3d strike for Microsoft defending against Chinese, Russian hackers#Block2 #ChineseHackers #Cloud #FedRAMP #GCCHigh #Microsoft #Russianhackers #Technology

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware considered distribution strategies read more about Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware reconbee.com/chinese-hack...

#chinesehackers #hackers #chinese #southeastasian #southeastasia #AppleChris #Memfun #malware #malwareattack

Chinese Spies Turn Google Sheets Into Command-and-Control Infrastructure for Global Espionage Campaign In what may be one of the most creative abuses of legitimate cloud services yet discovered, Chinese state-sponsored hackers have been using Google Sheets as command-and-control (C2) infrastructure to ...

Chinese state-sponsored hackers used Google Sheets as a command and control (C2) infrastructure to coordinate a global espionage campaign breached.company/chinese-spie...

#APT #ChineseHackers #GoogleSheets

Palo Alto Softens China Hack Attribution Over Beijing Retaliation Fears  Palo Alto Networks is facing scrutiny after reports that it deliberately softened public attribution of a vast cyberespionage campaign that its researchers internally linked to China. According to people familiar with the matter, a draft from its Unit 42 threat intelligence team tied the prolific hacking group, dubbed “TGR-STA-1030,” directly to Beijing, but the final report described it only as a “state-aligned group that operates out of Asia.” The change has reignited debate over how commercial cybersecurity firms navigate geopolitical pressure while disclosing state-backed hacking operations.  The underlying campaign, branded “The Shadow Campaigns,” involved years-long reconnaissance and intrusions spanning nearly every country, compromising government and critical infrastructure targets in at least 37 nations. Investigators noted telltale clues suggesting a Chinese nexus, including activity patterns aligned with the GMT+8 time zone and tasking that appeared to track diplomatic flashpoints involving Beijing, such as a focus on Czech government systems after a presidential meeting with the Dalai Lama. The operators also reportedly targeted Thailand shortly before a high‑profile state visit by the Thai king to China, hinting at classic intelligence collection around sensitive diplomatic events.  According to sources cited in the report, Palo Alto executives ordered the language to be watered down after China moved to ban software from about 15 U.S. and Israeli cybersecurity vendors, including Palo Alto, on national security grounds. Leadership allegedly worried that an explicit attribution to China could trigger further retaliation, potentially putting staff in the country at risk and jeopardizing business with Chinese or China‑exposed customers worldwide. The episode illustrates the mounting commercial and personal-security stakes facing global security vendors that operate in markets where they may also be calling out state-backed hacking.  The researchers who reviewed Unit 42’s technical findings say they have observed similar tradecraft and infrastructure in activity they already attribute to Chinese state-sponsored espionage. U.S. officials and independent analysts have for years warned of increasingly aggressive Chinese cyber operations aimed at burrowing into critical infrastructure and sensitive government networks, a trend they see reflected in the Shadow Campaigns’ breadth and persistence. While Beijing consistently denies involvement in hacking, the indicators described by Palo Alto and others fit a pattern Western intelligence agencies have been tracking across multiple high‑impact intrusions.  China’s embassy in Washington responded by reiterating that Beijing opposes “all forms of cyberattacks” and arguing that attribution is a complex technical issue that should rest on “sufficient evidence rather than unfounded speculation and accusations.” The controversy around Palo Alto’s edited report now sits at the intersection of that diplomatic line and the realities of commercial risk in authoritarian markets. For the wider cybersecurity industry, it underscores a hardening dilemma: how to speak plainly about state-backed intrusions while safeguarding employees, customers, and revenue in the very countries whose hackers they may be exposing.

Palo Alto Softens China Hack Attribution Over Beijing Retaliation Fears #APT28CyberEspionage #ChineseHackers #CyberAttacks

A suspected China-based hacking group spun up a phishing campaign around Christmas that mimicked U.S. policy briefings in an attempt to hack diplomats, according to new research from cybersecurity firm Dream Security.

#Chinesehackers #Hackers #Phishing

Chinese Hackers Hijack Notepad++ Updates for 6 Months State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.

Chinese Hackers Hijack Notepad++ Updates for 6 Months
www.darkreading.com/application-...

