China Chopper – WindowsTechs.com

US to publish details on suspected Russian hacking tools used in SolarWinds espionage

Posted on March 31, 2021 by Sean Lyngaas

U.S. military and security officials are preparing to publish one of their most detailed analyses yet of the hacking tools used by suspected Russian spies in a campaign that the Biden administration has labeled a national security threat. The “malware analysis report” from U.S. Cyber Command and the Department of Homeland Security, which CyberScoop obtained, spotlights 18 pieces of malicious code allegedly used by Russian hackers, who exploited software made by the federal contractor SolarWinds and other vendors on their way to infiltrating nine U.S. government agencies and 100 companies. The report, slated for public release Wednesday afternoon, sheds light on a historic espionage campaign that U.S. officials have, at times, been cautious to publicly detail. It’s an analysis from U.S. government cybersecurity specialists of how the alleged Russian operatives moved from network to network, and builds on private sector reporting. Cyber Command and DHS’s Cybersecurity and Infrastructure Security Agency […]

The post US to publish details on suspected Russian hacking tools used in SolarWinds espionage appeared first on CyberScoop.

Continue reading US to publish details on suspected Russian hacking tools used in SolarWinds espionage→

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

Posted on September 14, 2020 by Lindsey O'Donnell

Monday’s CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. Continue reading Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs→

Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says

Posted on September 14, 2020 by Shannon Vavra

Hackers connected to a Chinese intelligence agency have infiltrated U.S. government and the private sector entities in recent months by exploiting a series of common vulnerabilities, the FBI and Department of Homeland Security’s cybersecurity agency announced Monday. Attackers tied to China’s civilian intelligence and counterintelligence service, the Ministry of State Security (MSS), have been using phishing emails with malicious links to infiltrate victim organizations, according to the alert. By including malicious software in those messages, hackers are exploiting software flaws in commercial technologies and open-source tools, including services with known fixes. F5 Networks’ Big-IP Traffic Management User Interface, Citrix VPN Appliances, Pulse Secure VPN appliances, and Microsoft Exchange Server are among those affected, says the report from the FBI and DHS’ Cybersecurity and Infrastructure Security Agency (CISA). All of these are tools are open source and commercially available, making potentially high value espionage targets in the U.S. government relatively easy and low-cost for state-sponsored hackers […]

The post Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says appeared first on CyberScoop.

Continue reading Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says→

Elderly China Chopper Tool Still Going Strong in Multiple Campaigns

Posted on August 28, 2019 by Tara Seals

Multiple actors in multiple campaigns are using the web shell for remote access, even though it’s almost a decade old and hasn’t been updated. Continue reading Elderly China Chopper Tool Still Going Strong in Multiple Campaigns→

‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries

Posted on August 27, 2019 by Shannon Vavra

Malicious code first discovered nine years ago that has historically been used by groups associated with Chinese state-backed hacks has made a comeback, according to new research from Cisco’s Security and Intelligence Research Group, Talos. The hacking tool is web shell known as China Chopper. A web shell is a script that allows attackers to remotely access servers running web applications. This particular web shell has long been known to be an exploit that’s often impervious to being outed and detected. “China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth,” FireEye researchers wrote in 2013 in their blog on the matter. China Chopper’s code as historically been small, according to security researcher Keith Tyler, who wrote on the tool in 2012. That much appears to be the same now — Talos researchers note the most recent campaign has been “extremely simple,” containing just one […]

The post ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries appeared first on CyberScoop.

Continue reading ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries→

Hackers Exploit Recently Patched ColdFusion Vulnerability

Posted on November 12, 2018 by Lucian Constantin

A Chinese APT group has been hacking into web servers by exploiting a vulnerability in Adobe ColdFusion that was patched in September and for which no exploit has been released publicly. The vulnerability, tracked as CVE-2018-15961, affects ColdFusion… Continue reading Hackers Exploit Recently Patched ColdFusion Vulnerability→

Five Eyes Cybersecurity Agencies Release Report on Hacking Tools

Posted on October 15, 2018 by Lucian Constantin

The national cybersecurity agencies of the United States, U.K., Canada, Australia and New Zealand, known in the intelligence world as the Five Eyes, have released a joint report on five publicly available hacking tools that are widely used in cyberatt… Continue reading Five Eyes Cybersecurity Agencies Release Report on Hacking Tools→

Hackers steal restricted information on F-35 fighter, JDAM, P-8 and C-130

Posted on October 13, 2017 by Taylor Armerding

Hackers gained “full and unfettered access” to a third-party holding restricted information

The post Hackers steal restricted information on F-35 fighter, JDAM, P-8 and C-130 appeared first on Security Boulevard.

Continue reading Hackers steal restricted information on F-35 fighter, JDAM, P-8 and C-130→