Collaborate Disseminate
Researchers with Symantec said the group that it has tracked for years has recently targeted government networks in the U.S. and Middle East.
The post Chinese-linked hackers targeted U.S. state legislature, researchers say appeared first on CyberScoop.
Continue reading Chinese-linked hackers targeted U.S. state legislature, researchers say
Suspected spies using similar tools and tactics to a Chinese government-connected hacking group compromised nine organizations in the defense, education, energy and health care industries across the globe beginning in September, according to new research. The hackers were “indiscriminate” in targeting that included parts of the U.S. Defense Department, according to Palo Alto Networks, which published its findings on Sunday with an assist from the National Security Agency’s Cybersecurity Collaboration Center. That center primarily works with defense contractors to collect and share threat information. At least one of the victims was a U.S. organization, Palo Alto Networks said, but didn’t name the nine compromised entities. The company “believes that the actor’s primary goal involved gaining persistent access to the network and the gathering and exfiltration of sensitive documents from the compromised organization.” The research comes on the heels of a Sept. 16 warning from the Department of Homeland Security’s Cybersecurity […]
The post Hackers with Chinese links breach defense, energy targets, including one in US appeared first on CyberScoop.
Continue reading Hackers with Chinese links breach defense, energy targets, including one in US
Suspected Chinese spies masqueraded as Iranian hackers in a two-year campaign to break into government and telecommunication networks in Israel, security firm FireEye said Tuesday. The alleged Chinese intruders used a hacking tool previously associated with Iranian operatives, and embedded some of their malicious code with Farsi, the predominant language in Iran. It was part of a broader campaign to gather intelligence at organizations in other Middle East and Central Asian countries that has continued this year, according to FireEye. The findings show how spies plant digital evidence in an effort to throw off investigators in the high-stakes world of espionage. The revelations come amid a period of heightened scrutiny of Chinese cyber activity: The U.S. and its European allies in July condemned China’s alleged exploitation of Microsoft software and said that it enabled ransomware attacks. John Hultquist, vice president of threat intelligence at Mandiant FireEye, said the targeting at […]
The post Chinese hackers posed as Iranians to breach Israeli targets, FireEye says appeared first on CyberScoop.
Continue reading Chinese hackers posed as Iranians to breach Israeli targets, FireEye says
Critical vulnerabilities in Microsoft software have turned into a feeding frenzy for state-linked hackers. At least 10 such hacking groups have exploited the flaws in the Exchange Server email program in recent days in operations around the world, anti-virus firm ESET said Wednesday. Many of the groups have well-documented links to China. The surge in hacking suggests multiple sets of espionage groups had access to the software exploit before Microsoft released fixes for it on March 2. It also compounds the challenges facing incident responders who are rushing to deal with the breaches, and bracing for additional exploitation of the bugs by criminal hackers. “It is still unclear how the distribution of the exploit happened, but it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later,” ESET researchers wrote in a blog post Wednesday. The intrusions by advanced persistent threat […]
The post At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns appeared first on CyberScoop.
Continue reading At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns
Critical vulnerabilities in Microsoft software have turned into a feeding frenzy for state-linked hackers. At least 10 such hacking groups have exploited the flaws in the Exchange Server email program in recent days in operations around the world, anti-virus firm ESET said Wednesday. Many of the groups have well-documented links to China. The surge in hacking suggests multiple sets of espionage groups had access to the software exploit before Microsoft released fixes for it on March 2. It also compounds the challenges facing incident responders who are rushing to deal with the breaches, and bracing for additional exploitation of the bugs by criminal hackers. “It is still unclear how the distribution of the exploit happened, but it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later,” ESET researchers wrote in a blog post Wednesday. The intrusions by advanced persistent threat […]
The post At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns appeared first on CyberScoop.
Continue reading At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, January 2021.
Throughout January further details about the scale and sophistication of SolarWinds suspe… Continue reading Cyber Security Roundup for February 2021
Researchers say a recent attack targeting videogaming developers has ‘strong links’ to the infamous APT27 threat group. Continue reading Major Gaming Companies Hit with Ransomware Linked to APT27
A maxim of cybersecurity holds that hackers will exert just enough resources to compromise a network or avoid detection. Why deploy new, top-shelf tools when you can just refashion old ones? The strategy on full display in research on a Chinese government-linked hacking group that Dell Technologies’ SecureWorks published Wednesday. The hackers — categorized as an advanced persistent threat by researchers and usually labeled APT27 or Bronze Union — dusted off and upgraded a couple of long-available digital weapons to carry out intrusions in 2018, the report said. “The threat actors have access to a wide range of tools, so they can operate flexibly and select tools appropriate for intrusion challenges,” the research says. One remote access trojan (RAT) was developed over a decade ago, but Bronze Union added a packet redirection tool and digital certificates signed by two Chinese technology companies before deploying it last year, according to the research. The […]
The post Inside a Chinese APT’s very flexible playbook appeared first on CyberScoop.
Continue reading Inside a Chinese APT’s very flexible playbook
A Chinese hacking group broke into a national data center in Mongolia late last year in an expansive cyber-espionage campaign that allowed the attackers to quietly plant malware into government websites, according to a new research report by Kaspersky Lab and supplemental analysis provided to CyberScoop. According to Kaspersky’s latest research, a known Chinese hacking group used watering hole-style attacks and spear phishing emails to breach specific employees of the Mongolian data center. After gaining individual access, they leveraged those accounts to gain additional control over the facility’s infrastructure. The episode began around October 2017. It was discovered by Kaspersky in March 2018. The Chinese speaking group that’s responsible is widely linked to Beijing. It’s tracked by the cybersecurity community under different names, including APT27, EmissaryPanda, IronPanda and LuckyMouse. They’ve been known to also target U.S. defense contractors. The Kaspersky report does not list Mongolia as the victim, but instead […]
The post This Chinese hacking group pwned a bunch of Mongolian government sites appeared first on Cyberscoop.
Continue reading This Chinese hacking group pwned a bunch of Mongolian government sites