#Infosec #Security #Cybersecurity #CeptBiro #ChineseHackers #Hijack #Notepad++

#chinesehackers #wiretap #needlejuice #minidisc #minidisccollection #minidiscforever #minidisccollector

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware administer server systems read more about China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware reconbee.com/china-aligne...

#china #chinese #chinesehackers #Windows #espionagemalware #malware #malwareattack

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1000+ Domains attacked the telecommunications read more about APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1000+ Domains

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains reconbee.com/apt24-deploy...

#APT24 #BADAUDIO #espionage #taiwan #chinesehackers #chinese #cyberattack

Knownsec Data Leak Exposes Deep Cyber Links and Global Targeting Operations  A recent leak involving Chinese cybersecurity company Knownsec has uncovered more than 12,000 internal documents, offering an unusually detailed picture of how deeply a private firm can be intertwined with state-linked cyber activities. The incident has raised widespread concern among researchers, as the exposed files reportedly include information on internal artificial intelligence tools, sophisticated cyber capabilities, and extensive international targeting efforts. Although the materials were quickly removed after surfacing briefly on GitHub, they have already circulated across the global security community, enabling analysts to examine the scale and structure of the operations.  The leaked data appears to illustrate connections between Knownsec and several government-aligned entities, giving researchers insight into China’s broader cyber ecosystem. According to those reviewing the documents, the files map out international targets across more than twenty countries and regions, including India, Japan, Vietnam, Indonesia, Nigeria, and the United Kingdom. Of particular concern are spreadsheets that allegedly outline attacks on around 80 foreign organizations, including critical infrastructure providers and major telecommunications companies. These insights suggest activity far more coordinated than previously understood, highlighting the growing sophistication of state-associated cyber programs.  Among the most significant revelations is the volume of foreign data reportedly linked to prior breaches. Files attributed to the leaks include approximately 95GB of immigration information from India, 3TB of call logs taken from South Korea’s LG U Plus, and nearly 459GB of transportation records from Taiwan. Researchers also identified multiple Remote Access Trojans capable of infiltrating Windows, Linux, macOS, iOS, and Android systems. Android-based malware found in the leaked content reportedly has functionality allowing data extraction from widely used Chinese messaging applications and Telegram, further emphasizing the operational depth of the tools.  The documents also reference hardware-based hacking devices, including a malicious power bank engineered to clandestinely upload data into a victim’s system once connected. Such devices demonstrate that offensive cyber operations may extend beyond software to include physical infiltration tools designed for discreet, targeted attacks. Security analysts reviewing the information suggest that these capabilities indicate a more expansive and organized program than earlier assessments had captured.  Beijing has denied awareness of any breach involving Knownsec. A Foreign Ministry spokesperson reiterated that China opposes malicious cyber activities and enforces relevant laws, though the official statement did not directly address the alleged connections between the state and companies involved in intelligence-oriented work. While the government’s response distances itself from the incident, analysts note that the leaked documents will likely renew debates about the role of private firms in national cyber strategies.  Experts warn that traditional cybersecurity measures—including antivirus software and firewall defenses—are insufficient against the type of advanced tools referenced in the leak. Instead, organizations are encouraged to adopt more comprehensive protection strategies, such as real-time monitoring systems, strict network segmentation, and the responsible integration of AI-driven threat detection.  The Knownsec incident underscores that as adversaries continue to refine their methods, defensive systems must evolve accordingly to prevent large-scale breaches and safeguard sensitive data.

Knownsec Data Leak Exposes Deep Cyber Links and Global Targeting Operations #Chinese #ChineseHackers #CyberSecurity

Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign measures to identify such attacks read more about Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign

Chinese Hackers Use Anthropic’s AI to Launch Automated Cyber Espionage Campaign reconbee.com/chinese-hack...

#chinesehackers #hackers #Anthropic #AI #cyberespionagecampaign #cyberespionage #cyberattack #chinese

Log4j to IIS China's Hackers Turn Legacy Bugs into Global Espionage Tools exploitation were successful read more about From Log4j to IIS China's Hackers Turn Legacy Bugs into Global Espionage Tools

From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools reconbee.com/log4j-to-iis...

#Log4j #IIS #chinahackers #chinesehackers #legacybugs #globalespionagetools #cyberattack

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats start a series of attacks read more about China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats reconbee.com/china-linked...

