cyberespionage Archives - Cyber Security Minute

US AI experts targeted in cyberespionage campaign using SugarGh0st RAT

Issued by: CSO Online

Security researchers have warned about a new cyberespionage campaign that targets artificial intelligence experts working in private industry, government and academia. The attackers, likely of Chinese origin, are using a remote access trojan (RAT) called SugarGh0st. “The timing of the recent campaign coincides with an 8 May 2024 report from Reuters, revealing that the US…

Vulnerabilities

Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks

Issued by: SecurityWeek

A note from Redmond linked the ongoing attacks to an APT group tracked as Storm-0062 and warned that malicious activity dates back to September 14, a full three weeks before Atlassian’s public disclosure of the issue. “Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September 14, 2023. CVE-2023-22515 was disclosed…

Malware & Threats

A phishing campaign targets Ukrainian military entities with drone manual lures

Issued by: Security Affairs

Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154. The MerlinAgent is an open-source C2 toolkit written in Go, it…

Malware & Threats

Chinese-backed APT ‘Flax Typhoon’ Hacks Taiwan with Minimal Malware Footprint

Issued by: SecurityWeek

The cyberespionage operation, tagged with the moniker Flax Typhoon, hacks into organizations by exploiting known vulnerabilities in public-facing servers and then using legitimate tools built into the Windows operating system and otherwise benign software to quietly remain in these networks. “Because this activity relies on valid accounts and living-off-the-land binaries (LOLBins), detecting and mitigating this…

Malware & Threats

China-linked hackers target telecommunication providers in the Middle East

Issued by: Security Affairs

In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. According to the researchers, the activity is part of the Operation Soft Cell that was first reported in June 2019 by Cybereason. At the time, researchers at Cybereason uncovered the long-running espionage campaign tracked…

Network Security, Software Security

China’s Winnti Group Seen Targeting Governments in Sri Lanka, Hong Kong

Issued by: Security Week

Active since at least 2007 and also tracked as APT41, Barium, Blackfly, Double Dragon, Wicked Panda, and Wicked Spider, the Winnti Group is believed to be formed of multiple subgroups engaging in both cyberespionage and financially motivated operations. As part of a campaign ongoing since early August, the threat actor has been deploying various payloads…

Network Security

New Chinese Cyberespionage Group WIP19 Targets Telcos, IT Service Providers

Issued by: Security Week

The activities of this advanced persistent threat (APT), which SentinelOne tracks as WIP19, show overlaps with Operation Shadow Force, but it is unclear whether this is a new iteration of the campaign or the work of a different, more mature adversary using new malware and techniques. Mainly focused on entities in the Middle East and…

Malware & Threats

Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware

Issued by: Security Week

Also referred to as APT27, Bronze Union, Emissary Panda, Lucky Mouse, and TG-3390 (Threat Group 3390), Iron Tiger has been active since at least 2010, targeting hundreds of organizations worldwide for cyberespionage purposes. As part of recent attacks, the advanced persistent threat (APT) group abused the compromised servers of MiMi – an instant messaging application…

Malware & Threats

U.S. State Governments Targeted by Chinese Hackers via Zero-Day in Agriculture Tool

Issued by: Security Week

In a blog post published on Tuesday, cybersecurity research and incident response company Mandiant said it became aware of the campaign in May 2021, when it was called in to investigate an attack on a U.S. state government network. An analysis revealed that the attack had likely been carried out by a Chinese state-sponsored threat…

Application Security

TSA Requires Rail and Airports to Strengthen Cybersecurity

Issued by: Security Week

The Biden administration said the requirements made public Thursday are part of a broader effort at protecting the nation’s critical infrastructure from ongoing cyberespionage and a surge in disruptive ransomware attacks. “These new cybersecurity requirements and recommendations will help keep the traveling public safe,” Homeland Security Secretary Alejandro Mayorkas said in a statement. He had…