CyberSecurityBoard
Sponsor Register Login

Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs

Common malware has led a group of researchers to link the once mysterious Sandman threat group, known for cyberattacks against telecom service providers across the world, to a growing web of Chinese government-backed advanced persistent threat groups.
The threat intelligence assessment is the result of a collaboration between Microsoft, SentinelLabs, and PwC, and offers just a small glimpse into the general complexity and breadth of the Chinese APT threat landscape, according to the researchers.
The new report says Lua development practices, as well as adoption of the Keyplug backdoor, appear to have been shared with China-based threat actor STORM-08/Red Dev 40, similarly known for targeting telcos in the Middle East and South Asia.
The report added that a Mandiant team first reported the Keyplug backdoor being used by the known Chinese group APT41 back in March 2022.
Microsoft and PwC teams found the Keyplug backdoor was being passed around multiple additional Chinese-based threat groups, the report added.
The latest Keyplug malware gives the group a new advantage, according to the researchers, with new obfuscation tools.
Growing, effective collaboration between an expanding maze of Chinese APT groups requires similar knowledge-sharing among the cybersecurity community, the report added.


This Cyber News was published on www.darkreading.com. Publication date: Mon, 11 Dec 2023 16:05:53 +0000


Cyber News related to Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs

Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
1 year ago Apnews.com
Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks - Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the ...
1 year ago Cysecurity.news APT41
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs - Common malware has led a group of researchers to link the once mysterious Sandman threat group, known for cyberattacks against telecom service providers across the world, to a growing web of Chinese government-backed advanced persistent threat ...
1 year ago Darkreading.com APT41
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
5 months ago Securelist.com
Belgium probes if Chinese hackers breached its intelligence service - According to The Brussels Times, the hacked server also routed internal HR exchanges among Belgian intelligence personnel, raising concerns about the potential exposure of sensitive personal data including identity documents and CVs belonging to ...
1 week ago Bleepingcomputer.com APT3 APT30 GALLIUM
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
1 year ago Bleepingcomputer.com CVE-2022-42475
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
1 year ago Bleepingcomputer.com CVE-2022-42475
7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
1 year ago Nytimes.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group - Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft ...
5 months ago Securityaffairs.com
DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security - The cybersecurity arm of the Department of Homeland Security and the Federal Bureau of Investigation have jointly issued a public service announcement cautioning about the potential risks posed by Chinese-manufactured drones to critical ...
1 year ago Cysecurity.news
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - The UK is accusing Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life. The government said one group stole data through cyber-attacks, which was later made public, including ...
1 year ago Bbc.com
Chinese Threat Actors Concealed in US Infrastructure Networks - According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five ...
1 year ago Heimdalsecurity.com Volt Typhoon
Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs - An Iran-backed cyberespionage group is actively targeting telcos in North and East Africa. According to security researchers at Symantec, the latest cyberattacks by the advanced persistent threat it calls Seedworm are targeting ...
1 year ago Darkreading.com
Beijing fosters foreign influencers to spread its propaganda The Register - China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy ...
1 year ago Theregister.com
Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
12 Chinese Hackers Charged For Cyber Attacks on U.S Treasury - The defendants include two officers from China’s Ministry of Public Security (MPS), eight employees of Chengdu-based i-Soon Information Technology, and two members of the APT27 threat group (also known as Silk Typhoon or Emissary Panda). ...
4 days ago Cybersecuritynews.com CVE-2017-0213
Newly ID'ed Chinese APT Hides Backdoor in Software Updates - Since 2018, a previously unknown Chinese threat actor has been using a novel backdoor in adversary-in-the-middle cyber-espionage attacks against Chinese and Japanese targets. Blackwood and NSPX30 The sophistication of NSPX30 can be attributed to ...
1 year ago Darkreading.com
Researchers Claim Apple Was Aware of AirDrop User Identification and Tracking Risks Since 2019 - Security researchers had reportedly alerted Apple about vulnerabilities in its AirDrop wireless sharing feature back in 2019. According to these researchers, Chinese authorities recently exploited these vulnerabilities to track users of the AirDrop ...
1 year ago Cysecurity.news
Critical infrastructure hacks raise alarms on Chinese threats - A U.S. law enforcement operation in December disrupted a botnet of hundreds of routers operated by Chinese nation-state actors. The campaign has raised concerns about potentially destructive cyberattacks from the country. The law enforcement ...
1 year ago Techtarget.com Volt Typhoon
CVE-2022-48895 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)