#china #chinesehackers #european #europe #diplomats #windows #hackers #hacking #hacked

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks mid-October 2024 read more about CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks reconbee.com/cisa-flags-v...

#CISA #VMware #zerodayexploit #chinahackers #chinesehackers #hacking #hacked #cyberattack

“Google Mandiant security analysts, who believe UNC5174 is a contractor for China's Ministry of State Security (MSS), have observed the threat actor selling access to networks of U.S. defense contractors …”

🚨
#UNC5174
#ChineseMalware
#ChineseHackers

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike private sector entities read more about Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike reconbee.com/chinese-hack...

#chinesehackers #hackers #RedNovemberhackers #governments #pantegana #cobaltstrike #cyberattack

Taiwanese Web Hosting Infrastructure Hit by UAT-7237  A recent report from Cisco Talos exposes a cyber intrusion by a suspected Chinese-government-backed hacking collective, tracked as UAT-7237, into a Taiwanese web hosting provider. The attackers aimed to steal credentials and implant backdoors, enabling persistent and covert access to sensitive infrastructure. The outfit has been active at least since 2022, based on forensic analysis of a remote server hosting SoftEther VPN—a favored tool for maintaining their foothold. The chosen VPN's configuration indicated a preference for Simplified Chinese, hinting at the attackers' origins.  Talos researchers believe UAT-7237 is a subgroup of the broader Chinese APT UAT-5918, which is notorious for targeting Taiwan's critical infrastructure and overlapping with other Chinese cyber gangs like Volt Typhoon and Flax Typhoon. Despite similarities, Talos distinguishes UAT-7237 by its unique operational tools and strategies.  UAT-7237 predominantly deploys Cobalt Strike as its main backdoor implant, while UAT-5918 leans on Meterpreter-based reverse shells and a greater number of web shells for remote access. UAT-7237, in contrast, uses a selective approach, deploying fewer web shells and leveraging direct remote desktop protocol (RDP) access and SoftEther VPN clients.  The report highlights that UAT-7237 exploits unpatched vulnerabilities on internet-facing servers for initial access. Once inside, the crew conducts quiet reconnaissance, seeking out valuable assets and setting up prolonged access. Their toolset blends custom and open-source software; notably, the SoundBill shellcode loader (based on VTHello, featuring decoy files from Chinese IM software QQ) is used for malware deployment.  For privilege escalation, UAT-7237 employs JuicyPotato, a tool favored by Chinese-speaking hackers, while credential stealing is achieved through multiple methods—Mimikatz for extracting credentials, registry and disk searches, and further exploitation with BAT files. The ssp_dump_lsass project, found on GitHub, is also used to dump LSASS memory and steal credentials. Network scanning is performed using FScan, allowing the group to map open ports on IP subnets and gather information about SMB services on target endpoints. Attackers then use stolen credentials to pivot laterally within the victim’s network, seeking further targets of interest.  Although Talos has not revealed the full scope of UAT-7237’s campaign or disclosed the vulnerabilities exploited, the findings underscore the importance of patching exposed systems and maintaining vigilant security practices. The published indicators of compromise serve as practical tools for organizations facing similar threats.

Taiwanese Web Hosting Infrastructure Hit by UAT-7237 #ChineseHackers #CyberAttacks #StolenCredentials

Chinese Hackers Exploit Software Vulnerabilities to Breach Targeted Systems China's Cyberspace Administration, Ministry of Public Security, and Ministry of Industry and Information Technology introduced.

Chinese Hackers Exploit Software Vulnerabilities to Breach Targeted Systems
gbhackers.com/chinese-hack...

#Infosec #Security #Cybersecurity #CeptBiro #ChineseHackers #Exploit #SoftwareVulnerabilities #Breach

