"The Department of Justice has announced criminal charges against 12 Chinese government-linked hackers who are accused of hacking more than 100 American organizations, including the U.S. Treasury, over the course of a decade.

The charged individuals all played a “key role” in China’s hacker-for-hire ecosystem, a senior DOJ official said on a background call with reporters, including TechCrunch, on Wednesday. The official added that those charged, which includes contract hackers and Chinese law enforcement officials, targeted organizations in the U.S. and worldwide for the purposes of “suppressing free speech and religious freedoms.”

The DOJ also confirmed that two of the indicted individuals are linked to the China government-backed hacking group APT27, or Silk Typhoon."

https://techcrunch.com/2025/03/05/justice-department-charges-chinese-hackers-for-hire-linked-to-treasury-breach/

#USA #CyberSecurity #DoJ #China #StateHacking #APT27 #SilkTyphoon

https://www.theverge.com/news/625081/doj-criminal-charges-chinese-government-hackers-treasury-silk-typhoon #cybersecurity #USTreasury #breach #China #APT27 #SilkTyphoon

🚨 U.S. charges 12 in a Chinese Hacker-for-Hire Network linked to cyber attacks on governments & media. DOJ offers a $10M reward for info!

Read: https://hackread.com/us-charges-12-in-chinese-hacker-network-10m-reward/

#CyberSecurity #Hacking #APT27 #CyberCrime #China

that thing, when you're "Zero Trust Access by Cisco", is strangely ironic. i'd take a PIX of all the hacks over the decades, but don't have a 360 lens ;> @wired @Cisco #apt27 #pix #hack #salttyphoon #hack https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia
#APT31 #PlugY #APT27
https://securelist.com/eastwind-apt-campaign/113345/

The slides https://botconf.eu/wp-content/uploads/2023/04/2023_5856_LUNGHI.pdf and video https://youtube.com/watch?v=713CsmcNE3o of my #Botconf talk about #IronTiger TTPs are online. I discuss recent infection vectors (including a supply chain attack), the evolution of their malware toolkit and targeting, and explain how we attributed these campaigns to #IronTiger #APT27 #APT threat actor

Last week's reporting gave a great insight into the level of innovation going on in the cyber crime ecosystem - C2 over MQTT, cryters delivering payloads over SQL connections, and UEFI bootkits that bypass Window's Secure Boot! We've pulled it all together, just for you:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-3fd

The BlackLotus #Bootkit has been upgraded to exploit a vulnerability in Microsoft's Secure Boot Mechanism, allowing it to persist on fully patched Windows 11 systems. This is enabled in no small part by the failure to update the UEFI revocation list, which allowed the bootkit author to simply load and exploit the vulnerable UEFI components on target systems.

Australia's cyber security laws were "bloody useless" in helping mitigate the Optus and Medibank breaches of 2022, according to the government's Home Affairs Minister. A new "national cyber office", reforms to Critical Infrastructure security laws, and a new Cyber Security Act are all on the table for discussion.

zScaler analysts have picked up on the Snip3 crypter, a Crypter-as-a-Sevice offering which uses multiple obfuscated stages; an AMSI Bypass, and SQL queries to circumvent security controls.

Sysdig share insights from a sophisticated #AWS-centric campaign; ESET have uncovered a new backdoor used by China's Mustang Panda (#APT27) which implements C2 over MQTT, and Team Cymru have again picked apart #IcedID's infrastructure to identify key TTPs.

Some interesting supply chain vulnerabilities this week, with bugs found in the ZK web app framework and Trusted Platform Module (TPM) having the potential to affect an untold number of applications and devices.

#Redteam members will get a kick out of DroppedConnection - a PoC that mimics Cisco AnyConnect VPN to siphon credentials and serve up malware to unwitting victims.

The #blueteam can look forward to some tips for GCP DFIR, bypassing malware geo-fencing, and tracking cyber criminal infrastructure.

Catch all this and much more in this week's newsletter:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-3fd

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #DarkWeb #criticalinfrastructure #breach #privacy #Australia #crypter

My latest #APT research on #IronTiger (#APT27/#EmissaryPanda/#LuckyMouse) is out ! It includes analysis of a new version of SysUpdate ported to Linux, a new communication protocol through DNS TXT requests, a VMProtect certificate compromise, and probable infection vector https://trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html

EU-Cyber-Sicherheitsbehörden warnen vor chinesischen Cybergangs | heise online https://www.heise.de/news/EU-Cyber-Sicherheitsbehoerden-warnen-vor-chinesischen-Cybergangs-7522269.html #Hacking #CyberCrime #APT27 #APT30 #APT31 #Ke3chang #Gallium #MustangPanda #China

Major Gaming Companies Hit with Ransomware Linked to APT27 - Researchers say a recent attack targeting videogaming developers has 'strong links' to the infamou... https://threatpost.com/ransomware-major-gaming-companies-apt27/162735/ #ransomwareattack #gamingcompanies #cyberattacks #bronzeunion #supplychain #drbcontrol #ransomware #videogames #shellcode #covid-19 #malware #dropbox #winnti #hacks #apt27 #apt