China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware Storm-1175 exploits 16+ CVEs since 2023, including zero-days, enabling rapid Medusa ransomware attacks within 24 hours.

与中国相关的黑客组织Storm-1175利用0day漏洞72小时内部署Medusa勒索软件。近期发生的网络入侵事件对澳大利亚、英国和美国的医疗机构以及教育、专业服务和金融行业的机构造成了严重影响。
thehackernews.com/2026/04/chin...

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and enabling remote control.

StoatWaffle 攻击：朝鲜黑客滥用 VS Code 自动执行功能，实现“打开即中招”
#网络安全 #软件供应链攻击 #开发者安全 #StoatWaffle #朝鲜

thehackernews.com/2026/03/nort...

Alleged Cyberattack on Crunchyroll Exposes Risks in Outsourced Systems Reports allege a March 12, 2026 data breach at Crunchyroll that exposed nearly 100GB of user data—including email addresses, IPs, passwords, and some credit card information—after an attacker gained access via a third‑party vendor. Crunchyroll has not confirmed the full scope, but the incident underscores risks from outsourced ticketing and support...

A reported cyberattack on Crunchyroll on March 12, 2026, exposed nearly 100GB of user data via a third-party vendor, including emails, IPs, passwords, and some credit card info. #DataBreach #ThirdPartyRisk #USA

Check Point 最新研究显示，在美以对伊朗发动打击后不久，与中国有关的网络威胁行为者开始将部分攻击目标转向卡塔尔。

相关活动利用与地区冲突相关的诱饵内容，试图投递 PlugX 和 Cobalt Strike 等工具，显示出网络间谍行为者在地缘政治事件发生时能够迅速调整其行动重点。
#网络安全 #网络间谍活动 #地缘政治风险 #威胁情报

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries AI-powered CyberStrikeAI linked to 600 FortiGate breaches in 55 countries, with 21 IPs tied to China-based infrastructure.

600多台 Fortinet FortiGate 设备在全球被攻破。一次利用 AI 的攻击行动所使用的黑客平台由一名中国开发者打造，并与包括 Knownsec 在内的中国网络安全公司存在关联。
#网络安全 #AI网络攻击 #网络威胁 #Fortinet

thehackernews.com/2026/03/open...

Silver Fox APT Uses DLL Sideloading and BYOVD Techniques in Sophisticated Malware Attacks The cybersecurity community recently witnessed the emergence of targeted malware campaigns linked to the Silver Fox threat group. This operation focuses heavily on Asia, targeting local organizations with carefully localized lures. By disguising attacks as routine business communications, actors successfully distributed the Winos 4.0 malware, known as ValleyRat, into corporate networks. To compromise victim systems, attackers leverage deceptive phishing emails containing malicious attachments or embedded links. These messages closely impersonate official government correspondence, such as tax audit notifications, software installers, and electronic invoice downloads. Tax-themed phishing (Source – Fortinet) When a user interacts with these files, they trigger a complex infection chain that operates quietly, minimizing the chances of immediate user suspicion. The final impact of a successful infection is severe, leading to widespread file encryption and extensive data theft that can fuel further cyberattacks. Attacker’s domain (Source – Fortinet) Fortinet researchers identified the malware and its infrastructure as highly volatile, utilizing a rotating network of cloud domains to host their payloads. This rapid shifting of resources makes traditional static domain blocking mostly ineffective as a primary defense measure against the ongoing Winos 4.0 operations. Advanced Detection Evasion Techniques Once inside a network, the Silver Fox group employs advanced detection evasion strategies to maintain access and control. The attackers deliver an archive containing a legitimate application that secretly sideloads a malicious dynamic link library into memory. The execution file and the malicious DLL file (Source – Fortinet) This stage sets the foundation for a “Bring Your Own Vulnerable Driver” attack. The malware loads a validity-signed Windows kernel-mode driver, named wsftprm.sys, to silently acquire elevated system privileges without alerting administrators. Archive contents with LNK and social-engineering decoys (Source – Fortinet) After securing kernel-level access, the malicious driver enters a continuous monitoring loop to identify and terminate active security processes. By targeting a vast array of popular antivirus and endpoint protection tools , the malware creates a completely blind environment. This allows Winos 4.0 to operate, escalate its privileges, and maintain remote communication with its command server unimpeded. To effectively defend against these highly sophisticated techniques, organizations must treat all unexpected documents and external links with extreme caution. Security teams should implement behavioral monitoring tools, continuously update endpoint protection signatures, and deploy strong email filtering solutions to proactively detect evasive phishing attempts before they occur. Follow us on  Google News ,  LinkedIn , and  X  to Get More Instant Updates ,  Set CSN as a Preferred Source in  Google . The post Silver Fox APT Uses DLL Sideloading and BYOVD Techniques in Sophisticated Malware Attacks appeared first on Cyber Security News .

