#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Chinese Hacker | Breaking Cybersecurity News | The Hacker News

Category — Chinese Hacker
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Sep 28, 2023 Malware / Cyber Threat
Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as  Budworm  using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team, part of Broadcom,  said  in a report shared with The Hacker News. Budworm , also referred to by the names APT27, Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, and Red Phoenix, is known to be active since at least 2013, targeting a wide range of industry verticals in pursuit of its intelligence gathering goals.  The nation-state group leverages various tools such as China Chopper web shell, Gh0st RAT, HyperBro, PlugX, SysUpdate, and ZXShell to exfiltrate high-value information and maintain access to sensitive systems over a long period of time. A previous report from SecureWorks in
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

Sep 19, 2023 Endpoint Security / Malware
The China-linked threat actor known as  Earth Lusca  has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was  first documented  by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on spear-phishing and watering hole attacks to pull off its cyber espionage schemes. Some activities of the group overlap with another threat cluster tracked by Recorded Future under the name  RedHotel . The latest findings from the cybersecurity firm show that Earth Lusca continues to be an active group, even expanding its operations to target organizations across the world during the first half of 2023. Primary targets include government departments that are involved in foreign affairs, technology, and telecommunications. The attacks are concentrated in Southeast Asia, Central Asia, and the
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign

Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign

Sep 12, 2023 Critical Infrastructure Security
A threat actor called  Redfly  has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as  ShadowPad . "The attackers managed to steal credentials and compromise multiple computers on the organization's network," the Symantec Threat Hunter Team, part of Broadcom,  said  in a report shared with The Hacker News. "The attack is the latest in a series of espionage intrusions against [critical national infrastructure] targets." ShadowPad, also known as PoisonPlug, is a follow-up to the PlugX remote access trojan and is a modular implant capable of loading additional plugins dynamically from a remote server as required to harvest sensitive data from breached networks. It has been  widely used  by a growing list of  China-nexus   nation-state groups  since at least 2019 in attacks aimed at organizations in various industry verticals. "ShadowPad is dec
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

Apr 20, 2023 Cyber Attack / Malware
Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as  Daggerfly , and which is also monitored by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of "previously unseen plugins from the MgBot malware framework," the cybersecurity company  said  in a report shared with The Hacker News. "The attackers were also seen using a  PlugX loader  and abusing the legitimate AnyDesk remote desktop software." Daggerfly's use of the  MgBot loader  (aka BLame or MgmBot) was  spotlighted  by Malwarebytes in July 2020 as part of phishing attacks aimed at Indian government personnel and individuals in Hong Kong. According to a profile published by Secureworks, the threat actor uses spear-phishing as an initial infection vector to drop MgBot as well as othe
Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack

Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack

Sep 04, 2021
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China. In mid-July, the Texas-based company  remedied  a remote code execution flaw ( CVE-2021-35211 ) that was rooted in Serv-U's implementation of the Secure Shell (SSH) protocol, which could be abused by attackers to run arbitrary code on the infected system, including the ability to install malicious programs and view, change, or delete sensitive data. "The Serv-U SSH server is subject to a pre-auth remote code execution vulnerability that can be easily and reliably exploited in the default configuration," Microsoft Offensive Research and Security Engineering team said in a  detailed write-up  describing the exploit. "An attacker can exploit this vulnerability by connecting to the open SSH port and sendin
Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus

Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus

Aug 04, 2021
An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020. The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called " Webdav-O " that was detected in the intrusions, with the cybersecurity firm observing similarities between the tool and that of popular Trojan called " BlueTraveller ," that's known to be connected to a Chinese threat group called TaskMasters and deployed in malicious activities with the aim of espionage and plundering confidential documents. "Chinese APTs are one of the most numerous and aggressive hacker communities," researchers Anastasia Tikhonova and Dmitry Kupin  said . "Hackers mostly target state agencies, industrial facilities, military contractors, and research institutes. The main objective is espionage: attackers gain access to confidential data
Expert Insights / Articles Videos
Cybersecurity Resources