A recently disclosed cyber espionage operation, dubbed LapDogs, has drawn scrutiny following revelations from SecurityScorecard’s Strike Team. The operation, believed to be conducted by China-aligned threat actors, has quietly infiltrated over 1,000 devices across the United States, Japan, South Korea, Taiwan, and Hong Kong.
What makes this campaign distinctive is its use of hijacked SOHO routers and IoT hardware, transforming them into Operational Relay Boxes (ORBs) for sustained surveillance. LapDogs is an ongoing campaign, active since September 2023, targeting real estate, media, municipal, and IT sectors. Devices from known vendors such as Buffalo Technology and Ruckus Wireless have reportedly been compromised.
Read more…
Source:TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Anubis Android Malware Returns with Over 17,000 Samples
July 8, 2019
The 2018 mobile threat landscape had banking trojans that diversified their tactics and techniques to evade detection and further monetize their malware — and in the case of the Anubis Android malware, retooled for other malicious activities. Anubis underwent several changes since it first emerged, from being used for cyberespionage to being retooled as a banking malware, combining information ...
- ‘Twas the night before
July 4, 2019
Recently, the United States Cyber Command (USCYBERCOM Malware Alert @CNMF_VirusAlert) highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it’s important to restate yet again that we defend customers, and research malware and intrusions, regardless of their source. Accordingly, subscribers to ...
- Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi
July 4, 2019
Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea. This ...
- Sodin ransomware exploits Windows vulnerability and processor architecture
July 3, 2019
When Sodin (also known as Sodinokibi and REvil) appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers. In a detailed analysis, we discovered that it also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows (rare among ransomware), and uses legitimate processor ...
- Making Intelligence Actionable: Cybersecurity Preparedness in the Credit Union Industry
July 3, 2019
As the threat landscape continues to evolve, organizations need to be increasingly proactive in their approach to cybersecurity. One industry that’s taken proactive measures toward cybersecurity preparedness is the credit union industry. Over the last couple of years, the National Credit Union Administration (NCUA) developed a tool called the Automated Cybersecurity Examination Tool (ACET) to help credit unions ...
- US Cyber Command issues alert about hackers exploiting Outlook vulnerability
July 2, 2019
US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday. The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook ...