.webp)
Cyber Security News
PlugX USB worm Infected Over 2.5M Devices
The PlugX USB worm, a piece of malware, has been reported to have infected over 2.5 million devices, posing a threat to global cybersecurity.
The Hacker News
Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware
Threat actors are exploiting security vulnerabilities in remote desktop programs to deploy PlugX malware.
Cyber Security News
Hackers Exploiting Remote Desktop Program Flaws to Install PlugX Malware
ASEC (AhnLab Security Emergency response Center) has recently reported that in order to deploy PlugX malware, threat actors are exploiting vulnerabilities
Security Affairs
PlugX malware delivered by exploiting flaws in Chinese programs
Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun. Sunlogin RCE vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is known to be […]
The Hacker News
Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX
Chinese cyber group targets European ministries with sophisticated HTML smuggling techniques to deploy the PlugX trojan.
The Hacker News
Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware
A Chinese government-linked hacker group has been observed targeting Russian officials and military personnel with an updated version of the PlugX.
The Hacker News
Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices
Cybersecurity researchers uncover a new variant of PlugX that infects attached USB media devices to spread the malware to other systems.
Bleeping Computer
Researchers sinkhole PlugX malware server with 2.5 million unique IPs
Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses.
SecurityWeek
Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses
More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.
The Hacker News
PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks
PlugX remote access trojan has been caught disguising itself as a legitimate open source Windows debugger tool called x64dbg to gain control of target
Bleeping Computer
PlugX malware hides on USB devices to infect new Windows hosts
Security researchers have analyzed a variant of the PlugX malware that can hide malicious files on removable USB devices and then infect the Windows hosts they connect to.
Cyber Security News
PlugX Malware Hides on Removable USB Devices to Infect Windows Machine
An investigation by cyber security experts at Palo Alto Network’s Unit 42 team recently revealed that a variation of PlugX malware has the ability to conceal harmful files on USB drives and subsequently infect Windows systems upon connection.
Security Affairs
PlugX Trojan disguised as a legitimate Windows open-source tool in recent attacks
Researchers detailed a new wave of attacks distributing the PlugX RAT disguised as a legitimate Windows debugger tool. Trend Micro uncovered a new wave of attacks aimed at distributing the PlugX remote access trojan masqueraded as an open-source Windows debugger tool called x32dbg. The legitimate tool allows to examine kernel-mode and user-mode code, crash dumps, or CPU […]
Trend Micro
Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool
Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX.
The Hacker News
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
Mustang Panda escalates cyber espionage in Asia with advanced DOPLUGS malware. Discover how this China-linked group targets nations with sophisticated
Infosecurity News
Black Basta Deploys PlugX Malware in USB Devices With New Technique
The variant is “wormable” and can infect USB devices to hide itself from the Windows OS
The Record
China-linked PlugX malware infections found in more than 170 countries
One of the malware's capabilities — spreading through infected USB flash drives — appears to be giving it multiple lives, according to researchers at Sekoia.
Infosecurity News
Chinese Threat Actors Target Europe in SmugX Campaign
The attacks rely on novel delivery methods to deploy a variant of PlugX
The Hacker News
Chinese Hackers Target Government Officials in Europe, South America, and Middle East
Hackers from China used the PlugX malware to attack government officials in Europe, the Middle East, and South America.
Ars Technica
Millions of IPs remain infected by USB worm years after its creators left it for dead
Ability of PlugX worm to live on presents a vexing dilemma: Delete it or leave it be.
Security Affairs
New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS
China-linked APT group Mustang Panda targeted various Asian countries with a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS.
DarkReading
Chinese APT Targets Hong Kong in Supply Chain Attack
Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug/PlugX backdoor to various Asian targets.
DarkReading
China's Mustang Panda Linked to SmugX Attacks on European Governments
Attackers use HTML smuggling to spread the PlugX RAT in the campaign, which has been ongoing since at least December.
SecurityWeek
New 'Carderbee' APT Targeted Chinese Security Software in Supply Chain Attack
A new APT called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.
Security Affairs
China-linked Moshen Dragon abuses security software to sideload malware
A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage […]
ThreatPost
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection
Mustang Panda’s already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.
