SentinelOne observed suspected cyberespionage actors of unknown origin using modular backdoors and highly stealthy tactics in August to target telecommunication companies in the Middle East, Western Europe and South Asia. The group, tracked as Sandman, is using the novel backdoor LuaJIT.
China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone and warned that foreign mobile device manufacturers must abide by domestic information security laws.
Cybersecurity researchers at Symantec said a cybercriminal entity with possible ties to the Chinese government used the ShadowPad Trojan to target an Asian country's national power grid earlier this year. The Redfly APT group focused on stealing credentials and compromising multiple computers.
Australia's information commissioner has urged organifzations to quicken the process of notifying those affected by data breaches instead of spending months analyzing each incident. Angelene Falk said it can take anywhere from 20 days to five months to notify breach victims, putting them at risk.
Researchers spotted North Korean state hackers deploying a more compact remote access Trojan through a flaw in IT service management software in a campaign affecting European and U.S. critical infrastructure. Cisco Talos said the Lazarus Group in May started to deploy a Trojan it named QuiteRAT.
A previously unknown threat group orchestrated a supply chain attack using a Chinese encryption app to target victims mostly located in Hong Kong. Korplug, the backdoor incorporated into the encryption app, "is known to be used by multiple APT groups," Symantec says.
The BlackCat group on Monday claimed responsibility for a ransomware attack on Japanese watchmaker Seiko, publishing samples of stolen data files as proof of its exploit. Seiko Group Corp. announced earlier this month that it had detected unauthorized users accessing of some of its servers.
North Korean espionage group Kimsuky used a combination of spear-phishing and info-stealer malware infection in an attempt to access information about a joint exercise between U.S. and South Korean military forces. Authorities said the group stole personal information of all employees.
Security researchers say the Chinese state-sponsored espionage group APT41 is using WyrmSpy and DragonEgg surveillance malware to target Android mobile devices. APT41 recently switched tactics to develop malware specific to the Android operating system.
President Xi Jinping directed state agencies to strengthen the government’s control over the internet and information technology sector, potentially discouraging investment in the country. Among the obstacles is a new Counter-Espionage Law focused on investigating foreign companies.
Security experts say China-based hackers are "leading their peers in the deployment of zero-days" in the wake of another wide-ranging attack that abused a flaw in Microsoft Outlook and used forged authentication tokens to access email accounts of governments in the United States and Western Europe.
A security researcher discovered a Bangladesh government web portal that exposed the personal information of about 50 million citizens, including their birth registration records, phone numbers and national identity numbers. His efforts to notify the government of the security flaw went unanswered.
The personal information of nearly 35 million Indonesian passport holders is up for sale on the dark web for $10,000 by notorious hacktivist Bjorka, who routinely criticizes the Indonesian government, publishing damaging information about lawmakers on social media. The government is investigating.
Experts believe China's revised Counter-Espionage Law gives the Chinese Communist Party the power to retaliate against Western financial and technological sanctions and also control rising discontent among Chinese citizens. The law went into effect on Saturday.
Researchers at AhnLab Security Emergency Response Center observed APT37 target South Korean individuals with spear-phishing emails to inject wiretapping malware. The state-backed cybercrime group primarily employs spear-phishing to compromise the devices of victims.