APT40 – WindowsTechs.com

Russian hackers offered phony drone training to exploit WinRAR vulnerability

Posted on October 18, 2023 by AJ Vicens

Despite an August patch, Russian and Chinese state-backed hackers are using a vulnerability in the popular software to carry out espionage.

The post Russian hackers offered phony drone training to exploit WinRAR vulnerability appeared first on CyberScoop.

Continue reading Russian hackers offered phony drone training to exploit WinRAR vulnerability→

Chinese hackers zero in on Australian manufacturers, wind turbine operators

Posted on August 30, 2022 by AJ Vicens

The recently uncovered hacking activity is connected to a decade-old Chinese cyberespionage operation, researchers said.

The post Chinese hackers zero in on Australian manufacturers, wind turbine operators appeared first on CyberScoop.

Continue reading Chinese hackers zero in on Australian manufacturers, wind turbine operators→

Nations come together to condemn China: APT31 and APT40

Posted on July 20, 2021 by Gary Warner

On Monday (19JUL2021) President Biden announced that the US and its allies were joining together to condemn and expose that China was behind a set of unprecedented attacks exploiting vulnerabilities in Microsoft Exchange servers conducted earlier this… Continue reading Nations come together to condemn China: APT31 and APT40→

Twitter restricts account of Intrusion Truth, which doxxes suspected Chinese hackers

Posted on May 4, 2021 by Jeff Stone

Twitter on Tuesday moved to restrict the account of a mysterious group that has published details on suspected state-sponsored hackers from China. The group, Intrusion Truth, had spent recent days hinting that it would go public with new allegations against possible hackers, teasing followers with messages like “Watch this space” and “Who’s excited? We are.” The identity of the person or group behind Intrusion Truth has remained elusive since it started publishing information in 2017, including missives about how Chinese technology companies allegedly supported espionage on Beijing’s behalf. Intrusion Truth’s Twitter account suggested it would publish new information on Wednesday about “hackers based in Chengdu,” a city in southwestern China. Twitter, though, plastered a warning on the account, saying that the account was “temporarily restricted” because “there has been some unusual activity.” Users still could access the page at press time Tuesday, though they would need to click through to […]

The post Twitter restricts account of Intrusion Truth, which doxxes suspected Chinese hackers appeared first on CyberScoop.

Continue reading Twitter restricts account of Intrusion Truth, which doxxes suspected Chinese hackers→

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

Posted on September 25, 2020 by Lindsey O'Donnell

An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks. Continue reading Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks→

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

Posted on September 25, 2020 by Lindsey O'Donnell

Microsoft says it nixed China-linked hackers’ apps from Azure cloud

Posted on September 25, 2020 by Joe Warminsky

Security researchers at Microsoft say they upended a hacking campaign that used the company’s own Azure commercial cloud service as part of the command-and-control network for its malware. The hacking group — labeled Gadolinium by Microsoft and also known as APT40 — was hosting apps on the Azure Active Directory and using open source tools “to enhance weaponization of their malware payload, attempt to gain command and control all the way to the server, and to obfuscate detection,” the researchers said in a report published Thursday. APT40 has been linked to China’s government, and recent targets have reportedly included organizations in Taiwan and Malaysia. The typical goal is data exfiltration for espionage, according to researchers at FireEye, Kaspersky and other security companies. Microsoft’s report does not mention China by name, but notes that the hacking group has previously focused on the maritime and health industries. Beijing has denied in the past that […]

The post Microsoft says it nixed China-linked hackers’ apps from Azure cloud appeared first on CyberScoop.

Continue reading Microsoft says it nixed China-linked hackers’ apps from Azure cloud→

Taiwan accuses Chinese hackers of aggressive attacks on government agencies

Posted on August 19, 2020 by Sean Lyngaas

The Taiwanese government on Wednesday accused Chinese government-linked hackers of targeting 10 Taiwanese government agencies and 6,000 email accounts of officials in an escalation of Beijing’s long-running espionage on the island. Over the course of two years, Chinese hackers have infiltrated a variety of Taiwanese government offices in an effort to steal sensitive documents, Liu Chia-zung, an official in the Taiwan Investigation Bureau’s Cyber Security Investigation Office, said at a press conference. Liu conceded that with the breach of key IT infrastructure, at least some data may have been exposed. It is only the latest in a wave of suspected Chinese hacking campaigns to hit Taiwan, which China considers its territory. The Taiwanese semiconductor industry, a centerpiece of the global supply chain for smartphones, has also come under sustained assault from hackers that appear to be based in China, private researchers said earlier this month. And in May, Taiwan suggested that a broad […]

The post Taiwan accuses Chinese hackers of aggressive attacks on government agencies appeared first on CyberScoop.

Continue reading Taiwan accuses Chinese hackers of aggressive attacks on government agencies→

China-linked hackers have targeted Malaysian government, officials warn

Posted on February 6, 2020 by Sean Lyngaas

A hacking group that private researchers have linked with Chinese interests has successfully targeted Malaysian government officials in an apparent data-stealing espionage campaign, cybersecurity officials in the Southeast Asian nation said this week. The Malaysian Computer Emergency Response Team, a government-backed organization, said it had “observed an increase in [the] number of artifacts and victims involving a campaign against Malaysian government officials.” The hackers have tended to target government-backed projects in an effort to steal reams of data on proposal and shipping information, the Malaysian officials said. To do that, the attackers have exploited a pair of old vulnerabilities, one dating back to 2014, in Microsoft products to compromise their targets. The advisory did not explicitly name the hacking group responsible. But the data it cited, including private-sector reports, point to a state-sponsored group known as APT40 or Leviathan. Active since at least 2013, APT40 has conducted hacking operations in […]

The post China-linked hackers have targeted Malaysian government, officials warn appeared first on CyberScoop.

Continue reading China-linked hackers have targeted Malaysian government, officials warn→

Cyber Security Roundup for February 2020

Posted on February 2, 2020 by SecurityExpert

A roundup of UK focused cyber and information security news stories, blog posts, reports and threat intelligence from the previous calendar month, January 2020.After years of dither and delay the UK government finally nailed its colours to the mast, no… Continue reading Cyber Security Roundup for February 2020→