Chinese threat actor – Experimental News Clipping Site

The Register: ‘Dead simple’ hijacking hole in Apache Tomcat ‘now actively exploited in the wild’

Mar 18, 2025

—

by

Source URL: https://www.theregister.com/2025/03/18/apache_tomcat_java_rce_flaw/ Source: The Register Title: ‘Dead simple’ hijacking hole in Apache Tomcat ‘now actively exploited in the wild’ Feedly Summary: One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack…

Unit 42: Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations

Feb 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/?p=138415 Source: Unit 42 Title: Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations Feedly Summary: We analyze the backdoor Squidoor, used by a suspected Chinese threat actor to steal sensitive information. This multi-platform backdoor is built for stealth. The post Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations appeared first on…

Unit 42: CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

Jan 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/?p=138128 Source: Unit 42 Title: CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia Feedly Summary: A Chinese-linked espionage campaign targeted entities in South Asia using rare techniques like DNS exfiltration, with the aim to steal sensitive data. The post CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia appeared first…

The Register: How Androxgh0st rose from Mozi’s ashes to become ‘most prevalent malware’

Dec 24, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/24/androxgh0st_botnet_mozi/ Source: The Register Title: How Androxgh0st rose from Mozi’s ashes to become ‘most prevalent malware’ Feedly Summary: Botnet’s operators ‘driven by similar interests as that of the Chinese state’ After the Mozi botnet mysteriously disappeared last year, a new and seemingly more powerful botnet, Androxgh0st, rose from its ashes and has quickly…

The Register: US reportedly mulls TP-Link router ban over national security risk

Dec 18, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/18/us_govt_probes_tplink_routers/ Source: The Register Title: US reportedly mulls TP-Link router ban over national security risk Feedly Summary: It could end up like Huawei -Trump’s gonna get ya, get ya, get ya The Feds may ban the sale of TP-Link routers in the US over ongoing national security concerns about Chinese-made devices being used…

The Register: Blue Yonder ransomware termites claim credit

Dec 9, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/09/security_in_brief/ Source: The Register Title: Blue Yonder ransomware termites claim credit Feedly Summary: Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren’t; Polish spy boss arrested, and more Infosec in brief Still smarting over that grocery disruption caused by a ransomware attack on supply chain SaaS vendor Blue…

Microsoft Security Blog: Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON

Nov 28, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/ Source: Microsoft Security Blog Title: Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON Feedly Summary: At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack…

Schneier on Security: IoT Devices in Password-Spraying Botnet

Nov 6, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2024/11/iot-devices-in-password-spraying-botnet.html Source: Schneier on Security Title: IoT Devices in Password-Spraying Botnet Feedly Summary: Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack: “Any threat actor…

The Register: 6 IT contractors arrested for defrauding Uncle Sam out of millions

Nov 3, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/03/6_it_contractors_arrested_for/ Source: The Register Title: 6 IT contractors arrested for defrauding Uncle Sam out of millions Feedly Summary: Also, ecommerce fraud ring disrupted, another Operation Power Off victory, Sino SOHO botnet spotted, and more in brief The US Department of Justice has charged six people with two separate schemes to defraud Uncle Sam…

Microsoft Security Blog: Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

Nov 1, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/ Source: Microsoft Security Blog Title: Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network Feedly Summary: Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source…

Tag: Chinese threat actor