Search Results for: Chinese hackers
Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Chinese threat actors use a custom post-exploitation toolkit named ‘DeepData’ to exploit a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client that steal credentials. The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device Volexity researchers report that they discovered this flaw earlier this summer and […]
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. Quad7, also known as CovertNetwork-1658 or xlogin, is a botnet first discovered by security researcher Gi7w0rm that consists of compromised SOHO routers. Later reports by Sekoia and Team Cymru reported that the threat actors are targeting routers and networking devices from TP-Link, ASUS, Ruckus wireless […]
Sophos reveals 5-year battle with Chinese hackers attacking network devices
Sophos disclosed today a series of reports dubbed “Pacific Rim” that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos. For years, cybersecurity firms have warned enterprises that Chinese threat actors exploit flaws in edge networking devices […]
Chinese hackers use new data theft malware in govt attacks
New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. Researchers found that the hackers are using a variant of the HIUPAN worm to deliver the PUBLOAD malware stager through removable […]
Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs
The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. Versa Director is a management platform ISPs and MSPs use to manage virtual WAN connections created using SD-WAN services. The vulnerability is tracked as CVE-2024-39717 […]
Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps. The toolkit is the equivalent of Sliver and Cobalt Strike post-exploitation frameworks and it was documented by Trend Micro this summer in a report on attacks against Chinese users. At the time, a threat actor tracked as Void Arachne/Silver Fox lured victims […]
CISA: Hackers target industrial systems using “unsophisticated methods”
CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using “unsophisticated” methods like brute force attacks and default credentials. According to the cybersecurity agency, these ongoing attacks targeting critical infrastructure OT and ICS devices are also impacting water and wastewater systems. OT devices integrate hardware and software and […]
Chinese botnet infects 260,000 SOHO routers, IP cameras with malware
The FBI and cybersecurity researchers have disrupted a massive Chinese botnet called “Raptor Train” that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries. The botnet has been used to target entities in the military, government, higher education, telecommunications, defense industrial base (DIB), and IT sectors, mainly in […]
Hackers now use AppDomain Injection to drop CobaltStrike beacons
A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. The technique has been around since 2017, and multiple proof-of-concept apps have been released over the years. However, it is typically used in red team engagements and seldomly observed in […]
Hackers posing as Ukraine’s Security Service infect 100 govt PCs
Attackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country’s government agencies. On Monday, the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that the attackers successfully infected over 100 computers with AnonVNC malware. Some samples were signed using the code signing certificate […]