Since 2022, the BerBeroka group has been mentioned in every annual report released by the QiAnXin Threat Intelligence Center. The group was disclosed by QiAnXin friendly company Trend Micro.
QiAnXin researchers have continued to track it under this name after merging internal groups. In fact, BerBeroka is the same as group such as DRBControl and TAG33 . It has invaded China’s financial, hospital medical, and gaming industries, with the scale of victims far exceeding the APT-Q- 29 and BlackTech QiAnXin disclosed previously. This type of attack is different from the black industry of delivering XXX.exe to WeChat groups . The outsourced attackers themselves have very rich experience in infiltration at home and abroad.
Read more…
Source: QiAnXin Threat Intelligence Center
Related:
- DOGE employee stole Social Security data and put it on a thumb drive
March 10, 2026
A former employee of Elon Musk’s Department of Government Efficiency reportedly stole Americans’ personal data from the U.S. Social Security Administration and stored it on a thumb drive, according to a whistleblower complaint reported by The Washington Post. The former DOGE software engineer told co-workers at his new job that he “possessed two tightly restricted databases ...
- Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack
March 10, 2026
After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn’t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we’re sure is a welcome change to sysadmins. Another eight ...
- US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine
March 10, 2026
A mass hacking campaign targeting iPhone users in Ukraine and China used tools that were likely designed by U.S. military contractor L3Harris, TechCrunch has learned. The tools, which were intended for Western spies, wound up in the hands of various hacking groups, including Russian government spooks and Chinese cybercriminals. Last week, Google revealed that over the ...
- Polish cops bust alleged teen DDoS kit sellers – youngest just 12
March 10, 2026
Polish police have referred seven suspected juvenile cybercriminals to family court over an alleged scheme to flog DDoS kits online. The youths, aged between 12 and 16 at the time of the alleged offenses, all face charges related to selling DDoS tools in what police described as a purely profit-driven scheme. Poland’s Central Bureau for Combating ...
- Salt Typhoon is hacking the world’s phone and internet giants
March 9, 2026
Salt Typhoon is behind one of the broadest hacking campaigns in recent years, targeting some of the world’s largest phone and internet companies and stealing tens of millions of phone records about senior government officials. The hacking group, attributed to China, is part of a wider cluster of hackers with the collective aim of helping China ...
- ShinyHunters claims more high-profile victims in latest Salesforce customers data heist
March 9, 2026
ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself. “Have stolen data from almost 400 websites and about 100 essential high profile companies Snowflake, Okta, Lastpass, Salesforce itself, Sony, AMD, and a lot more,” a ShinyHunters spokesperson told us, adding ...