Tag Archive for: Quietly

Previously Undiscovered Team of State-Sponsored Chinese Hackers, Has Been Quietly Committing Cyber Espionage in the APAC Region for a Decade


A new advanced persistent threat (APT) group linked to China has been discovered by SentinelLabs, but only after conducting cyber espionage campaigns under the radar since 2013. The Chinese hackers have been given the name “Aoqin Dragon,” appear to specialize in targeting the Asia Pacific region and likes to lure victims with malicious documents that appear to be salacious ads for pornography sites.

Stealthy Chinese hackers focused on Australia and Southeast Asia

The cyber espionage group is thought to have been in action since at least 2013, with a heavy focus on certain APAC countries and regions: Australia, Cambodia, Hong Kong, Singapore, and Vietnam. The group also focuses in on government agencies, educational institutions and telecommunications firms, and appears to target individuals involved in political affairs.

The group’s favorite approach is a fairly simple one, and has remained consistent over the years: get the victim to open malicious documents, such as PDF and RTF files. Since 2018 the group has also been observed utilizing fake removable devices via bogus shortcut files delivered to victims using Windows computers; when targets attempt to open the fake device in Windows Explorer, the Evernote Tray Application is hijacked to load a malicious DLL that quietly creates a backdoor for the attackers. The group has also been observed using fake antivirus executables.

The Chinese hackers have shown some connections to another threat group, referred to as “UNC94” (or “Naikon”) by Mandiant, that has been tracked for some years now and has also shown links to the Chinese government in its operations. Both groups employ advanced tactics, such as DNS tunneling and the use of Themida-packed files to create a virtual machine that can evade most malware detection.

The link to the Chinese government is based primarily on the group’s use of Chinese language in its malware and the targets of its cyber espionage, which are almost always of clear political interest to the CCP. The group is also not noted for engaging in the for-profit activities or target selection that would be expected of a criminal outfit.

Cyber espionage targets, tools and tactics point to low-key…

Source…

Nasty new malware strain creeps quietly past Windows defenses


Security researchers have identified a new malware campaign that leverages code signing certificates and other techniques to help it avoid detection by antivirus software.

According to a new blog post from Elastic Security, the cybersecurity firm’s researchers identified a cluster of malicious activity after reviewing its threat prevention telemetry.

Source…

Ransomware strike targets US agriculture industry, White House quietly hits back


An industry marked as “off limits” to Russian hackers by President Biden was hit in a ransomware attack earlier this week when the operations of two farming co-ops in Iowa and Minnesota were disrupted.

In a June meeting with Russian President Vladimir Putin, Biden warned the Kremlin that cyberattacks against 16 U.S. industries – including agriculture – would not be tolerated.

The president said it was an effort to establish a “cybersecurity arrangement” and restore “order” after the largest U.S. fuel pipeline and a major meatpacking company were shut down by ransomware schemes.

$5.9M RANSOMWARE ATTACK ON MAJOR AGRICULTURE GROUP POSES RISK TO US GRAIN, PORK, CHICKEN SUPPLY

On Sunday, Minnesota-based farm supply and grain marketing cooperative Crystal Valley was hit by a ransomware attack that “infected the computer system” and “severely interrupted the daily operations of the company,” the group said in a statement.

The co-op did not answer Fox News questions about the ransom amount or who is suspected behind the latest attack.

But the following day reports surfaced showing another attack was levied at Iowa-based farming co-op, NEW Cooperative, by hackers demanding a $5.9 million cryptocurrency payout in exchange for renewed access to its food supply chains.

NEW Cooperative did not respond to a Fox News request for an interview. But according to the Wall Street Journal, Russian cybercrime group BlackMatter is believed to be behind the attack.

In a screen shot by Dark Feed, the group appeared to mock NEW Cooperative by suggesting they did not fall under “critical” infrastructure outlined by Biden.

The farming group warned the cybercrime group in an online chat that they attacked the agricultural industry and could face severe consequences from the U.S. government, Recorded Future shared in a tweet.

Despite reports that BlackMatter was negotiating with the Iowa co-op, a National Security Council (NSC) spokesperson told Fox News that the U.S. government has not formally attributed the attacks to a specific group.

“That being said, we are bringing the full weight…

Source…

Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping

Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.
Mobile Security – Threatpost