Gamedev Mastodon

0 posts0 participants0 posts today

PrivacyDigestBrass Typhoon: The <a href="https://mas.to/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chinese</a> <a href="https://mas.to/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hacking</a> Group Lurking in the Shadows Though less well-known than groups like <a href="https://mas.to/tags/VoltTyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VoltTyphoon</a> and <a href="https://mas.to/tags/SaltTyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SaltTyphoon</a> , <a href="https://mas.to/tags/BrassTyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrassTyphoon</a> , or <a href="https://mas.to/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> , is an infamous, longtime <a href="https://mas.to/tags/espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#espionage</a> actor that foreshadowed recent telecom <a href="https://mas.to/tags/hacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacks</a>. <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mas.to/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> <a href="https://www.wired.com/story/brass-typhoon-china-cyberspies/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.wired.com/story/brass-typhoon-china-cyberspies/</a>

ijliaoquote : 這次針對 <a href="https://g0v.social/tags/%E8%8F%B2%E5%BE%8B%E8%B3%93" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#菲律賓</a> 總統辦公室的入侵，是由 <a href="https://g0v.social/tags/%E4%B8%AD%E5%9C%8B" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#中國</a> 政府附屬駭客組織 <a href="https://g0v.social/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> 所發動，是針對菲律賓多個政府機構辦公室、醫院網路和其他組織的間諜活動一環，大部分攻擊是在2023年初至2024年6月期間發動的。中國駭客入侵菲律賓總統辦公室竊取敏感軍事文件 <a href="https://news.ltn.com.tw/news/world/breakingnews/4916578" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://news.ltn.com.tw/news/world/breakingnews/4916578</a>

Anonymous 🐈️🐾☕🍵🏴🇵🇸 :af:Chinese Winnti( <a href="https://kolektiva.social/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> ) hacking group is using a new <a href="https://kolektiva.social/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PHP</a> backdoor named 'Glutton' in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. <a href="https://kolektiva.social/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttacks</a> <a href="https://kolektiva.social/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://www.bleepingcomputer.com/news/security/winnti-hackers-target-other-threat-actors-with-new-glutton-php-backdoor/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/winnti-hackers-target-other-threat-actors-with-new-glutton-php-backdoor/</a>

Threat InsightA new DISCARDED podcast episode is here 🚨 👉 <a href="https://ow.ly/H3SO50Ukn7w" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ow.ly/H3SO50Ukn7w</a>Listen in to hear APT research expert Mark Kelly share his insight on the <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> and state-sponsored espionage of <a href="https://infosec.exchange/tags/TA415" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TA415</a> (AKA <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> <a href="https://infosec.exchange/tags/BrassTyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrassTyphoon</a>).

Threat InsightIn August 2024, Proofpoint published research highlighting an unusual, suspected espionage campaign targeting dozens of organizations worldwide to deliver a custom malware family named “Voldemort”.Proofpoint analysts now attribute this campaign to the China-aligned threat group <a href="https://infosec.exchange/tags/TA415" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TA415</a> (also known as <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> and <a href="https://infosec.exchange/tags/BrassTyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrassTyphoon</a>).This attribution is based on multiple newly identified high confidence links between the campaign distributing Voldemort and known TA415-attributed infrastructure, including overlaps with activity publicly reported by Mandiant in July 2024: <a href="https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust</a>.Furthermore, in late August 2024, Proofpoint identified a targeted campaign featuring an almost identical attack chain to deliver the Voldemort backdoor. This activity spoofed a Taiwanese aerospace industry association and repeatedly targeted fewer than five aerospace companies in the US and Taiwan, aligning with more typical targeting associated with TA415 and other China-aligned actors.The screenshot below shows a machine translated version of a phishing email associated with this campaign (originally written in Traditional Chinese).In this campaign, TA415 began using Google AMP Cache URLs that redirected to password protected 7-Zip files hosted on OpenDrive. These archives contained malicious Microsoft Shortcut (LNK) files that attempted to download a Python script hosted on paste[.]ee. This activity continued into late September 2024 and also targeted a small number of organizations in the chemicals, insurance, and manufacturing industries.The initial widespread <a href="https://infosec.exchange/tags/TA415" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TA415</a> campaign distributing Voldemort remains unusual due to its widespread targeting and techniques more commonly observed in cybercrime activity.While this volume of targeting from an APT actor is uncommon, it is not unheard of, as Proofpoint observed similar high volume targeting by the Russia state-aligned threat actor <a href="https://infosec.exchange/tags/TA422" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TA422</a> in 2023: <a href="https://ow.ly/BJuW50TQSt0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ow.ly/BJuW50TQSt0</a>.⬇️⬇️⬇️Read our recent blog to learn more about the TA415 Voldemort campaign: <a href="https://ow.ly/8Cka50TQSv1" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ow.ly/8Cka50TQSv1</a>.

Anonymous 🐈️🐾☕🍵🏴🇵🇸 :af:<a href="https://kolektiva.social/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a>, a Chinese nation-state actor, has launched a sophisticated cyber attack against the gaming industry, stealthily gathering critical data like user passwords and network configurations over six months.<a href="https://thehackernews.com/2024/10/chinese-nation-state-hackers-apt41-hit.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thehackernews.com/2024/10/chinese-nation-state-hackers-apt41-hit.html</a><a href="https://kolektiva.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://kolektiva.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://kolektiva.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hacking</a>

SnoopGod LinuxHackers now use AppDomain Injection to drop CobaltStrike beacons <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> <a href="https://infosec.exchange/tags/APPDOMAINMANAGERINJECTION" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APPDOMAINMANAGERINJECTION</a> <a href="https://infosec.exchange/tags/hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hackers</a> <a href="https://www.bleepingcomputer.com/news/security/hackers-now-use-appdomain-injection-to-drop-cobaltstrike-beacons/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/hackers-now-use-appdomain-injection-to-drop-cobaltstrike-beacons/</a>

Pyrzout :vm:Chinese Hackers Targeted Taiwanese Research Institute with ShadowPad and Cobalt Strike <a href="https://thecyberexpress.com/chinese-hackers-apt41-targeted-taiwan/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thecyberexpress.com/chinese-hackers-apt41-targeted-taiwan/</a> <a href="https://social.skynetcloud.site/tags/TheCyberExpressNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TheCyberExpressNews</a> <a href="https://social.skynetcloud.site/tags/CybersecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CybersecurityNews</a> <a href="https://social.skynetcloud.site/tags/Taiwaneseresearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Taiwaneseresearch</a> <a href="https://social.skynetcloud.site/tags/TheCyberExpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TheCyberExpress</a> <a href="https://social.skynetcloud.site/tags/FirewallDaily" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FirewallDaily</a> <a href="https://social.skynetcloud.site/tags/cobaltstrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cobaltstrike</a> <a href="https://social.skynetcloud.site/tags/ShadowPad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ShadowPad</a> <a href="https://social.skynetcloud.site/tags/Taiwanese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Taiwanese</a> <a href="https://social.skynetcloud.site/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chinese</a> <a href="https://social.skynetcloud.site/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a>

RedhotcyberLa Backdoor KeyPlug di APT41 sta infettando le Industrie ItalianeDurante un’approfondita investigazione, il team di Tinexta Cyber ha identificato una <a href="https://mastodon.bida.im/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#backdoor</a> denominata <a href="https://mastodon.bida.im/tags/KeyPlug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KeyPlug</a> che ha colpito per mesi diverse industrie <a href="https://mastodon.bida.im/tags/Italiane" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Italiane</a>. Questa backdoor risulta essere stata attribuita all’arsenale del gruppo originario della <a href="https://mastodon.bida.im/tags/Cina" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cina</a> <a href="https://mastodon.bida.im/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a>.Condividi questo post se hai trovato la news interessante.<a href="https://mastodon.bida.im/tags/redhotcyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redhotcyber</a> <a href="https://mastodon.bida.im/tags/online" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#online</a> <a href="https://mastodon.bida.im/tags/it" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#it</a> <a href="https://mastodon.bida.im/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ai</a> <a href="https://mastodon.bida.im/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://mastodon.bida.im/tags/innovation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#innovation</a> <a href="https://mastodon.bida.im/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.bida.im/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.bida.im/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#technology</a> <a href="https://mastodon.bida.im/tags/engineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#engineering</a> <a href="https://mastodon.bida.im/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://mastodon.bida.im/tags/intelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intelligence</a> <a href="https://mastodon.bida.im/tags/intelligenzaartificiale" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intelligenzaartificiale</a> <a href="https://mastodon.bida.im/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#informationsecurity</a> <a href="https://mastodon.bida.im/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ethicalhacking</a> <a href="https://mastodon.bida.im/tags/dataprotection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dataprotection</a> <a href="https://mastodon.bida.im/tags/cybersecurityawareness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurityawareness</a> <a href="https://mastodon.bida.im/tags/cybersecuritytraining" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecuritytraining</a> <a href="https://mastodon.bida.im/tags/cybersecuritynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecuritynews</a> <a href="https://mastodon.bida.im/tags/infosecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosecurity</a><a href="https://www.redhotcyber.com/post/la-backdoor-keyplug-di-apt41-sta-infettando-le-industrie-italiane/" rel="nofollow noopener noreferrer" target="_blank">https://www.redhotcyber.com/post/la-backdoor-keyplug-di-apt41-sta-infettando-le-industrie-italiane/</a>

