PHP backdoor looks to be work of Chinese-linked APT group

Known as Glutton, researchers at QiAnXin’s XLab believe Winnti is responsible for the malware.

The post PHP backdoor looks to be work of Chinese-linked APT group appeared first on CyberScoop.

Continue reading PHP backdoor looks to be work of Chinese-linked APT group

Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns

Chinese government-backed hacking team caught breaking into organizations in shipping, logistics and automotive sectors in Europe and Asia.
The post Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns appeared first… Continue reading Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns

Leaked documents show how firm supports Chinese hacking operations

Documents that appear to belong to the offensive security firm I-SOON provide a rare window into the world of Beijing’s hackers for hire.

The post Leaked documents show how firm supports Chinese hacking operations appeared first on CyberScoop.

Continue reading Leaked documents show how firm supports Chinese hacking operations

Stealthy hacks show advancements in China’s cyberespionage operations, researchers say

Hacker groups linked to China have demonstrated the growing ability to infiltrate systems and remain hidden while they steal data.

The post Stealthy hacks show advancements in China’s cyberespionage operations, researchers say appeared first on CyberScoop.

Continue reading Stealthy hacks show advancements in China’s cyberespionage operations, researchers say

Suspected Chinese hackers masqueraded as Indian government to send COVID-19 phishing emails

An increasingly active Chinese government-linked hacking group impersonated Indian government agencies with phishing lures related to COVID-19 statistics and tax legislation, researchers say. It was the continuation of a campaign that dates to the earliest days of the pandemic, Blackberry said in a blog post Tuesday. The company tied together several threads of operations by APT41, a joint cyber-espionage and cybercrime organization that investigators have repeatedly tied to Beijing and that Blackberry said was responsible for the India-themed phishing lures. The permutation targeting India preyed on the same fears that hacking groups began seizing on in after the coronavirus outbreak. BlackBerry on Monday didn’t answer questions about the timeframe in which APT41 sent the India-themed lures, what its possible motives were and what industries the emails targeted. “The image we uncovered was that of a state-sponsored campaign that plays on people’s hopes for a swift end to the pandemic as […]

The post Suspected Chinese hackers masqueraded as Indian government to send COVID-19 phishing emails appeared first on CyberScoop.

Continue reading Suspected Chinese hackers masqueraded as Indian government to send COVID-19 phishing emails

Suspected Chinese hackers return with unusual attacks on domestic gambling companies

It’s rare for Chinese hackers to turn their gaze inward on domestic companies. But a well-known group appears to have been targeting online gambling firms in China with new malware. The malware, which Trend Micro dubbed BIOPASS RAT, goes after Chinese gambling companies with a watering hole attack, where hackers try to infect websites commonly used by its targets. “Notably, a large number of features were implemented to target and steal the private data of popular web browsers and instant messengers that are primarily used in Mainland China,” Trend Micro said in a report on Friday. Digital clues that Trend Micro identified point to the Chinese hacking outfit the Winnti Group as a culprit. Its activity overlaps with that of the Chinese government hackers known as APT41, such that it’s sometimes mentioned as a second name for the group. That’s a joint cybercrime and espionage organization of hackers whose goals […]

The post Suspected Chinese hackers return with unusual attacks on domestic gambling companies appeared first on CyberScoop.

Continue reading Suspected Chinese hackers return with unusual attacks on domestic gambling companies

Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says

A suspected Chinese state-sponsored group is targeting telecommunications organizations in Taiwan, Nepal and the Philippines, researchers at Recorded Future’s Insikt Group said in a report Thursday. Researchers noticed intrusions from the group, which investigators called TAG-22, in June targeting telecommunications organizations including the Industrial Technology Research Institute in Taiwan, Nepal Telecom and the Department of Information and Communications Technology in the Philippines. Some of the activity appears to be ongoing as of press time, researchers said. The new findings play into a larger backdrop of apparent Chinese hackers snooping on global competition in the telecommunications space, which has become an arena of political and economic conflict between China and the United States. “In particular, the targeting of the ITRI is notable due to its role as a technology research and development institution that has set up and incubated multiple Taiwanese technology firms,” researchers wrote. They noted that the organization is […]

The post Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says appeared first on CyberScoop.

Continue reading Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says

Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals

China is increasingly tolerant of criminal hackers on its soil if they are willing to hack on behalf of the Chinese government, a senior U.S. Justice Department official has alleged. Recent U.S. indictments of accused Chinese hackers indicate that the country “has become a safe haven for cybercriminals as long as they’re also doing work on behalf of the state,” John Demers, the assistant attorney general for national security, alleged in an interview for CyberTalks, the annual summit produced by Scoop News Group. “That’s very worrisome…because now you’ve got a country that’s giving free rein to criminal hackers.” It’s an accusation that U.S. government officials and security researchers have frequently leveled against Russia, as well. The blend, though, of criminal and state-sponsored activity in China will make it even more difficult for U.S. companies to defend themselves, Demers said. A spokesperson for the Chinese Embassy in Washington, D.C., called the allegations “groundless,” adding: “China is a […]

The post Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals appeared first on CyberScoop.

Continue reading Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Continue reading Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack