China Archives - Cyber Security Minute

Google Suspends Chinese App Following Malware Discovery

Issued by: DataBreach Today

Google suspended popular budget e-commerce application Pinduoduo from the Play Store after detecting malware on versions of the Chinese app downloadable from other online stores. In a statement on Tuesday, Google said it took action to block the installation of Pinduoduo on Android devices and said it would scan smartphones for malicious versions through its…

Malware & Threats

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

Issued by: The Hacker News

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. “The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades,” cybersecurity company Mandiant said in a technical report published this week. The Google-owned incident response…

Network Security, Software Security

China’s Winnti Group Seen Targeting Governments in Sri Lanka, Hong Kong

Issued by: Security Week

Active since at least 2007 and also tracked as APT41, Barium, Blackfly, Double Dragon, Wicked Panda, and Wicked Spider, the Winnti Group is believed to be formed of multiple subgroups engaging in both cyberespionage and financially motivated operations. As part of a campaign ongoing since early August, the threat actor has been deploying various payloads…

Network Security

New Chinese Cyberespionage Group WIP19 Targets Telcos, IT Service Providers

Issued by: Security Week

The activities of this advanced persistent threat (APT), which SentinelOne tracks as WIP19, show overlaps with Operation Shadow Force, but it is unclear whether this is a new iteration of the campaign or the work of a different, more mature adversary using new malware and techniques. Mainly focused on entities in the Middle East and…

Malware & Threats

Hacker Claims Major Chinese Citizens’ Data Theft

Issued by: Security Week

A sample of 750,000 entries posted online by the hacker showed citizens’ names, mobile phone numbers, national ID numbers, addresses, birthdays and police reports they had filed. AFP and cybersecurity experts have verified some of the citizen data in the sample as authentic, but the scope of the entire database is hard to determine. Advertised…

Vulnerabilities

Chinese Spies Exploit Log4Shell to Hack Major Academic Institution

Issued by: Security Week

Tracked as CVE 2021-44228 and also referred to as Log4Shell and LogJam, the security hole affects the Apache Log4j Java logging framework and has been exploited in targeted attacks since early December. As part of a recent campaign, the OverWatch security researchers observed Aquatic Panda leveraging a modified version of the Log4j exploit for initial…

Malware & Threats

Microsoft Seizes Domains Used by China-Linked APT ‘Nickel’

Issued by: Security Week

The tech giant took over the websites after filing pleadings with the U.S. District Court for the Eastern District of Virginia, which quickly granted an order in this regard. While the move will prevent the group’s access to some of its victims, it is unlikely to put an end to Nickel’s activities. However, Microsoft does…

Malware & Threats

US to Curb Hacking Tool Exports to Russia, China

Issued by: Security Week

The rules, which are set to go into force in 90 days, would prevent the sale of certain software or devices to a list of countries unless approved by a bureau of the Commerce Department. “The United States opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these…

Malware & Threats

Amnesty Links Indian Cybersecurity Firm to Spyware Attack on African Activist

Issued by: Security Week

In late 2019 and early 2020, ahead of the presidential elections in Togo, the Donot Team hacking group attempted to spy on a prominent Togolese human rights defender, but only managed to raise the victim’s suspicion. Active since at least 2012 and also tracked as APT-C-35, and SectorE02, Donot Team is mainly known for its…

Malware & Threats

China Intensified Attacks on Major Afghan Telecom Firm as U.S. Finalized Withdrawal

Issued by: Security Week

Threat intelligence company Recorded Future reported on Tuesday that it had seen four different Chinese threat groups targeting a mail server belonging to Roshan, a major telecom provider that has more than 6.5 million subscribers across Afghanistan. The attacks were conducted by the groups known as Calypso and RedFoxtrot, as well as two different Winnti…