Chinese Hacker Group Salt Typhoon Breaches U.S. National Guard Network for Nine Months  An elite Chinese cyber-espionage group known as Salt Typhoon infiltrated a U.S. state’s Army National Guard network for nearly nine months, according to a classified Pentagon report revealed in a June Department of Homeland Security (DHS) memo. The memo, obtained by the nonprofit Property of the People through a freedom of information request, indicates the hackers had deep access between March and December 2024, raising alarms about compromised military or law enforcement data.  Salt Typhoon has previously been linked to some of the most expansive cyber-intrusions into American infrastructure. This latest revelation suggests their reach was even broader than earlier believed. Authorities are still investigating the full extent of data accessed, including sensitive internal documents, personal information of service members, and network architecture diagrams. The affected state’s identity remains undisclosed.  The Department of Defense declined to comment on the matter, while a spokesperson from the National Guard Bureau confirmed the breach but assured that the incident did not hinder any ongoing state or federal missions. Investigations are ongoing to determine the scope and potential long-term impact of the breach.  China’s embassy in Washington did not directly deny the allegations but claimed the U.S. had not provided concrete evidence linking Salt Typhoon to the Chinese government. They reiterated that cyberattacks are a global threat and that China also faces similar risks.  Salt Typhoon is particularly notorious for its ability to infiltrate and pivot across different networks. In a prior campaign, the group was linked to breaches at major telecom companies, including AT&T and Verizon, where hackers allegedly monitored text messages and calls tied to U.S. political figures, including both Trump and Harris campaigns and Senate Majority Leader Chuck Schumer’s office. The hybrid structure of the National Guard — functioning under both federal and state authority — may have provided a wider attack surface. According to the DHS memo, the group may have obtained intelligence that could be used to compromise other states’ National Guard units and their local cybersecurity partners. Fourteen state National Guard units reportedly share intelligence with local fusion centers, potentially magnifying the risk.  In January 2025, the U.S. Treasury Department sanctioned a company in Sichuan believed to be facilitating Salt Typhoon operations for China’s Ministry of State Security. Past incidents have shown that Salt Typhoon can maintain access for years, making complete removal and defense particularly challenging.

Chinese Hacker Group Salt Typhoon Breaches U.S. National Guard Network for Nine Months #ChineseHackers #CyberAttacks #cyberespionage

Microsoft probing if Chinese hackers learned SharePoint flaws through alert, Bloomberg News reports (Reuters) -Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, Bloomberg News reported on Friday. A security patch Microsoft (NASDAQ:MSFT) released this month failed to fully fix a critical flaw in the U.S. tech giant’s SharePoint server software, opening the door to a sweeping global cyber espionage effort. In a blog post on Tuesday, Microsoft said two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the weaknesses, along with a third, also based in China. Microsoft did not immediately respond to a Reuters request for comment on the report.

Click Subscribe #Microsoft #CyberSecurity #ChineseHackers #SharePoint #DataBreach

Chinese Hackers Infiltrated SharePoint and What It Means for Enterprise Security Inside the Advanced Persistent Threat That Compromised Microsoft SharePoint—and the Cybersecurity Oversight That Made It Possible

🚨 Chinese hackers have infiltrated Microsoft SharePoint in a stealth APT attack—targeting agencies & enterprises worldwide. What does this mean for cloud security?
#Cybersecurity #SharePointBreach #APT #CloudSecurity #InfoSec #ChineseHackers

thecyberlens.com/p/chinese-ha...

Microsoft warns of Chinese hackers exploiting SharePoint vulnerabilities Investing.com -- Microsoft (NASDAQ:MSFT) has identified Chinese hackers exploiting vulnerabilities in on-premises SharePoint servers, leading to worldwide breaches in recent days. In a July 19 blog post, Microsoft Security Response Center detailed active attacks against SharePoint servers exploiting two critical vulnerabilities: CVE-2025-49706 (a spoofing vulnerability) and CVE-2025-49704 (a remote code execution vulnerability). The company has released comprehensive security updates for all supported versions of SharePoint Server to address these and related vulnerabilities. Microsoft has observed three China-based threat actors exploiting these vulnerabilities: Linen Typhoon, Violet Typhoon, and Storm-2603. The company expects more threat actors to integrate these exploits into their attacks against unpatched systems. The attackers have been observed conducting reconnaissance and attempting exploitation through POST requests to the ToolPane endpoint. After successful exploitation, they deploy web shells named "spinstall0.aspx" (or variations) to steal machine key data, enabling persistent access. Microsoft recommends customers immediately apply security updates, enable Antimalware Scan Interface (NASDAQ:TILE) (AMSI) in Full Mode, rotate SharePoint server ASP.NET machine keys, restart Internet Information Services (NASDAQ:III), and deploy Microsoft Defender for Endpoint or equivalent solutions. The exploitation attempts began as early as July 7, according to Microsoft’s analysis. Linen Typhoon has historically focused on stealing intellectual property from government and defense organizations, while Violet Typhoon targets former government personnel, NGOs, and educational institutions. Storm-2603 has previously deployed ransomware, though Microsoft cannot currently assess its objectives in these attacks. Microsoft emphasized that these vulnerabilities only affect on-premises SharePoint servers and do not impact SharePoint Online in Microsoft 365. This article was generated with the support of AI and reviewed by an editor. For more information see our T&C. With MSFT making headlines, savvy investors are asking: Is it truly valued fairly? In a market full of overpriced darlings, identifying true value can be challenging. InvestingPro's advanced AI algorithms have analyzed MSFT alongside thousands of other stocks to uncover hidden gems. These undervalued stocks, potentially including MSFT, could offer substantial returns as the market corrects. In 2024 alone, our AI identified several undervalued stocks that later surged by 30 or more. Is MSFT poised for similar growth? Don't miss the opportunity to find out.

