OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns
OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool
Stay updated with the latest information security trends, threats, and strategies emerging from China. Discover how China shapes global cybersecurity.
Search across headline titles and summaries.
Background for this topic.
China covers cybersecurity and information-security developments connected to China, including incidents, policy, privacy, advisories, research, and news affecting organizations, public services, and digital systems in the area.
For practitioners, the tag provides geographic context for developments involving China's organizations, services, partners, and users. Individual articles provide the specific technologies, threats, sectors, and operational implications relevant to each development.
OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool
Chinese Nation-State Hackers Used a Custom Utility to Capture PacketsChinese hackers who infiltrated U.S. telecoms likely only used one, known Cisco vulnerability, says Cisco's cybersecurity unit. Otherwise, the Chinese nation-state cyberespionage operation known as Salt Typhoon used stolen login credentials living-off-the-land techniques, says Cisco Talos.
In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using using stolen login credentials for initial access.
An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country
Chinese threat actor Salt Typhoon used JumbledPath, a custom-built utility, to gain access to a remote Cisco device, said the network provider
Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies
Also: Lee Enterprises Recovering From Ransomware Attack, an Ivanti POCThis week, a FBI warning on Ghost ransomware, Lee Enterprises confirmed its ransomware attack, a proof-of-concept for Ivanti EPM flaws and a cybersecurity flaw in a Xerox machine. Also, a Chinese cyberespionage hacker apparently moonlighted as a ransomware attacker and NioCorp hit by a cyber heist.
The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.
The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. [...]
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases
CISA and the FBI have released a joint advisory detailing the activity of China’s Ghost ransomware
Regulators Cite Privacy Concerns Over DeepSeek's Data Collection PracticesThe Personal Information Protection Commission, South Korea's data protection regulator, has directed Chinese artificial intelligence company DeepSeek AI to withdraw its chatbot application from official app stores pending an inquiry into the chatbot's compliance with data protection rules.
Mustang Panda Uses MAVInject to Evade Antivirus DetectionA Chinese state-sponsored hacking group is abusing a legitimate Microsoft tool to evade security and install backdoors on government systems in the Asia-Pacific region. The threat actor uses MAVInject.exe to inject malware into waitfor.exe.
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain
Winnti once used a variety of malware, but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.
Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.
The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. [...]
The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems
Trend Micro found that Chinese espionage group Mustang Panda is deploying malware via legitimate Microsoft tools, enabling it to bypass ESET antivirus applications
The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024