Pierluigi Paganini
June 26, 2023
China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon, using a novel tradecraft to gain initial access to target networks. The Volt Typhoon group has been active since at least mid-2021 […]
Pierluigi Paganini
June 15, 2023
Experts linked the UNC4841 threat actor behind the attacks exploiting the recently patched Barracuda ESG zero-day to China. Mandiant researchers linked the threat actor UNC4841 to the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China. “Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset […]
Pierluigi Paganini
May 25, 2023
A China-linked APT group, tracked as Volt Typhoon, breached critical infrastructure organizations in the U.S. and Guam without being detected. China-linked APT cyber espionage group Volt Typhoon infiltrated critical infrastructure organizations in the U.S. and Guam without being detected. The group managed to maintain access without being detected for as long as possible. According to […]
Pierluigi Paganini
May 22, 2023
The Chinese government announced the ban on the products made by the US memory chip giant Micron Technology over national security concerns. The Cyberspace Administration of China announced the ban on products made by US memory chip giant Micron Technology over security concerns. The ban is related to the use of company products in key […]
Pierluigi Paganini
April 26, 2023
China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group  (aka GALLIUM, Softcell) targeting Linux systems with a new variant of PingPull backdoor. While investigating the activity of the group, the […]
Pierluigi Paganini
March 30, 2023
Exatrack researchers warn of an unknown China-linked hacking group that has been linked to a new Linux malware, dubbed MĂ©lofĂ©e. Cybersecurity researchers from ExaTrack recently discovered a previously undetected malware family, dubbed MĂ©lofĂ©e, targeting Linux servers. The researchers linked with high-confidence this malware to China-linked APT groups, in particular the Winnti group. The MĂ©lofĂ©e malware includes a […]
Pierluigi Paganini
March 24, 2023
Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. According to the researchers, the activity is part of the Operation Soft Cell that was first […]
Pierluigi Paganini
March 09, 2023
Alleged China-linked threat actors infected unpatched SonicWall Secure Mobile Access (SMA) appliances with a custom backdoor. Mandiant researchers reported that alleged China-linked threat actors, tracked as UNC4540, deployed custom malware on a SonicWall SMA appliance. The malware allows attackers to steal user credentials, achieve persistence through firmware upgrades, and provides shell access. The analysis of a […]
Pierluigi Paganini
March 08, 2023
China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework. CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia. The state-sponsored hackers used a new version of the SoulSearcher loader, which eventually loads a new […]
Pierluigi Paganini
March 03, 2023
China-Linked Mustang Panda APT employed MQsTTang backdoor as part of an ongoing campaign targeting European entities. China-linked Mustang Panda APT group has been observed using a new backdoor, called MQsTTang, in attacks aimed at European entities. The hacking campaign began in January 2023, ESET researchers pointed out that the custom backdoor MQsTTang is not based on existing families […]
Security / September 09, 2025
Malware / September 09, 2025