Not SimonTrend Micro reported on the attack chain of a cyberespionage group Earth Freybug, which they claim is a subset of the Chinese state-sponsored APT41 (Winnti Group). No information about the targets or timeline, but they describe a new UNAPIMON malware used for defense evasion ( prevent child processes from being monitored). One SHA256 provided, which isn't recognized in VirusTotal. 🔗 <a href="https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html</a><a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberespionage</a> <a href="https://infosec.exchange/tags/EarthFreybug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EarthFreybug</a> <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> <a href="https://infosec.exchange/tags/Winnti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Winnti</a> <a href="https://infosec.exchange/tags/UNAPIMON" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UNAPIMON</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IOC</a>

Not SimonThree different organizations have noted overlaps between I-Soon and Earth Lusca (aka AQUATIC PANDA, BRONZE UNIVERSITY, CHROMIUM, Charcoal Typhoon, ControlX, FISHMONGER, Red Dev 10, RedHotel). <ul><li>Recorded Future, who tracks Earth Lusca as RedHotel, noted similarities between base of operations (Chengdu, Sichuan Province, China), malware used (ShadowPad and Winnti), and victimology. <a href="https://www.recordedfuture.com/redhotel-a-prolific-chinese-state-sponsored-group-operating-at-a-global-scale" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.recordedfuture.com/redhotel-a-prolific-chinese-state-sponsored-group-operating-at-a-global-scale</a></li><li><a href="https://infosec.exchange/@nattothoughts" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nattothoughts</a> reached a similar conclusion back in October 2023: <a href="https://nattothoughts.substack.com/p/i-soon-another-company-in-the-apt41" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://nattothoughts.substack.com/p/i-soon-another-company-in-the-apt41</a></li><li>in today's blog post, Trend Micro mentions the same three links: <a href="https://www.trendmicro.com/en_us/research/24/b/earth-lusca-uses-geopolitical-lure-to-target-taiwan.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.trendmicro.com/en_us/research/24/b/earth-lusca-uses-geopolitical-lure-to-target-taiwan.html</a></li></ul><a href="https://infosec.exchange/tags/iSoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iSoon</a> <a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> <a href="https://infosec.exchange/tags/Anxun" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Anxun</a> <a href="https://infosec.exchange/tags/Leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Leak</a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberespionage</a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> <a href="https://infosec.exchange/tags/MustangPanda" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MustangPanda</a> <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> <a href="https://infosec.exchange/tags/Winnti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Winnti</a> <a href="https://infosec.exchange/tags/MPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MPS</a> <a href="https://infosec.exchange/tags/RedHotel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedHotel</a> <a href="https://infosec.exchange/tags/EarthLusca" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EarthLusca</a> <a href="https://infosec.exchange/tags/CharcoalTyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CharcoalTyphoon</a> <a href="https://infosec.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

