china (102)

13565861454?profile=RESIZE_400xChinese authorities have accused a hacker group allegedly backed by Taiwan of carrying out a cyberattack on a local technology company and targeting sensitive infrastructure across the mainland, state media reported.  According to police in Guangzhou, the group, allegedly linked to Taiwan’s ruling Democratic Progressive Party (DPP), has targeted more than 1,000 key networks in over 10 Chinese provinces, including military, energy, transportation and government systems.

Chinese authorities said t

13561093465?profile=RESIZE_400xImproved satellite connectivity has made vessels more efficient at sea, but it has also left their operations and network systems more vulnerable to cyber-attacks.  That is one of the main takeaways from a newly released report, which lays out threats to the Marine Transportation System (MTS) that Coast Guard Cyber identified in 2024, as well as ways operators can strengthen their cyber defenses against them. 

The fourth annual Cyber Trends and Insights in the Marine Environment (CTIME) report i

13557334501?profile=RESIZE_400xIt is hard to believe that ten years have gone by since the devastating hack of the US Office of Personnel Management (OPM).  OPM handles all personnel matters for government employees, including all associated government documents.  BTW - I was a federal employee for 20 years and I am quite confident the CCP has all my personal information.  Ten years ago, that was big news.  Today, the threat remains high. 

US Senator Mark Warner warned the OPM last week that it should not end government contr

13553792679?profile=RESIZE_400xSecurity researchers have reported on an active Phishing-as-a-service (PhaaS) operation that victimized hundreds of thousands in just a few months.   According to Norwegian security firm Mnemonic, Darcula is designed to target iPhone and Android users with phishing messages, spoofing brands to trick them into handing over card details.  Operating globally, it convinces victims to click through on SMS, RCS, and iMessage texts impersonating brands such as delivery firms. Victims are asked to pay d

13538469687?profile=RESIZE_400xAccording to Dutch military intelligence, Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service.  "We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine," MIVD director Peter Reesink said in the agency's annual report.  In the Netherlands, we saw the first (Russian) cyber sabotage act against a public service, wi

13534902694?profile=RESIZE_400xChinese counterparts reveal that hacks had been targeting networks for years as a warning against aiding Taiwan.  China openly admitted it was behind a series of cyber-attacks on US infrastructure in a secret meeting with American officials, according to reports.  Members of the Chinese delegation indicated to their US counterparts in December 2024 that they had spent years targeting computer networks in electrical grids, water supplies and ports, in what appeared to be a warning against the US

13522972454?profile=RESIZE_400xIn Star Trek: The Next Generation episode “The Drumhead,” a Starfleet officer’s suspected espionage sparks an overzealous investigation that turns into a witch hunt, driven by paranoia.  Captain Picard’s warning about the dangers of overreaction, “With the first link, the chain is forged…,” underscores the importance of caution when assigning blame. This is highly relevant to the hacking of Ranveer Allahbadia’s YouTube channel, where suspicions point to Chinese hackers.  Although China has a his

13516508485?profile=RESIZE_400xUS President Donald Trump has offered a hint about the possible future ownership of TikTok’s American business, whilst speaking aboard Air Force One.  Trump on 9 March was quoted by Reuters as saying that his administration was in touch with four different groups about the sale of Chinese-owned TikTok, and that all options were good.  It comes after US President Joe Biden in April 2024 had signed a bill that gave Chinese owner ByteDance up to a year to divest TikTok or face a nationwide ban acro

13507179458?profile=RESIZE_400xIn January 2025, our friends at FortiGuard Labs observed an attack that used Winos4.0, an advanced malware framework actively used in recent threat campaigns, to target companies in Taiwan.  Figure 1 shows an example of the attack chain. Usually, there is a loader that is only used to load the malicious DLL file, and the Winos4.0 module is extracted from the shellcode downloaded from its C2 server.

Link to full report:  IR-25-063-002_Winos.pdf

13459031460?profile=RESIZE_400xBroadcom researchers recently reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups. “Tools that are usually associated with China-based espionage actors were recently deployed in an attack involving the RA World ransomware against an Asian software and services company,” reads the report published by Broadcom.

