Hackers use Golang source code interpreter to evade detection

A Chinese-speaking hacking group tracked as ‘DragonSpark’ was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. The attacks are tracked by SentinelLabs, whose researchers report that DragonSpark relies on a Read More …

Chinese Playful Taurus Activity in Iran

Playful Taurus, also known as APT15, BackdoorDiplomacy, Vixen Panda, KeChang and NICKEL, is a Chinese advanced persistent threat group that routinely conducts cyber espionage campaigns. The group has been active since at least 2010 and has historically targeted government and Read More …

Hackers target Japanese politicians with new MirrorStealer malware

A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named ‘MirrorStealer.’ The campaign was discovered by ESET, whose analysts report they Read More …

Internet Explorer 0-day exploited by North Korean actor APT37

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. This blog will describe a 0-day vulnerability, discovered by TAG in late October 2022, embedded in malicious documents and used to target users in Read More …

All India Institute of Medical Sciences restores e-Hospital data after cyber attack

The server at the All India Institute of Medical Sciences (AIIMS) in Delhi has been down for the eighth day in a row, and according to reports, more analysts from Delhi are under consideration for suspension for cybersecurity violations after Read More …

Cloudflare finds a way through China’s network defences

Cloudflare has found a way to extend some of its services across the Great Firewall and into mainland China. “Performance and reliability for traffic flows across the mainland China border have been a consistent challenge for IT teams within multinational Read More …

Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia

Mandiant Managed Defense recently identified cyber espionage activity that heavily leverages USB devices as an initial infection vector and concentrates on the Philippines. Mandiant tracks this activity as UNC4191 and we assess it has a China nexus. UNC4191 operations have Read More …

WannaRen Returns as Life Ransomware, Targets India

Although not as well-known as ransomware families such as Ryuk, REvil, or Maze, WannaRen ransomware made a name for itself back in 2020 after it launched attacks against Chinese internet users, infecting tens of thousands of victims. However, it has Read More …

Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries

State-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted. Symantec, by Broadcom Software, was able to link this activity to a group we track as Billbug due Read More …