🚨 Chinese APT group ‘TheWizards’ is exploiting IPv6 spoofing with a new tool called #Spellbinder to drop the WizardNet backdoor via hijacked software updates.

Read: https://hackread.com/chinese-thewizards-exploits-ipv6-wizardnet-backdoor/

#Cybersecurity #APT #Malware #IPv6 #WizardNet

China-linked hackers are turning IPv6’s auto-configuration into their secret weapon—hijacking software updates with fake router messages. Curious how these digital “wizards” pull off such sophisticated attacks?

https://thedefendopsdiaries.com/unveiling-the-threat-how-the-wizards-exploit-ipv6-for-cyber-attacks/

#ipv6
#cybersecurity
#aitm
#spellbinder
#networksecurity

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
#TheWizards #Spellbinder #WizardNet
https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/

#ESETResearch analyzed the toolset of the China-aligned APT group that we have named #TheWizards. It can move laterally on compromised networks by performing adversary-in-the-middle (AitM) attacks to hijack software updates. https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/
Since at least 2022, the group has targeted individuals, companies, and unknown entities in the Philippines, the United Arab Emirates, Cambodia, mainland China, and Hong Kong.
#TheWizards deploy a tool we have named #Spellbinder, which implements IPv6 SLAAC spoofing to redirect IPv6 traffic to the machine running Spellbinder, making it act as a malicious IPv6-capable router.
Spellbinder intercepts DNS queries associated with update domains for Chinese software. We focus on a recent case in which an update of Tencent QQ was hijacked to deploy TheWizards’ signature backdoor, WizardNet.
In our blogpost, we also discuss links we uncovered between #TheWizards and the Chinese company Dianke Network Security Technology, also known as UPSEC.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/thewizards

Na, wer erinnert sich noch und hat diese Serie auch in der Kindheit geguckt? 😁 #spellbinder

Time for another #sixfanarts challenge to get warmed up! Batman has the best villians and batman beyond is no exception. #sixfanartschallenge #fanart #batman #batmanbeyond #beyondverse #villians #shriek #stalker #spellbinder #inque #curare #blight #art #drawing

2023 - THE UPCOMING TERROR!⚔️
➡️March 31st, 2023⬅️

GYRDLEAH - Spellbinder🇬🇧🔥

Debut album from Birmingham, UK Atmospheric Avantgarde/Post-Black Metal outfit🔥

BC➡️https://gyrdleahblacklion.bandcamp.com/album/spellbinder 🔥

@Blacklionrecswe@twitter.com #Gyrdleah #Spellbinder #AtmoPostBlackMetal #TheUpcomingTerror23 #KMäN