Google: Chinese state hackers target Ukraine’s government
- March 18, 2022
- 09:58 AM
- 0
Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine.
Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group.
"Over the last few weeks Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties," Leonard said.
"While our priority is providing notifications to impacted parties, we've provided related IOCs to community partners, and we will publish more details for the security community in the near future."
The group's head, Shane Huntley, also confirmed Leonard's assessment, saying that "the Ukraine war isn't only attracting interest from European threat actors. China is working hard here too."
This aligns with claims made by the Intrusion Truth, a secretive group known for its work on exposing suspected Chinese hacking operations, on Tuesday saying that it's aware of Chinese threat actors targeting Ukraine, likely at the behest of the Chinese government.
> Intrusion Truth also asked infosec experts to share any indicators or samples linked to Chinese malicious activity in Ukraine via public or anonymous channels.
I would assume this is cyber espionage, which would be expected, though still not good. https://t.co/SeJWEYrWRv
— John Hultquist (@JohnHultquist) March 15, 2022
Chinese state hackers also targeting Europe
Google TAG's report of ongoing Chinese cyber operations in Ukraine follows another warning issued one week ago regarding a Chinese-backed hacking group tracked as APT31 targeting Gmail users affiliated with the US government.
One day earlier, Google security analysts revealed that Russian and Belarusian targeted Ukrainian and European government and military orgs in widespread phishing and DDoS attacks.
"In the last 12 months, TAG has issued hundreds of government-backed attack warnings to Ukrainian users alerting them that they have been the target of government-backed hacking, largely emanating from Russia," said Shane Huntley, Google's TAG lead.
Google added that the Chinese-backed hacking group Mustang Panda (aka Temp.Hex and TA416) has also switched to phishing attacks against European organizations using lures related to the invasion of Ukraine.
The same day, Proofpoint revealed it detected Mustang Panda phishing "European diplomatic entities, including an individual involved in refugee and migrant services."
Telegram banned by Brazilian Supreme Court over missed emails
Brazilian Supreme Federal Court Justice Alexandre de Moraes banned Telegram on Friday from operating in the country and asked the National Telecommunications Agency to notify internet providers to block the messaging app within five days.
- March 18, 2022
- 07:05 PM
1
Windows 11 adds a BitLocker exclusion policy for USB drives
Microsoft has released a new Windows 11 build with a long list of changes, improvements, fixes for known issues, available for all Windows Insiders that will install the Windows 11 Insider Preview Build 22579 pushed to the Dev Channel.
- March 18, 2022
- 04:36 PM
- 0
The Week in Ransomware - March 18th 2022 - Targeting the auto industry
This week, the automotive industry has been under attack, with numerous companies exhibiting signs of breaches or ransomware activity.
- March 18, 2022
- 04:11 PM
- 0
Free decryptor released for TrickBot gang's Diavol ransomware
Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom.
- March 18, 2022
- 03:35 PM
- 0
Hackers claim to breach TransUnion South Africa with 'Password' password
TransUnion South Africa has disclosed that hackers breached one of their servers using stolen credentials and demanded a extortion demand not to release stolen data.
- March 18, 2022
- 11:32 AM
- 1
DarkHotel hacking campaign targets luxury Macao resorts
The South Korean DarkHotel hacking group has been spotted in a new campaign spanning December 2021 through January 2022, targeting luxury hotels in Macao, China.
- March 18, 2022
- 10:51 AM
- 0
CISA, FBI warn US critical orgs of threats to SATCOM networks
CISA and the FBI warned US critical infrastructure organizations of potential threats targeting satellite communication (SATCOM) networks in the US and worldwide.
- March 17, 2022
- 06:57 PM
- 1
New Unix rootkit used to steal ATM banking data
Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions.
- March 17, 2022
- 06:23 PM
- 0
Microsoft reminds of Internet Explorer's looming demise in June
Microsoft has reminded Windows customers today that they'll finally retire the Internet Explorer 11 web browser from some Windows 10 versions in June and replace it with the new Chromium-based Microsoft Edge.
- March 17, 2022
- 02:13 PM
- 1
ASUS warns of Cyclops Blink malware attacks targeting routers
Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk.
- March 17, 2022
- 01:12 PM
- 0
Europe warns of aircraft GPS outages tied to Russian invasion
The European Union Aviation Safety Agency (EASA), EU's air transport safety and environmental protection regulator, warned today of intermittent outages affecting Global Navigation Satellite Systems (GNSS) linked to the Russian invasion of Ukraine.
- March 17, 2022
- 12:28 PM
- 0
Microsoft creates tool to scan MikroTik routers for TrickBot infections
The TrickBot trojan has just added one more trick up its sleeve, now using vulnerable IoT (internet of things) devices like modem routers as proxies for its C2 (command and control) server communication.
- March 17, 2022
- 08:22 AM
- 0
No comments:
Post a Comment