During the late 2024 attack, the attacker d

13450347090?profile=RESIZE_400xEnterprise cybersecurity tools, such as routers, firewalls, and VPNs, exist to protect corporate networks from intruders and malicious hackers, something that is particularly important in today’s age of widespread remote and hybrid working. But while pitched as tools that help organizations stay safe from outside threats, many of these products have time and again been found to contain software bugs that allow malicious hackers to compromise the very networks these products were designed to prot

13422559070?profile=RESIZE_400xOur friends from German media is reporting that the new US administration has dismissed all members of various advisory bodies not appointed by the government, bringing an investigation into the devastating cyber-attack on US providers to an abrupt halt.  This was reported by the news agency Reuters. According to trusted sources, the investigation into the attack by the Cyber Safety Review Board has been “killed,” as reported by Reuters.  US Senator Ron Wyden-D speaks of a “massive gift to the C

13407282094?profile=RESIZE_400xThe US Commerce Department on 14 January 2025 announced a new rule that will ban certain Chinese and Russian connected car technology from being imported to the United States.  Software and hardware built into Vehicle Connectivity Systems (VCS), such as telematics control units and cellular, satellite and Wi-fi functions, which are manufactured in China and Russia will be banned, along with any connected cars containing them.

Separately Russian and Chinese Automated Driving System (ADS) software

13405101854?profile=RESIZE_400xThe National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) says it has identified two major cyber espionage campaigns undertaken by the US cyber spies that hacked Chinese technology companies with the aim to steal trade secrets.  In a statement, CNCERT/CC said that advanced materials design and research unit and a large-scale high-tech company focused on intelligent energy and digital information were "suspected of being attacked by a US intelligence

13405265673?profile=RESIZE_400xThe U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has taken decisive action against Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its alleged involvement in malicious cyber activities targeting U.S. critical infrastructure. Announced on January 3, 2025, this move represents a significant escalation in the U.S. government's efforts to combat state-sponsored cyber threats.

Integrity Tech is accused of providing inf

13330395483?profile=RESIZE_192XA federal appeals court has upheld a law that could see TikTok banned across the US unless its Chinese parent company, ByteDance, divests its ownership.  The decision was issued by a three-judge panel from the US Court of Appeals for the District of Columbia Circuit on 06 December 2024, marking a significant setback for the video-sharing platform as it battles to remain operational in the United States.  The court ruled that the law, signed by President Joe Biden in April 2024, does not violate

13321041492?profile=RESIZE_400xThe US Treasury Department has sanctioned a Chinese cybersecurity vendor for allegedly trying to spread malware to approximately 81,000 firewall devices from Sophos.  The sanctions target Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, “for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide,” the Treasury Department said in last Tuesday’s announcement.  “More than 23,000 of the compromised firewalls were in the United States,” the

13223776865?profile=RESIZE_400xTwo Internet cables between Germany and Finland, as well as between Lithuania and Sweden, have experienced sudden outages. Located in northern Europe, the Baltic Sea is an active commercial shipping route ringed by nine countries, including Russia. The affected countries, all members of NATO, say that it is unlikely to be accidental. This happened in the same waterway in which a significant gas pipeline and other underground cables were previously damaged in mysterious circumstances in 2022. No,

13222727095?profile=RESIZE_400xThe US Coast Guard has issued a second security directive warning that Chinese ship-to-shore cranes used widely in the United States pose a cybersecurity risk. Maritime Security Directive 105-5 calls on port operators to take “risk management” measures to mitigate the threats.

Built-in vulnerabilities for remote access and control of the cranes “combined with intelligence regarding China’s interest in disrupting US critical infrastructure, necessitate immediate action,” according to a portion of

13159723064?profile=RESIZE_400xFor those of you old enough to remember party lines when using your telephones, you could not just pick up the phone and start talking, as there were likely two others on the same ‘line,’ until those talking would hang up their phones. So, you didn’t want to begin sharing any personal information with these two strangers. A party line (multiparty line, shared service line, party wire) is a local loop telephone circuit shared by multiple telephone service subscribers. Fast forward to 2024. The US