Silver Fox APT Uses DLL Sideloading and BYOVD Techniques in Sophisticated Malware Attacks

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillanc…
#hackernews #news

Google: China's APT31 used Gemini to plan US cyberattacks : Meanwhile, IP-stealing 'distillation attacks' on the rise

遭制裁的中国政府背景黑客组织，被曝利用谷歌AI聊天机器人Gemini自动分析漏洞，并策划针对美国机构的网络攻击。
#网络安全威胁 #AI安全 #网络攻防

www.theregister.com/2026/02/12/g...

North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware

North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms #cybersecurity #infosec #hacking

www.infosecurity-magazine.com/news/north-k...

Chinese hackers reportedly penetrate UK Networks, putting millions at risk of eavesdropping, tracking Chinese state-linked hackers reportedly breached UK telecoms, including Downing Street, giving potential access to millions of calls and messages.

中国黑客据称在全球网络间谍行动中获得英国电信系统的完全访问权限
#中国 #黑客 #网络间谍行动 #网络安全
www.ibtimes.co.uk/chinese-hack...

The Many Arms of the MSS: Why Provincial Bureaus Matter in China’s Cyber Operations To defend systems, one must first pinpoint the source of malicious activity. Most cyber threat intelligence (CTI) firms focus on tactical and operational attribution: tactical attribution identifies a...

The Many Arms of the MSS: Why Provincial Bureaus Matter in China’s Cyber Operations malware.news/t/the-many-a...

#China #Chinese #MSS #provincial #cyber #hack #hacking #hacked

#中國 #中國人 #國家安全部 #省級 #網路 #駭客攻擊 #駭客入侵 #被駭

Chinese-Linked Badbox 2.0 Botnet Exposed with Ties to Kimwolf Malware Network The *Badbox 2.0* botnet, composed of Android TV boxes infected with preinstalled malware, is operated from China. Cybercriminals controlling the *Kimwolf* botnet (with over 2 million compromised devices) shared a screenshot suggesting access to *Badbox 2.0*'s control panel. The FBI and Google are investigating its operators. Several Chinese entities are mentioned, including *Beijing Astrolink Wireless Digital Technology Co. Ltd.*, *Beijing Hengchuang Vision Mobile Media Technology Co. Ltd.*, and email addresses linked to individuals such as *Chen Daihai* and *Zhu Zhiyu*. No specific date or detailed technical impact is provided.

📌 Chinese-Linked Badbox 2.0 Botnet Exposed with Ties to Kimwolf Malware Network www.cyberhub.blog/article/18645-chinese-li...

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group Rapid7 links China-linked Lotus Blossom to a 2025 Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates, fixed in v8.8.9

与中国有关的黑客组织Lotus Blossom被归因于最近发现的托管Notepad++的基础设施遭到的破坏。
thehackernews.com/2026/02/note...

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines Researchers found Chinese-linked attackers abused SonicWall VPN access and VMware ESXi zero-day flaws to escape VMs and gain hypervisor control.

据信使用中文的威胁行为者利用一台已被攻破的 SonicWall VPN 设备作为初始入侵入口，随后部署了一种针对 VMware ESXi 的漏洞利用。该漏洞利用可能在其所依赖的三个安全漏洞被公开披露之前一年多就已被开发出来。
#中国 #漏洞利用 #网络安全 #威胁情报 #VMware #ESXi #VPN安全
thehackernews.com/2026/01/chin...

中国黑客组织 Salt Typhoon 被揭露入侵美国众议院工作人员的邮箱。这组织针对涉及中国、情报和军事委员会的工作人员展开网络间谍活动，窃取敏感信息。 #SaltTyphoon #中国 #网络间谍
www.technadu.com/chinese-hack...

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security tools.

HoneyMyte APT（又名Mustang Panda、Bronze President）使用内核态RootKit植入TONESHELL后门，攻击亚洲政府系统。
#中国 #恶意软件 #APT #MustangPanda #HoneyMyte

thehackernews.com/2025/12/must...

2 Chinese Hackers Trained in Cisco Program Now Leading Sophisticated Attacks on Cisco Devices

2 Chinese Hackers Trained in Cisco Program Now Leading Sophisticated Attacks on Cisco Devices

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems CISA details China-linked BRICKSTORM malware that enables persistent, stealthy access in VMware and Windows systems.

最近的CISA报告称，中国黑客又针对政府和IT行业，利用成为BRICKSTORM的后门程序以维持对受损系统的长期稳控。
thehackernews.com/2025/12/cisa...

Thor vs. Silver Fox – Uncovering and Defeating a Sophisticated ValleyRat Campaign - Nextron Systems Deep dive into the Silver Fox ValleyRat malware campaign, infection chain, driver abuse, and THOR’s detection capabilities.

Thor vs. Silver Fox – Uncovering and Defeating a Sophisticated ValleyRat Campaign | Nextron Systems analysis attributes the described operation to the China-aligned APT commonly referred to as Silver Fox | www.nextron-systems.com/2025/11/28/t...

PlushDaemon compromises network devices for adversary-in-the-middle attacks ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks.

ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks | www.welivesecurity.com/en/eset-rese... @esetofficial.bsky.social

朝鲜黑客组织Lazarus利用恶意软件ScoringMathTea攻击欧洲无人机制造商

#网络犯罪 #网络安全 #黑客 #朝鲜黑客 #朝鲜 #恶意软件 #网络攻击 #lazarus #DreamJob #网络钓鱼

North Korea led the world in nation-state hacking in Q2 and Q3 Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends.

North Korea led the world in nation-state hacking in Q2 and Q3

#northkorea #hacking #cybersecurity #cyberthreat

www.cybersecuritydive.com/news/north-k...

Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months Chinese group Jewelbug hacked a Russian IT provider, exploiting Microsoft tools and exfiltrating data via Yandex Cloud.

一名与中国有关联的威胁组织被指控对一家俄罗斯IT服务提供商发动了长达五个月的入侵行动，标志着该黑客组织的攻击范围已从东南亚和南美洲扩展至俄罗斯
#中国 #威胁组织 #俄罗斯 #入侵行动 #jewelbug

thehackernews.com/2025/10/chin...

China-linked groups are using stealthy malware to hack software suppliers Google, which disclosed the campaign, said it was one of the most significant supply-chain hacks in recent memory.

与中国有联系的团体部署隐形恶意软件来渗透软件供应商系统

#中国 #恶意软件 #网络安全 #UNC5221

www.cybersecuritydive.com/news/china-e...

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks PlugX and Bookworm campaigns strike Asian telecom and ASEAN targets using DLL side-loading and modular RATs.

中国黑客正利用PlugX的新变种，攻击亚太地区电信和制造业 #中国 #APT #恶意软件 #PlugX thehackernews.com/2025/09/chin...

中国黑客组织RedNovember利用Pantegana和Cobalt Strike恶意软件攻击全球政府
#中国 #中国黑客 #恶意软件 #网络安全 #CobaltStrike #Pantegana

中国的一个高级持续性威胁（APT）组织利用一种名为 EggStreme 的新型无文件恶意软件框架，成功入侵了菲律宾的一家军事企业。
#china #中国 #恶意软件 #APT

GhostRedirector: Chinese hackers plague Windows servers ESET Research has discovered a new Chinese hacker group. The group, dubbed “GhostRedirector,” has already compromised 65 Windows servers ...

#Security #Backdoor #China #cybersecurity #Eset #Hackers #malware #windows

Origin | Interest | Match