Category Archives: APT40

China-linked hackers have targeted Malaysian government, officials warn

Posted on by

A hacking group that private researchers have linked with Chinese interests has successfully targeted Malaysian government officials in an apparent data-stealing espionage campaign, cybersecurity officials in the Southeast Asian nation said this week. The Malaysian Computer Emergency Response Team, a government-backed organization, said it had “observed an increase in [the] number of artifacts and victims involving a campaign against Malaysian government officials.” The hackers have tended to target government-backed projects in an effort to steal reams of data on proposal and shipping information, the Malaysian officials said. To do that, the attackers have exploited a pair of old vulnerabilities, one dating back to 2014, in Microsoft products to compromise their targets. The advisory did not explicitly name the hacking group responsible. But the data it cited, including private-sector reports, point to a state-sponsored group known as APT40 or Leviathan. Active since at least 2013, APT40 has conducted hacking operations in […]

The post China-linked hackers have targeted Malaysian government, officials warn appeared first on CyberScoop.

Continue reading China-linked hackers have targeted Malaysian government, officials warn

Cyber Security Roundup for February 2020

Posted on by

A roundup of UK focused cyber and information security news stories, blog posts, reports and threat intelligence from the previous calendar month, January 2020.After years of dither and delay the UK government finally nailed its colours to the mast, no… Continue reading Cyber Security Roundup for February 2020

‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries

Posted on by

Malicious code first discovered nine years ago that has historically been used by groups associated with Chinese state-backed hacks has made a comeback, according to new research from Cisco’s Security and Intelligence Research Group, Talos. The hacking tool is web shell known as China Chopper. A web shell is a script that allows attackers to remotely access servers running web applications. This particular web shell has long been known to be an exploit that’s often impervious to being outed and detected. “China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth,” FireEye researchers wrote in 2013 in their blog on the matter. China Chopper’s code as historically been small, according to security researcher Keith Tyler, who wrote on the tool in 2012. That much appears to be the same now — Talos researchers note the most recent campaign has been “extremely simple,” containing just one […]

The post ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries appeared first on CyberScoop.

Continue reading ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries