Collaborate Disseminate
Chinese state-backed threat actors APT10 have been hacking Japanese businesses for at least a year.
The post Japanese Orgs Hacked ‘by China’ in Long, Widespread Campaign appeared first on Security Boulevard.
Continue reading Japanese Orgs Hacked ‘by China’ in Long, Widespread Campaign
A Chinese government-linked hacking group whose operatives have been indicted by the U.S. and sanctioned by the European Union is suspected in a year-long effort to steal sensitive data from numerous Japanese companies and their subsidiaries, security researchers said Tuesday. The attackers, known as APT10 or Cicada, have been burrowing into the networks of companies in the automotive, pharmaceutical and engineering sectors, according to researchers from antivirus provider Symantec. They have sometimes lingered for months before trying to extract data and have targeted domain controllers, the servers that act as gatekeepers for organizations’ network traffic. While Symantec did not identify specific targets, the company said many of the organizations have links to Japan, or Japanese companies. China and Japan are, respectively, the second and third biggest economies in the world. The two Asian countries have long had territorial disputes, and Japanese organizations have been a frequent target of alleged Chinese cyber-espionage. […]
The post Symantec implicates APT10 in sweeping hacking campaign against Japanese firms appeared first on CyberScoop.
Continue reading Symantec implicates APT10 in sweeping hacking campaign against Japanese firms
The European Union has sanctioned six people and three organizations in Russia, China and North Korea in connection with three major cyberattacks dating back to 2017. EU officials announced Thursday they would enact restrictive measures against the people it deemed responsible for the WannaCry ransomware outbreak in 2017, the NotPetya campaign and Operation Cloud Hopper, a Chinese cyber-espionage effort. Penalties include a travel ban, asset freeze and prohibit people and organizations in the EU from “making funds available” to the sanctioned individuals and entities. The move follows previous U.S. allegations against many of the same parties. “Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool,” officials said in a statement. The sanctions name unit 74455 of Russia’s […]
The post EU sanctions Russian intelligence, Chinese nationals and a North Korean front company for alleged hacks appeared first on CyberScoop.
The FlowCloud modular remote-access trojan (RAT) has overlaps with the LookBack malware. Continue reading Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool
The U.S. government has indicted four Chinese citizens, accusing them of a hack of Equifax that leaked more than 150 million people’s data.
The post 2017 Equifax Hack: ‘It was the Chinese Army,’ Alleges DoJ appeared first on Security Boulevard.
Continue reading 2017 Equifax Hack: ‘It was the Chinese Army,’ Alleges DoJ
Malicious code first discovered nine years ago that has historically been used by groups associated with Chinese state-backed hacks has made a comeback, according to new research from Cisco’s Security and Intelligence Research Group, Talos. The hacking tool is web shell known as China Chopper. A web shell is a script that allows attackers to remotely access servers running web applications. This particular web shell has long been known to be an exploit that’s often impervious to being outed and detected. “China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth,” FireEye researchers wrote in 2013 in their blog on the matter. China Chopper’s code as historically been small, according to security researcher Keith Tyler, who wrote on the tool in 2012. That much appears to be the same now — Talos researchers note the most recent campaign has been “extremely simple,” containing just one […]
The post ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries appeared first on CyberScoop.
Continue reading ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries
After China’s cancer rate surged in recent years, Chinese authorities went looking for an answer to the problem. They appear to have found a useful tool in the country’s cyber capabilities. Over the last two years, Chinese government-linked hackers have targeted organizations involved in cancer research on multiple occasions, cybersecurity company FireEye said in a report published Wednesday. In at least one case, more than one group has gone after the same organization — evidence of a relentless pursuit of research data. “It makes sense when you look at the larger context that China’s operating in,” said Luke McNamara, principal analyst at FireEye, referring to the cancer scourge in China and the resulting social costs. In one incident in April, Chinese hackers targeted a U.S.-based cancer research organization with a malware-laced document referencing a conference the organization hosted. A year earlier, the newly-named Chinese hacking outfit APT41 spearphished employees of […]
The post Chinese spies have their sights on cancer research appeared first on CyberScoop.
Continue reading Chinese spies have their sights on cancer research
Keep Patching!June 2019 was another very busy month for security update releases. Microsoft released updates to patch 22 critical rated vulnerabilities, Intel released 11 fixes, and there were also several critical security updates for Apple Airport, A… Continue reading Cyber Security Roundup for June 2019
New campaigns also show modified versions of known payloads. Continue reading Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders
An elite Chinese government-linked hacking group known for allegedly stealing reams of data from U.S. organizations has been actively targeting entities in the Philippines, according to new research first shared with CyberScoop. During the month of April, the APT10 hacking group, which U.S. officials have tied to China’s civilian intelligence agency, has been using two new malicious software variants to deliver its payloads against targets in the Philippines, according to analysts from endpoint security firm enSilo. It is unclear what the goal of the targeting is, or who the victims are, enSilo researchers said. “Both the loader variants and their various payloads that we analyzed share similar tactics, techniques, and procedures, and code associated with APT10,” the firm wrote in research published Friday. The burst of activity could be a short-lived attack or a test run for a future campaign. But the researchers are trying to warn potential victims about changes in the […]
The post Chinese-linked APT10 has been active in the Philippines, researchers say appeared first on CyberScoop.
Continue reading Chinese-linked APT10 has been active in the Philippines, researchers say