Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

China-Nexus Hackers Attacking Organizations Infrastructure & High-Value Customers

A sophisticated China-linked threat actor has been conducting extensive cyber espionage operations targeting critical infrastructure and high-value organizations across multiple sectors. This activity cluster, tracked as PurpleHaze, demonstrates technical overlaps with previously identified Chinese advanced persistent threats and employs a strategic approach of compromising upstream service providers to potentially gain access to downstream targets of interest. The intrusions leverage a complex infrastructure that includes an operational relay box (ORB) network operated from China and actively used by several suspected Chinese cyber espionage actors. In parallel intrusions, the threat actors deployed ShadowPad, a modular backdoor platform used by multiple suspected China-nexus threat actors. These ORB networks represent a growing trend among threat groups, creating dynamic and evolving infrastructure that complicates detection, tracking, and attribution efforts. Between July 2024 and March 2025, this threat cluster compromised over 70 organizations spanning sectors including manufacturing, government, finance, telecommunications, and research. This demonstrates the shared tooling and potential collaboration between different China-linked threat groups targeting strategic sectors globally. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The backdoor establishes persistent communication channels through the ORB network infrastructure, enabling long-term monitoring and data exfiltration while maintaining a minimal footprint. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. SentinelOne researchers identified this threat activity during an investigation of a 2024 intrusion against an organization providing hardware logistics services for SentinelOne employees. The malware utilizes a multi-stage deployment process, initially delivered as an obfuscated payload that decrypts and loads the GoReShell backdoor directly into memory to evade on-disk detection. The attackers primarily gained their initial foothold by exploiting an n-day vulnerability in CheckPoint gateway devices, establishing persistent access before moving laterally through victim networks.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 14:35:11 +0000

Cyber News related to China-Nexus Hackers Attacking Organizations Infrastructure & High-Value Customers

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
2 months ago Cybersecuritynews.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago

China-Nexus Hackers Attacking Organizations Infrastructure & High-Value Customers - A sophisticated China-linked threat actor has been conducting extensive cyber espionage operations targeting critical infrastructure and high-value organizations across multiple sectors. This activity cluster, tracked as PurpleHaze, demonstrates ...
4 months ago Cybersecuritynews.com

Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon

Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com

European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
1 year ago Reuters.com

CVE-2018-0303 - A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected ...
2 years ago

Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence

CVE-2017-3883 - A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to ...
2 years ago

Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
1 year ago Feedpress.me

CVE-2018-0306 - A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An ...
5 years ago

CVE-2018-0331 - A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) ...
2 years ago

What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
11 months ago Cyberdefensemagazine.com Akira

How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
1 year ago Darkreading.com

Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com

CVE-2018-0295 - A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is ...
5 years ago

Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
1 year ago Bbc.com

China-Sponsored Hackers Lie in Wait to Attack US Infrastructure - In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as ...
1 year ago Securityboulevard.com BlackTech Volt Typhoon

CVE-2017-12329 - A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation ...
5 years ago

China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
1 year ago Darkreading.com Volt Typhoon

CVE-2017-12339 - A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An ...
7 years ago

CVE-2017-12338 - A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could ...
5 years ago

CVE-2018-0292 - A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also ...
5 years ago

Stifling Beijing in cyberspace big focus for UK operatives The Register - Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings. Various ...
1 year ago Theregister.com APT3 Volt Typhoon