Security Affairs
China-Linked BRONZE PRESIDENT APT targets Government officials worldwide
China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government officials in Europe, the Middle East, and South America with the PlugX malware. Attacks part of this campaign were spotted […]
SecurityWeek
China's Hacking of European Diplomats Aligns With Russia-Ukraine Conflict
In an ongoing campaign aligned with the current war in Ukraine, Chinese cyberespionage group Mustang Panda has been targeting European diplomats with an updated variant of the PlugX backdoor
Bleeping Computer
Carderbee hacking group hits Hong Kong orgs in supply chain attack
A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware.
Security Affairs
Security Affairs newsletter Round 410 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. PlugX malware delivered by exploiting flaws in Chinese programs Prometei botnet evolves and infected +10,000 […]
Trend Micro
Earth Preta Campaign Uses DOPLUGS to Target Asia
In this blog entry, we focus on Earth Preta's campaign that employed a variant of the DOPLUGS malware to target Asian countries.
Infosecurity News
Daggerfly APT Targets African Telecoms Firm With New MgBot Malware
Symantec described the findings today, saying the ongoing campaign likely started in November 2022
Bleeping Computer
Hackers target European government entities in SmugX campaign
A phishing campaign that security researchers named SmugX and attributed to a Chinese threat actor has been targeting embassies and foreign affairs ministries in the UK, France, Sweden, Ukraine, Czech, Hungary, and Slovakia, since December 2022.
Bleeping Computer
Chinese state-backed hackers now target Russian state officers
Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President).
The Hacker News
Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector
China-aligned "Moshen Dragon" cyberespionage group has been caught using abusing popular antivirus products to sideload malware.
Security Affairs
Experts uncovered a new wave of attacks conducted by Mustang Panda
China-linked Mustang Panda APT group targets entities in Asia, the European Union, Russia, and the US in a new wave of attacks. In February 2022, Cisco Talos researchers started observing China-linked cyberespionage group Mustang Panda conducting phishing attacks against European entities, including Russian organizations. The attacks were also reported by Google’s TAG team, which confirmed they were for […]
CSO
New Chinese APT campaign found targeting European embassies
The China-based APT actor has been found using HTML smuggling to avoid detection.
SecurityWeek
Chinese Cyberspies Targeting Russian Military
State-sponsored cyberespionage group Mustang Panda starts targeting Russian military as Chinese interests shift towards the Russian-Ukraine war.
SecurityWeek
Chinese Hackers Abuse Cybersecurity Products for Malware Execution
Researchers at cybersecurity firm SentinelOne have observed a Chinese hacking group taking a trial-and-error approach to abusing antivirus applications for the sideloading of malicious DLLs.
The Record
Number of command-and-control servers spiked in 2022: report
The number of unique command-and-control servers increased 30% in 2022, an indication that cybercriminals are increasingly using them in attacks
Infosecurity News
Cyber Warfare Escalates Amid China-Taiwan Tensions
Trellix report observed a surge in malicious emails targeting Taiwanese industries and government officials
Bleeping Computer
Chinese phishing actors consistently targeting EU diplomats
The China-aligned group tracked as TA416 (aka Mustang Panda) has been consistently targeting European diplomats since August 2020, with the most recent activity involving refreshed lures to coincide with the Russian invasion of Ukraine.
The Hacker News
Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers
Research uncovered a new cyber espionage campaign by Chinese 'Mustang Panda' hackers.
The Hacker News
Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities
A China-linked nation-state hacking group is using decoys related to the ongoing Russian-Ukrainian war to attack facilities in Europe and the Asia-Pac
The Hacker News
Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates
A new threat cluster, dubbed Carderbee, is targeting organizations in Hong Kong & parts of Asia, using software supply chain attacks.
The Hacker News
Escalating China-Taiwan Tensions Fuel Alarming Surge in Cyber Attacks
Cyber warfare escalates amidst rising tensions between China and Taiwan. Find out how malicious actors are using phishing lures and trojans.
The Record
Chinese hackers target European embassies with HTML smuggling technique
The espionage effort, labeled SmugX by cybersecurity researchers at Check Point, has similarities to previous campaigns linked to China. HTML smuggling helped the malware avoid detection.
ZDNet
Bronze President spies on Russian targets as Ukraine invasion continues | ZDNet
It's not necessarily because Russia is considered hostile, however.
The Hacker News
Chinese 'Mustang Panda' Hackers Spotted Deploying New 'Hodur' Malware
Hackers from China's Mustang Panda hacker group spotted deploying a new variant of Korplug malware, dubbed Hodur.
