CyberSecurityBoard
Sponsor Register Login

China-Linked Threat Group Targets Japanese Orgs' Servers

In targeting organizations in the Asia-Pacific region, Winnti is exploiting vulnerabilities found in applications like IBM Lotus Domino to deploy malicious malware, including DEATHLOTUS, UNAPIMON, PRIVATELOG, CUNNINGPIGEON, WINDJAMMER, and SHADOWGAZE. Winnti, a China-affiliated threat actor, has been linked to a new cyber campaign called RevivalStone, which has been observed targeting Japanese companies within the manufacturing, materials, and energy sectors. Winnti once used a variety of malware, but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access. Winnti has been active since at least 2012, but only started targeting Asian manufacturing and materials organizations within the past few years. LAC researchers have also observed Winnti exploiting an SQL injection vulnerability in an enterprise resource planning system to drop Web shells on an infected server. Once gaining access, the threat actor collects credentials, performs reconnaissance, and delivers the Winnti malware. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers.

This Cyber News was published on www.darkreading.com. Publication date: Tue, 18 Feb 2025 21:30:08 +0000


Cyber News related to China-Linked Threat Group Targets Japanese Orgs' Servers

Russian Groups Target Signal Messenger in Spy Campaign - But the tactics the threat actors are using in the campaign could well serve as a blueprint for other groups to follow in broader attacks on Signal, WhatsApp, Telegram, and other popular messaging apps, GTIG warned in a blog post this week. The other ...
1 day ago Darkreading.com
North Korea Profits as 'Stonefly' APT Swarms US Co's. - Researchers at Symantec's Threat Hunter Team said this week that the state-sponsored group it tracks as "Stonefly" (aka Andariel, APT45, Silent Chollima, and Onyx Sleet) is flaunting an indictment and a $10 million bounty from the US ...
4 months ago Darkreading.com
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
2 days ago Darkreading.com
UAE, Saudi Arabia Become Plum Cyberattack Targets - Hacktivism-related DDoS attacks have risen 70% in the region, most often targeting the public sector, while stolen data and access offers dominate the Dark Web. With the UAE and Saudi Arabia increasingly invested in digitization, AI development, and ...
4 months ago Darkreading.com
How Public & Private Sectors Can Better Align Cyber Defense - Over the past 25 years, organizations like the FBI's Internet Crime Complaint Center (IC3), the National Cyber Investigative Joint Task Force (NCIJTF), and the Cybersecurity and Infrastructure Security Agency (CISA) have been created. Uncovering ...
1 week ago Darkreading.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com
Stifling Beijing in cyberspace big focus for UK operatives The Register - Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings. Various ...
9 months ago Theregister.com
Dragos Expands ICS Platform with New Acquisition - "We grew pretty fast to become the de facto solution in the electric industry as the OT network visibility and segmentation analysis solution, which is extremely important in the case of compliance for the regulation in this industry," ...
4 months ago Darkreading.com
How This Security Firm's 'Bias' Is Also Its Superpower - "We are helping our clients simplify their strategies and align them to their actual business objectives so that they have a much easier and more efficient approach to developing not just minimum viable security for whatever their product is, ...
6 days ago Darkreading.com
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
1 year ago Darkreading.com
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
1 year ago Reuters.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com
China-Linked Threat Group Targets Japanese Orgs' Servers - In targeting organizations in the Asia-Pacific region, Winnti is exploiting vulnerabilities found in applications like IBM Lotus Domino to deploy malicious malware, including DEATHLOTUS, UNAPIMON, PRIVATELOG, CUNNINGPIGEON, WINDJAMMER, and ...
2 days ago Darkreading.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
1 year ago Darkreading.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
4 months ago Securelist.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com
Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence | WIRED - On Tuesday, the United Kingdom's National Crime Agency released new details about the real world identities of alleged Evil Corp members, the group's connection to the LockBit platform, and the gang's ties to the Russian state. UK law ...
4 months ago Wired.com
Japan Goes on Offense With New 'Active Cyber Defense' Bill - Most notably, the government introduced what it called "active" cyber defense, "for eliminating in advance the possibility of serious cyberattacks that may cause national security concerns to the Government and critical infrastructures ...
1 week ago Darkreading.com
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
1 year ago Imperva.com
Xerox Printer Vulnerabilities Enable Credential Capture - "Since LDAP and SMB settings on MFP devices typically contain Windows Active Directory credentials, a successful attack would give a malicious actor access to Windows file services, domain information, email accounts, and database systems," ...
2 days ago Darkreading.com
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
1 year ago Feeds.dzone.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
9 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)