China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. “The attackers embedded malicious JavaScript in these Read more…

Data Exfiltration

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration Oct 02, 2024Ravie LakshmananCyber Espionage / Cloud Security A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in Read more…

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that’s being distributed as part of a new campaign. “In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs,” Read more…

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. “Deuterbear, while similar to Waterbear in many Read more…

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE’s Networked Experimentation, Research, and Virtualization Read more…

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, Read more…

China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale

China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale

China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely Read more…

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an “aggressive” campaign. Google-owned Mandiant is tracking the activity under its uncategorized moniker UNC5174 (aka Read more…