Security Affairs
Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT
Trend Micro addressed a DLL hijacking issue in Trend Micro Security actively exploited by a China-linked threat group to deploy malware. Trend Micro addressed a DLL hijacking flaw in Trend Micro Security that a China-linked threat actor actively exploited to deploy malware. In early May, SentinelOne researchers observed a China-linked APT group, tracked as Moshen […]
Security Affairs
SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies
China-linked APT group was spotted using HTML smuggling in attacks aimed at Foreign Affairs ministries and embassies in Europe. A China-linked APT group was observed using HTML smuggling in attacks against Foreign Affairs ministries and embassies in Europe, reports the cybersecurity firm Check Point. The researchers tracked the campaign as SmugX and reported that it […]
CyberScoop
Research points to a Chinese hacking effort targeting a Russian border unit
The findings add detail to other suspected Chinese hacking campaigns in Europe related to the Russian invasion of Ukraine.
The Hacker News
Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization
Budworm APT group of hackers has resurfaced after 6 years with new cyber espionage attacks targeted at U.S. organizations.
CSO
Chinese APT group Mustang Panda targets European and Russian organizations
Latest campaigns by Mustang Panda highlight the threat actor's versatility in terms of the tools and techniques it is able to use.
DarkReading
Chinese APT Bronze President Mounts Spy Campaign on Russian Military
The war in Ukraine appears to have triggered a change in mission for the APT known as Bronze President (aka Mustang Panda).
The Hacker News
APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor
APT Hackers Use ShadowPad Backdoor and MS Exchange Bug to Target Building Automation Systems
The Hacker News
Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies
BLOODALCHEMY malware, an updated version of Deed RAT and successor to ShadowPad, targets government organizations in Southern and Southeastern Asia.
The Hacker News
China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz
Chinese hackers Mustang Panda caught red-handed targeting Myanmar's Ministry of Defence and Foreign Affairs
The Hacker News
Chinese Hackers Targeting European Entities with New MQsTTang Backdoor
China-based hackers Mustang Panda are using a new custom backdoor called MQsTTang in their latest social engineering campaign against European entitie
CSO
ShadowPad has become the RAT of choice for several state-sponsored Chinese APTs
New research links the ShadowPad remote-access Trojan to China's Ministry of State Security and the People's Liberation Army.
DarkReading
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict
Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.
The Hacker News
Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users
Researchers have uncovered a new malware campaign in which Chinese "Lucky Mouse" hackers backdoor chat app MiMi to compromise Microsoft Windows, Linux
Bleeping Computer
Chinese cyber-espionage group Moshen Dragon targets Asian telcos
Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia.
The Hacker News
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor
RedGolf, a highly-likely Chinese state-sponsored threat group, is using a new custom backdoor called KEYPLUG to target multiple sectors.
CyberScoop
Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack
The unknown and unattributed hackers compromised legitimate software in apparent focused attack, researchers said.
The Record
‘Mustang Panda’ hacking group exploiting Ukraine invasion, COVID-19 to spread malware
Cybersecurity researchers have uncovered a new campaign by advanced persistent threat (APT) group Mustang Panda to spread a variant of the Korplug malware by exploiting the invasion of Ukraine, COVID-19 and other timely topics.
The Hacker News
Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks
Government and state organizations in several Asian countries were targeted by a distinct group of cyberespionage hackers as part of an intelligence.
The Hacker News
Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries
Latest Cybersecurity reports unveil two China-linked APT groups targeting ASEAN nations in cyberespionage campaign over the past 3 months.
Bleeping Computer
Cyberspies drop new infostealer malware on govt networks in Asia
Security researchers have identified new cyber-espionage activity focusing on government entities in Asia, as well as state-owned aerospace and defense firms, telecom companies, and IT organizations.
Cyber Security News
Sophisticated Earth Estries Group Hack Government Agencies and Tech Companies
A new sophisticated cyber espionage group named Earth Estries which overlaps notorious threat group FamousSparrow was unveiled.
