APT40 Advisory PRC MSS tradecraft in action

The PRC state-sponsored cyber group has previously targeted organisationsin various countries, including Australia and the United States, and the techniques highlighted below are regularly used by other PRC state-sponsored actors globally. Therefore, the authoring agencies believe the group, and similar Read More …

Springtail: New Linux Backdoor Added to Toolkit

Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to Read More …

SoumniBot: the new Android banker’s unique techniques

The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or Read More …

From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering

Proofpoint researchers track numerous state-sponsored and state-aligned threat actors. TA427 (also known as Emerald Sleet, APT43, THALLIUM or Kimsuky), a Democratic People’s Republic of Korea (DPRK or North Korea) aligned group working in support of the Reconnaissance General Bureau, is Read More …

Thousands of LG TVs are vulnerable to takeover

As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security update patching four critical vulnerabilities discovered late last year. The vulnerabilities are found in four LG TV models that collectively comprise slightly Read More …

Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns

On Feb. 16, 2024, someone uploaded data to GitHub that included possible internal company communications, sales-related materials and product manuals belonging to the Chinese IT security services company i-Soon, also known as Anxun Information Technology. The leaked materials appear to Read More …

A first analysis of the i-Soon data leak

Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the Read More …

South Korea: KF-21 Fighter Jet Technology Leak Attempt Raises Concerns Over Diplomatic Tensions

An Indonesian technician working for Korea Aerospace Industries (KAI) was caught trying to leak internal documents related to the Korean supersonic fighter jet KF-21 ‘Boramae.’ While no core technology leaks have been confirmed yet, it is known that the individual Read More …

U.S., South Korea, Japan to step up actions on North Korea cyber threats

The United States, South Korea and Japan agreed new initiatives on Saturday to respond to North Korea’s threats in cyberspace, including cryptocurrency abuses and space launches, White House National Security Adviser Jake Sullivan said. The three countries’ national security advisers Read More …