china
Murky Panda hackers exploit cloud trust to hack downstream customers
A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. Murky Panda, also known as Silk Typhoon (Microsoft) and Hafnium, is known for targeting government, technology, academic, legal, and professional services organizations in North America. The […]
XenoRAT malware campaign hits multiple embassies in South Korea
A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. According to Trellix researchers, the campaign has been running since March and is ongoing, having launched at least 19 spearphishing attacks against high-value targets. Although infrastructure and techniques match the pllaybook of North Korean actor Kimsuky (APT43), there are signs that better […]
Microsoft: SharePoint servers also targeted in ransomware attacks
A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. Non-profit security organization Shadowserver is currently tracking over 420 SharePoint servers that are exposed online and remain vulnerable to these ongoing attacks. “Although Microsoft has observed this threat actor deploying Warlock and Lockbit ransomware in the past, Microsoft […]
Microsoft Sharepoint ToolShell attacks linked to Chinese hackers
Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. They used this exploit chain (dubbed “ToolShell”) to breach dozens of organizations worldwide after hacking into their on-premise SharePoint servers. “We assess that at least one of the actors responsible for […]
Chinese hackers breached National Guard to steal network configurations
The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks. Salt Typhoon is a Chinese state-sponsored hacking group that is believed to be affiliated […]
Canada says Salt Typhoon hacked telecom firm via Cisco flaw
The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. During the February 2025 incident, Salt Typhoon exploited the CVE-2023-20198 flaw, a critical Cisco IOS XE vulnerability allowing remote, unauthenticated attackers to create arbitrary accounts and gain admin-level privileges. The flaw […]
Telecom giant Viasat breached by China’s Salt Typhoon hackers
Satellite communications company Viasat is the latest victim of China’s Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide. Viasat provides satellite broadband services to governments worldwide and aviation, military, energy, maritime, and enterprise customers. Last month, the telecom giant told shareholders that it […]
Washington Post’s email system hacked, journalists’ accounts compromised
Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. The incident was discovered on Thursday evening and the publication started an investigation. On Sunday, June 15, an internal memo was sent to employees, informing them of a “possible targeted unauthorized intrusion into their […]
SentinelOne shares new details on China-linked breach attempt
SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. SentinelOne is an American endpoint protection (EDR/XDR) solutions provider that protects critical infrastructure in the country and numerous large enterprises. It is a high-value target for […]
APT41 malware abuses Google Calendar for stealthy C2 communication
The Chinese APT41 hacking group uses a new malware named ‘ToughProgress’ that exploits Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. The campaign was discovered by Google’s Threat Intelligence Group, which identified and dismantled attacker-controlled Google Calendar and Workspace infrastructure and introduced targeted measures to prevent such abuse in the […]