raghuprasad  said . The attacks commence with a phishing email bearing decoy documents, opening which activates a multi-stage process that leads to the deployment of SugarGh0st RAT. The decoy documents are incorporated within a heavily obfuscated JavaScript dropper that's contained within a Windows Shortcut file embed

Update: ' Hack The Pentagon ' has opened registration for its pilot bug bounty program of $150,000 for hackers in return for the vulnerabilities they find in its public facing websites. The Defense Department has enlisted the bug bounty startup HackerOne to manage the pilot program. Interested hackers can Register Now to participate in the Bug Bounty program. The United States Department of Defense (DoD) has the plan to boost their internal and network security by announcing what it calls "the first cyber Bug Bounty Program in the history of the federal government," officially inviting hackers to take up the challenge. Dubbed " Hack the Pentagon ," the bug bounty program invites the hackers and security researchers only from the United States to target its networks as well as the public faced websites which are registered under DoD. The bug bounty program will begin in April 2016, and the participants could win money (cash rewards)

According to the report from Bloomberg, In 2009, the FBI told Coca-Cola executives that hackers had broken into their computer systems, when a malicious link was emailed to a senior executive, but never revealed the incident. Hackers were able to spend a month operating undetected, logging commercially sensitive information. " Hackers had broken into the company's computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. " Bloomberg said . Coca-Cola, the world's largest soft-drink maker, has never publicly disclosed the loss of the Huiyuan information, despite its potential effect on the deal. Although the report claimed state-sponsored actors were involved, experts interviewed by the news wire said the attack had all the hallmarks of Comment a prolific Chinese hacking group. Recent

Samsung has been surrounded by a lot of controversies since the past few years, but that has not influenced its productivity. But this report has raised a few eyebrows... Samsung's mobile payment system company, LoopPay , was hacked back in March this year, just a month after Samsung bought it to help make Samsung Pay a reality. Samsung acquired LoopPay for more than $250 Million in February this year, and a group of Chinese Hackers were able to access LoopPay computer systems in March. The most worrisome part is – the hack was discovered 5 months later in August . Hackers were After Technology; Not Money or Sensitive Data The hackers, believed to be from a group called ' Codoso Group ' or ' Sunshock Group ,' were after the company's Magnetic Secure Transmission (MST) Technology . The group injected LoopPay's computer network with a hidden sophisticated attack in March, but the investigation kicked off when LoopPay learned of

A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. "In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations," Recorded Future  disclosed  in a new report.  A lesser-known threat actor, RedAlpha was first  documented  by Citizen Lab in January 2018 and has a history of conducting cyber espionage and surveillance operations directed against the Tibetan community, some in India, to facilitate intelligence collection through the deployment of the NjRAT backdoor . "The campaigns [...] combine light reconnaissance, selective targeting, and diverse malicious tooling," Recorded Future  noted  at the time. Since then, malicious activities undertaken by the group have involved weaponizing as many as 350 domains that spoof leg

Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018. "The attack has a complex and complete arsenal of droppers, backdoors and other tools involving Chinoxy backdoor, PcShare RAT and FunnyDream backdoor binaries, with forensic artefacts pointing towards a sophisticated Chinese actor," Bitdefender said in a new analysis shared with The Hacker News. It's worth noting that the  FunnyDream  campaign has been previously linked to high-profile government entities in Malaysia, Taiwan, and the Philippines, with a majority of victims located in Vietnam. According to the researchers, not only around 200 machines exhibited attack indicators associated with the campaign, evidence points to the fact the threat actor may have compromised  domain controllers  on the victim's network, allowing them to mo

The brand new Android smartphone launched by Google just a few months back has been hacked by Chinese hackers just in less than a minute. Yes, the Google's latest Pixel smartphone has been hacked by a team white-hat hackers from Qihoo 360, besides at the 2016 PwnFest hacking competition in Seoul. The Qihoo 360 team demonstrated a proof-of-concept exploit that used a zero-day vulnerability in order to achieve remote code execution (RCE) on the target smartphone. The exploit then launched the Google Play Store on the Pixel smartphone before opening Google Chrome and displaying a web page that read "Pwned By 360 Alpha Team," the Reg media reports . Qihoo 360 won $120,000 cash prize for hacking the Pixel. Google will now work to patch the vulnerability. Besides the Google Pixel, Microsoft Edge running under Windows 10 was also hacked in PwnFest hacking competition. The Qihoo 360 team also hacked Adobe Flash with a combination of a decade-old, use-after-free

Amid heightened  border tensions  between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector. "10 distinct Indian power sector organizations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure," Recorded Future  said  in a report published yesterday. "Other targets identified included 2 Indian seaports." Chief among the victims include a power plant run by National Thermal Power Corporation (NTPC) Limited and New Delhi-based Power

The recent hacking of the Central Bureau of Investigation's (CBI) website by a group called the 'Pakistani Cyber Army' has raised concerns about the security measures of servers maintained by the National Informatics Centre (NIC). The NIC is responsible for government server maintenance. While the NIC remains silent on the issue, sources in the security establishment suggest that the NIC's safety mechanisms were inadequate. Several reminders had been sent to NIC, urging them to upgrade their hardware. The CBI's official website was hacked on the night of December 3rd to 4th. The CBI has registered a case against unknown individuals in connection with the hacking. A report titled "Shadows in the Cloud" by a Canadian think-tank, comprising the "Information Warfare Monitor" and "Shadows Server," earlier this year indicated evidence of a cyber-espionage network. This network compromised government, business, and academic computer systems

Researchers have uncovered a Chinese cyber-espionage against the United States ahead of the trade summit on Thursday between US President Donald Trump and China's President Xi Jinping. According to a new report published today by Fidelis Cybersecurity firm, the Chinese APT10 hacking group implanted a piece of malware on the "Events" page of the US National Foreign Trade Council (NFTC) website in February. Dubbed ' Operation TradeSecret ,' the attack against the NFTC site is seen as an attempt to conduct surveillance on the main industry players and lobbyists closely associated with U.S trade policy activities. Researchers say hackers placed a malicious link on the NFTC website, inviting the organization's board of directors to register for a meeting in Washington DC on March 7. But clicking on the link deployed a spying tool called " Scanbox ." Dates back to 2014, Scanbox – previously used by nation-state threat actors associated with the

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile. The intrusions involved the exploitation of  CVE-2022-1040  and  CVE-2022-30190  (aka "Follina"), two remote code execution vulnerabilities in Sophos Firewall and Microsoft Office, respectively. "This willingness to rapidly incorporate new techniques and methods of initial access contrasts with the group's continued use of well known and reported capabilities, such as the Royal Road RTF weaponizer, and often lax infrastructure procurement tendencies," Recorded Future  said  in a new technical analysis. TA413, also known as LuckyCat, has been linked to rel

A total of 35,000 websites on the Chinese mainland were attacked by hackers in 2010, including 4,635 government websites, according to the Internet security report released by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) on March 9. The report shows that the IP addresses of 5 million domestic host computers were infected with a trojan horse or corpse virus. According to the report, government websites are vulnerable to hacker attacks and websites of financial institutions have become the main targets of hackers. According to the monitoring by the CNCERT/CC, 35,000 websites on Chinese mainland were victims of hackers in 2010, a decrease of 22 percent from 2009. Of them, however, 4,635 were government websites, an increase of 68 percent from a year earlier. Around 60 percent of ministerial-level websites have potential security risks to various degrees. "Hackers use two main means to attack government websites. One means i