Click Subscribe #Microsoft #CyberSecurity #Hacking #SharePoint #ChineseHackers

Chinese Attackers Suspected of Breaching a Prominent DC Law Firm  The next front in the silent war, which is being waged with keystrokes and algorithms rather than missiles, is the digital infrastructure of a prominent legal firm in Washington, DC.  Wiley Rein, a company known for negotiating the complex webs of power and commerce, has notified clients that suspected Chinese state-sponsored hackers have compromised its email accounts. This intrusion demonstrates Beijing's unrelenting pursuit of intelligence in a world that is becoming more and more divided.  A sophisticated operation is depicted in the Wiley Rein memo that CNN reviewed, indicating that the perpetrators are a group “affiliated with the Chinese government” who have a known appetite for information about trade, Taiwan, and the very US government agencies that set tariffs and examine foreign investments. Such information is invaluable in the high-stakes game of international affairs, particularly in light of the Trump administration's intensifying trade conflict with China. At the centre of this digital espionage is Wiley Rein.  Describing itself as "wired into Washington" and a provider of "unmatched insights into the evolving priorities of agencies, regulators, and lawmakers," serves as a critical channel for Fortune 500 companies dealing with the complexities of US-China trade relations. Its attorneys are on the front lines, advising clients on how to navigate the storm of unprecedented tariffs imposed on Chinese goods.  Gaining access to their communications entails looking directly into the tactics, vulnerabilities, and intentions of American enterprise and, by extension, elements of the US government. It is a direct assault on the intelligence that underpins economic and strategic decisions.  The firm has admitted the breach, stating that it is currently investigating the full extent of the breach and has contacted law enforcement, working closely with the FBI. Mandiant, a Google-owned security firm, is reportedly handling the remediation, indicating the specialised expertise required to overcome such advanced persistent threats.  However, the act of detection often lags significantly behind the initial breach, leaving uncertainty about what critical insights may have already been syphoned away.

Chinese Attackers Suspected of Breaching a Prominent DC Law Firm #ChineseHackers #DataBreach #DataLeak

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage academics studying infectious diseases read more about Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage reconbee.com/alleged-chin...

#chinesehackers #chinese #silktyphoon #cyberespionage #cyberattack

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government Telecoms just two of the many components read more about Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government Telecoms

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms reconbee.com/chinese-hack...

#chinesehackers #zerodayexploit #frenchgovernment #telecom #chinese #hackers #cyberattack #CSA #ivanti

#trends today for 'survey finds' 'pete hegseth' & 'chinese hackers'

Click/Tap below:

www.newsmason.com?query=%22sur...

www.newsmason.com?query=%22pet...

www.newsmason.com?query=%22chi...

#surveyfinds #petehegseth #chinesehackers

Chinese Hackers Target U.S. Phones in Growing Mobile Security Crisis China-Linked Hacks, User Errors Fuel Mobile Security Meltdown in the U.S. A growing number of mysterious smartphone crashes set off

Chinese Hackers Exploit Smartphone Security Gaps

#CyberSecurity #MobileSecurity #SmartphoneHacks #DataPrivacy #ChineseHackers #TechSecurity #CyberThreats #MobilePrivacy #DigitalSafety #SpywareAlert