APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication.
3-Year Espionage Campaign Targeted Taiwanese FirmsChinese nation-state group APT24 targeted multiple Taiwanese companies as part of an espionage operation that went undetected for three years. The hacking group continually updated its malware infrastructure and tactics, enabling it to stay under the radar, Google Cloud said.
Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2)
The Chinese APT41 hacking group uses a new malware named 'ToughProgress' that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. [...]
Google Cloud's Hultquist on How State Hackers Exploit Code and Corporate HiringJohn Hultquist, chief analyst at Google Threat Intelligence Group, Google Cloud, discussed how China and North Korea are transforming cyberattacks into organized, factory-like operations. Alongside zero-day exploits, North Korean IT operatives are quietly infiltrating Fortune 500 companies under false identities.
Google Cloud’s Sandra Joyce said that Chinese state actors’ advanced techniques and ability to stay undetected pose huge challenges
A professional-grade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration.
Beijing's Tough-to-Track Mesh Networks Built Using Hacked Devices, Mandiant WarnsMultiple Chinese cyber espionage groups, including Volt Typhoon, are using operational relay box networks, aka ORBs, built using leased proxy servers and compromised or end-of-life routers, to avoid detection and complicate efforts to track their activities, warns Google Cloud's Mandiant.
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893)
PLUS: Google Cloud ANZ boss departs; Japan revives airliner ambitions; China-linked attackers target Asian entities ASIA IN BRIEF Singapore's Monetary Authority on Monday launched an application, intuitively named "COllaborative Sharing of Money Laundering/TF Information & Cases" (COSMIC for short, obviously) to target money laundering and terrorism financing.…
A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector