APT

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities

A new intelligence report has revealed connections between two Chinese research firms, the Beijing Institute of Electronics Technology and Application (BIETA) and its subsidiary Beijing Sanxin Times Technology Co., Ltd. (CIII), and China’s Ministry of State Security (MSS). According to cybersecurity firm Recorded Future, BIETA appears to be managed or influenced by the MSS based […]

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities Read More »

Confucius Hackers Target Pakistan With WooperStealer and Anondoor Malware

A persistent threat actor known as Confucius has been linked to a fresh phishing campaign focused on Pakistan, deploying information stealers and, more recently, a Python-based backdoor. Security firms have observed the group using malware families such as WooperStealer and Anondoor to harvest sensitive data and to establish longer-term access on compromised systems. Background and

Confucius Hackers Target Pakistan With WooperStealer and Anondoor Malware Read More »

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024

A critical security flaw in Broadcom VMware Tools and VMware Aria Operations has been actively exploited since October 2024. According to cybersecurity researchers at NVISO Labs, the attacks are linked to a China-based hacking group tracked as UNC5174 (also known as Uteus or Uetus). The bug, identified as CVE-2025-41244 with a CVSS score of 7.8,

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024 Read More »

Phantom Taurus, a China-Linked Hacker Group, Targets Governments With Stealth Malware

Over the past two and a half years, a China-linked, state-aligned cyber espionage group, known as Phantom Taurus, has been observed targeting government and telecommunications organizations across Africa, the Middle East, and Asia. The group focuses on intelligence collection, aiming to obtain sensitive diplomatic and defense-related data, often aligning its operations with major geopolitical events

Phantom Taurus, a China-Linked Hacker Group, Targets Governments With Stealth Malware Read More »

Chinese TA415 leverages VS Code remote tunnels to spy on U.S. economic policy experts

According to an analysis by Proofpoint, the intrusions impersonated senior figures and organizations involved in U.S.-China relations, including the Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party, and the U.S.-China Business Council. The emails specifically targeted people working on trade, economic policy, and bilateral relations, implying

Chinese TA415 leverages VS Code remote tunnels to spy on U.S. economic policy experts Read More »

Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Networks

Over recent years, Chinese state-backed Advanced Persistent Threat (APT) groups have actively targeted critical flaws in enterprise routers, enabling long-term access to global telecom and government networks. Groups known by names like Salt Typhoon and OPERATOR PANDA have systematically attacked provider edge (PE) and customer edge (CE) devices from top vendors, leveraging publicly disclosed Common

Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Networks Read More »

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Discovery of New Campaign Cybersecurity experts have identified a fresh phishing operation conducted by the North Korean state-sponsored threat group ScarCruft (APT37). The attackers are using a well-known malware called RokRAT to infiltrate systems and steal sensitive information. Researchers at Seqrite Labs named this campaign Operation HanKook Phantom, noting that the attacks are aimed at

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics Read More »

73b1f1d7 e63d 4361 b8a9 864b54291f6a

Sogou Zhuyin Update Server Hijacked in Taiwan Espionage Campaign

An abandoned update server once linked to the Sogou Zhuyin Input Method Editor (IME) has been hijacked by threat actors in a large-scale espionage campaign. The attackers exploited the server to distribute multiple malware families including C6DOOR and GTELAM, primarily targeting users across East Asia. According to Trend Micro researchers Nick Dai and Pierre Lee,

Sogou Zhuyin Update Server Hijacked in Taiwan Espionage Campaign Read More »

5g (12)

ShadowSilk Targets 35 Organizations in Central Asia and APAC via Telegram Bots

A newly identified hacking cluster known as ShadowSilk has been linked to a wave of cyber intrusions aimed at government agencies in Central Asia and the Asia-Pacific (APAC) region. Rising Campaigns and Overlaps with Other Groups Group-IB reports that nearly 36 victims have been confirmed so far, with attackers primarily focused on stealing sensitive data.

ShadowSilk Targets 35 Organizations in Central Asia and APAC via Telegram Bots Read More »

5g (3)

China-Based Threat Group Mustang Panda Tactics and Techniques Exposed

China-based Advanced Persistent Threat (APT) group Mustang Panda has established itself as one of the most sophisticated cyber espionage actors active in the global threat landscape. Active since at least 2014, the group has consistently expanded its operations and capabilities, targeting organizations in both government and non-government sectors. Global Targeting and Spear-Phishing Operations Mustang Panda

China-Based Threat Group Mustang Panda Tactics and Techniques Exposed Read More »