2025-02-23 08:35:02 Pacfic
Chinese Espionage Tools Used in RA World Attack - 6d
Espionage tools typically associated with China-linked threat actors were detected in a November 2024 RA World ransomware attack against an Asian software and services firm. Attackers first focused on cyberespionage in an attack against a Southeastern European country’s foreign ministry in July and compromised the Asian firm by exploiting a Palo Alto Networks PAN-OS flaw and pilfering Amazon AWS S3 bucket data and credentials.
MirrorFace APT Cyber Espionage Campaign Against Japan - 13d
The MirrorFace APT, linked to China, has been conducting extensive cyber espionage campaigns against Japan since 2019. The group uses malware delivered via email attachments, and exploits VPN vulnerabilities to steal sensitive information. Targets include the Japanese government, defense, aerospace, semiconductor, communications and research organizations. The group uses tools like ANEL and NOOPDOOR for its attacks. The campaign shows a deep focus on infiltrating Japanese national security and advanced technology sectors.