FlagThis

CyberSecurity updates
Updated: 2024-11-21 15:41:57 Pacfic
bleepingcomputer.com
Chinese APT Campaigns Targeting Critical Infrastructure and ISPs - 27d
Read more: www.bleepingcomputer.com

Multiple Chinese Advanced Persistent Threat (APT) groups, including Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant, are engaging in sophisticated cyber espionage and disruptive campaigns. These groups employ various techniques, including “living off the land” (LOTL) methods, to compromise critical infrastructure, ISPs, and IoT devices. Volt Typhoon’s focus is on U.S. communication infrastructure, often leveraging compromised Fortinet devices for data exfiltration. Salt Typhoon targets U.S. Internet Service Providers (ISPs), seeking to compromise routers and network devices for data collection. Flax Typhoon utilizes compromised IoT devices to build botnets for command and control purposes, aiming at entities in Taiwan and expanding globally. Velvet Ant, a lesser-known group, targets software supply chains, aiming to indirectly infiltrate larger networks. These groups pose a serious threat to critical infrastructure and national security, requiring vigilant defense strategies to combat their stealthy operations.

References:
  • www.bleepingcomputer.com - Fortinet warns of new critical FortiManager flaw used in zero-day attacks - 28d
  • @GossiTheDog - Fortinet FortiManager Vulnerability Exploited - 28d
  • Security Archives - U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog - 28d
  • @Techmeme - Fortinet discloses a critical FortiManager API flaw being exploited in 0-day attacks to steal sensitive files, after warning customers privately over a week ago (Lawrence Abrams/BleepingComputer) - 28d
  • Malware Analysis, News and Indicators - FortiManager Zero-Day ‘FortiJump’ Is Now Publicly Addressed (CVE-2024-47575) - 28d
  • SOCRadar - FortiManager Zero-Day ‘FortiJump’ Is Now Publicly Addressed (CVE-2024-47575) - 28d
  • Security Archives - Mandiant report on FortiJump vulnerability exploitation - 28d
  • Vulnerability Archives - New Threat Group UNC5820 Targets FortiManager Zero-Day CVE-2024-47575 in Global Cyberattack - 28d
  • www.cisa.gov - CISA's list of known exploited vulnerabilities - 28d
  • GBHackers Security - Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw - 27d
  • Vulnerability Archives - CVE-2024-20329 (CVSS 9.9): Critical Cisco ASA SSH Flaw Allows for Complete System Takeover - 27d
  • Malware Analysis, News and Indicators - Mandiant reports on FortiJump exploitation - 27d
  • @jos1264 - FortiJump Flaw Exploited - 27d
  • blog.lumen.com - Lumen details how to mitigate against the threat of Volt Typhoon. - 27d
  • hackread.com - HackRead details the tactics of Salt Typhoon, who are targeting US ISPs. - 27d
  • www.cisa.gov - The landscape of global cyber threats continues to evolve, with sophisticated, state-sponsored campaigns from China gaining attention and including network appliances and devices as targets. - 27d
  • Malware Analysis, News and Indicators - The landscape of global cyber threats continues to evolve, with sophisticated, state-sponsored campaigns from China gaining attention and including network appliances and devices as targets. - 27d
  • www.microsoft.com - Microsoft reveals Volt Typhoon targeting US infrastructure - 27d
  • Cyble - CISA has added Fortinet’s FortiManager to its known Exploited Vulnerabilities (KEV) catalog. - 27d
  • www.fortiguard.com - Fortinet published a security advisory about the FortiJump vulnerability. - 27d
  • robfreeman.com - Rob Freeman blog post about China hacking US telecom infrastructure. - 26d
  • Hackread – Latest Cybersecurity, Tech, Crypto - UNC5820 Exploits FortiManager Zero-Day Vulnerability (CVE-2024-47575) - 26d

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.