Not SimonOn the I-Soon leaks: Unit 42 assesses with high confidence that the leaks are genuine. Through analysis of the leaked data, Unit 42 has identified actor-owned infrastructure and potential malware related to historic reporting on Chinese threat actors. 🔗 <a href="https://unit42.paloaltonetworks.com/i-soon-data-leaks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://unit42.paloaltonetworks.com/i-soon-data-leaks/</a><a href="https://infosec.exchange/tags/iSoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iSoon</a> <a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> <a href="https://infosec.exchange/tags/Anxun" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Anxun</a> <a href="https://infosec.exchange/tags/Leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Leak</a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberespionage</a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> <a href="https://infosec.exchange/tags/MustangPanda" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MustangPanda</a> <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> <a href="https://infosec.exchange/tags/Winnti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Winnti</a> <a href="https://infosec.exchange/tags/MPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MPS</a> <a href="https://infosec.exchange/tags/RedHotel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedHotel</a> <a href="https://infosec.exchange/tags/EarthLusca" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EarthLusca</a> <a href="https://infosec.exchange/tags/CharcoalTyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CharcoalTyphoon</a> <a href="https://infosec.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

Not SimonNew York Times also covers the I-Soon leak: 🔗 <a href="https://www.nytimes.com/2024/02/22/business/china-leaked-files.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.nytimes.com/2024/02/22/business/china-leaked-files.html</a><blockquote>Taken together, the files offered a rare look inside the secretive world of China’s state-backed hackers for hire. They illustrated how Chinese law enforcement and its premier spy agency, the Ministry of State Security, have reached beyond their own ranks to tap private-sector talent in a hacking campaign that United States officials say has targeted American companies and government agencies.</blockquote><a href="https://infosec.exchange/tags/iSoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iSoon</a> <a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> <a href="https://infosec.exchange/tags/Anxun" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Anxun</a> <a href="https://infosec.exchange/tags/Leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Leak</a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberespionage</a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> <a href="https://infosec.exchange/tags/MustangPanda" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MustangPanda</a> <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> <a href="https://infosec.exchange/tags/Winnti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Winnti</a> <a href="https://infosec.exchange/tags/MPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MPS</a> <a href="https://infosec.exchange/tags/RedHotel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedHotel</a> <a href="https://infosec.exchange/tags/EarthLusca" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EarthLusca</a> <a href="https://infosec.exchange/tags/CharcoalTyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CharcoalTyphoon</a> <a href="https://infosec.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

Not Simon<a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@briankrebs</a> reports on the I-Soon leak: 🔗 <a href="https://krebsonsecurity.com/2024/02/new-leak-shows-business-side-of-chinas-apt-menace/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2024/02/new-leak-shows-business-side-of-chinas-apt-menace/</a><blockquote>A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry.</blockquote><a href="https://infosec.exchange/tags/iSoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iSoon</a> <a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> <a href="https://infosec.exchange/tags/Anxun" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Anxun</a> <a href="https://infosec.exchange/tags/Leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Leak</a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberespionage</a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> <a href="https://infosec.exchange/tags/MustangPanda" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MustangPanda</a> <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> <a href="https://infosec.exchange/tags/Winnti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Winnti</a> <a href="https://infosec.exchange/tags/MPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MPS</a> <a href="https://infosec.exchange/tags/RedHotel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedHotel</a> <a href="https://infosec.exchange/tags/EarthLusca" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EarthLusca</a> <a href="https://infosec.exchange/tags/CharcoalTyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CharcoalTyphoon</a>

cryptaxUsing Colander to organize your malware analysis: example on Android/WyrmSpy<a href="https://cryptax.medium.com/organizing-malware-analysis-with-colander-example-on-android-wyrmspy-1f3ec30ae33b" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cryptax.medium.com/organizing-malware-analysis-with-colander-example-on-android-wyrmspy-1f3ec30ae33b</a><a href="https://mastodon.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://mastodon.social/tags/WyrmSpy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WyrmSpy</a> <a href="https://mastodon.social/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a> <a href="https://mastodon.social/tags/Colander" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Colander</a> <a href="https://infosec.exchange/@pts" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@pts</a>

Stillif you need a quick reminder on what KeyPlug is, <a href="https://infosec.exchange/@SentinelLabs" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@SentinelLabs</a> published a relevant article yesterday <a href="https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/</a>tldr it's a known multi-platform arsenal from Chinese <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a>, usually <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT41</a>

Recent searches

Search options

Administered by:

Server stats:

#apt41