The Hacker News
New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam
A new campaign is spreading the MrAnon Stealer, a Python-based malware, via fake hotel booking PDFs. It can steal your credentials, browser data, and
Infosecurity News
Black Basta Ransomware Decryptor Published
Researchers at SRLabs have revealed a new suite of decryption tools for Black Basta ransomware
Infosecurity News
New Backdoor MQsTTang Attributed to Mustang Panda Group
Unlike the group’s usual tactics, MQsTTang only has a single stage and does not use obfuscation
CyberNews
Chinese hackers send fake EU reports on the war in Ukraine to peddle malware | CyberNews
Hackers imitated official EU and Ukrainian reports on Russia's war.
DarkReading
'Operation Jacana' Reveals DinodasRAT Custom Backdoor
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.
Infosecurity News
Chinese Hackers Infiltrate South American Diplomatic Networks
The group previously targeted government agencies and think tanks in Asia and Europe
SecurityWeek
Trend Micro Patches Vulnerability Exploited by Chinese Cyberspies
Trend Micro has patched a DLL hijacking vulnerability exploited in attacks by a China-linked cyberespionage group tracked as Moshen Dragon.
The Hacker News
Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack
ESET discovers a targeted cyber-espionage campaign in Guyana.
Infosecurity News
Hackers Deploy Shadowpad Backdoor and Target Industrial Control Systems in Asia
Telecommunications companies in Pakistan and Afghanistan and a port in Malaysia targeted
Trend Micro
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families.
The Hacker News
New NAPLISTENER Malware Used by REF2924 Group to Evade Network Detection
REF2924, a threat group targeting entities in South and Southeast Asia, has been spotted deploying NAPLISTENER.
Infosecurity News
Threat Actors Use Babuk Code to Build Hypervisor Ransomware
According to SentinelOne, these novel variants emerged between 2022 and 2023
SecurityWeek
Chinese Cyberspies Targeting US State Legislature
China-linked cyberespionage group APT27 was recently observed targeting a US state legislature.
Bleeping Computer
Trend Micro fixes bug Chinese hackers exploited for espionage
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.
Infosecurity News
APT31 Implants Target Industrial Organizations
The attackers established a channel for data exfiltration, including from air-gapped systems
The Hacker News
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad and QuasarLoader
Infosecurity News
Yellow Pages Canada Hit by Cyber-Attack, Black Basta Claims Credit
The unauthorized third party stole employee and business customers' data
The Hacker News
Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks
Webworm hackers have used customized versions of three older remote access trojans (RATs), including Trochilus, Gh0st, and 9002.
Bleeping Computer
Chinese hackers use Windows zero-day to attack defense, IT firms
A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT).
CSO
China-based cyberespionage actor seen targeting South America
Cyberthreat group DEV-0147 is deploying the ShadowPad RAT to hit diplomatic targets in South America, expanding from its traditional attack turf in Asia and Europe, Microsoft says.
The Hacker News
Researchers Expose Space Pirate' Cyber Campaign Across Russia and Serbia
Space Pirates, a notorious cyber threat actor, has been ramping up attacks in Russia and Serbia over the past year.
The Hacker News
Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies
Earth Preta's evolving tactics: Threat actors now using TONEINS, TONESHELL, and PUBLOAD malware for more effective infiltration.
The Hacker News
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
Budworm, a China-linked group, strikes again with updated malware tools, targeting government and telecom entities.
ZDNet
Mustang Panda hacking group takes advantage of Ukraine crisis in new attacks | ZDNet
Just as criminals seized on the pandemic, this group is trying to capitalize on Russia's invasion of Ukraine.
The Hacker News
SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
Lucky Mouse has developed SysUpdate, a malware toolkit with a Linux version, and updated the artifact since July 2022.
The Hacker News
Malicious USB Drives Targetinging Global Targets with SOGU and SNOWYDRIVE Malware
Learn more about the SOGU and SNOWYDRIVE campaigns targeting public and private sector entities worldwide.
The Hacker News
Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware
A sophisticated threat actor is targeting Pakistan government entities through a trojanized version of the E-Office application.
The Hacker News
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers
China-linked Bronze Highland hackers aka Daggerfly group is targeting telecom services providers in Africa using spear-phishing and MgBot malware.
The Hacker News
Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign
Government, aviation, education, and telecom sectors in South and Southeast Asia are under attack!
SecurityWeek
China-Linked 'Redfly' Group Targeted Power Grid
Symantec warns that the Redfly APT appears to be focusing exclusively on targeting critical national infrastructure organizations.
Loading more articles....