Pierluigi Paganini
September 21, 2022
The U.S. Federal Communications Commission (FCC) has added more Chinese telecom firms to the Covered List. The U.S. Federal Communications Commission (FCC) has added Pacific Network Corp, ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the Covered List. The Covered List, published by Public Safety and Homeland Security Bureau published, included products and […]
Pierluigi Paganini
September 14, 2022
China-linked SparklingGoblin APT was spotted using a Linux variant of a backdoor known as SideWalk against a Hong Kong university. Researchers from ESET discovered a Linux variant of the SideWalk backdoor, which is a custom implant used by the China-linked SparklingGoblin APT group. The SparklingGoblin APT is believed to be a group that operated under […]
Pierluigi Paganini
September 10, 2022
China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government officials in Europe, the Middle East, and South America with the PlugX malware. Attacks part of this campaign were spotted […]
Pierluigi Paganini
August 31, 2022
Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South China Sea. Proofpoint’s Threat Research Team uncovered a cyber espionage campaign targeting entities across the world that was orchestrated by a China-linked threat actor. The campaign aimed at entities in Australia, Malaysia, and Europe, as […]
Pierluigi Paganini
August 17, 2022
A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed a long-running mass credential theft campaign to a Chinese nation-state actor tracked RedAlpha. The campaign targeted global humanitarian, think tank, and government organizations. Experts believe RedAlpha is a group of contractors conducting cyber-espionage activity on behalf of […]
Pierluigi Paganini
August 04, 2022
Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy Pelosi. Major Taiwan government websites were temporarily forced offline by distributed denial of service (DDoS) attacks attacks during the visit to Taipei of US House Speaker Nancy Pelosi. The cyber attacks forced offline the government […]
Pierluigi Paganini
August 03, 2022
Researchers spotted a Chinese threat actors using a new offensive framework called Manjusaka which is similar to Cobalt Strike. Talos researchers observed a Chinese threat actor using a new offensive framework called Manjusaka (which can be translated to “cow flower” from the Simplified Chinese writing) that is similar to Sliver and Cobalt Strike tools. The […]
Pierluigi Paganini
July 20, 2022
The Minister for Foreign Affairs of Belgium blames multiple China-linked threat actors for attacks against The country’s defense and interior ministries. The Minister for Foreign Affairs of Belgium revealed that multiple China-linked APT groups targeted the country’s defense and interior ministries. “Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the […]
Pierluigi Paganini
June 26, 2022
China-linked APT Bronze Starlight is deploying post-intrusion ransomware families as a diversionary action to its cyber espionage operations. Researchers from Secureworks reported that a China-linked APT group, tracked as Bronze Starlight (APT10), is deploying post-intrusion ransomware families to cover up the cyber espionage operations. The experts observed an activity cluster involving post-intrusion ransomware such as […]
Pierluigi Paganini
June 17, 2022
China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040, in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating. The vulnerability was exploited by […]
