CyberSecurity news

FlagThis - #cyberwarfare

Dissent@DataBreaches.Net //

China's Alleged Cyberattacks on US Infrastructure - China accuses the U.S. NSA of cyberattacks during the Asian Winter Games in February 2025, targeting essential industries and placing three alleged NSA agents on a wanted list.
China has accused the United States National Security Agency (NSA) of launching "advanced" cyberattacks during the Asian Winter Games in February 2025, targeting essential industries. Police in the northeastern city of Harbin have placed three alleged NSA agents on a wanted list, accusing them of attacking the Winter Games' event information system and key information infrastructure in Heilongjiang province, where Harbin is located. The named NSA agents are Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson, all allegedly members of the NSA's Tailored Access Operations (TAO) offensive cyber unit.

China Daily reports the TAO targeted systems used for registration, timekeeping, and competition entry at the Games, systems which store "vast amounts of sensitive personal data." The publication also stated the TAO appeared to be trying to implant backdoors and used multiple front organizations to purchase servers in Europe and Asia to conceal its tracks and acquire the tools used to breach Chinese systems. A joint report from China's computer emergency response centers (CERTs) stated that over 270,000 attacks on the Asian Winter Games were detected, with 170,000 allegedly launched by the US.

Chinese foreign ministry spokesperson Lin Jian condemned the alleged cyber activity, urging the U.S. to take a responsible attitude on cybersecurity issues and stop any attacks and "groundless vilification against China." Xinhua reported the agents repeatedly carried out cyber attacks on China’s critical information infrastructure and participated in cyber attacks on Huawei and other enterprises. Chinese law enforcement agencies are seeking information that could lead to the arrest of the three NSA operatives, though rewards were not disclosed.

Recommended read:
References :
  • The Register - Security: China names alleged US snoops over Asian Winter Games attacks
  • www.cybersecurity-insiders.com: China accuses US of launching advanced Cyber Attacks on its infrastructure
  • CyberScoop: Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks
  • DataBreaches.Net: China accuses US of launching ‘advanced’ cyberattacks, names alleged NSA agents
  • www.scworld.com: China's allegation that NSA hacked Asian Winter Games draws suspicion
  • cyberscoop.com: Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks
  • PCMag UK security: Police in the Chinese city of Harbin say three NSA operatives disrupted the 2025 Asian Winter Games and hacked Huawei.
  • www.csoonline.com: China accused the United States National Security Agency (NSA) on Tuesday of launching “advanced†cyberattacks during the Asian Winter Games in February, targeting essential industries.
  • Metacurity: China accuses NSA of 'advanced cyberattacks' during the Asian Winter Games
  • www.metacurity.com: China accuses NSA of 'advanced cyberattacks' during the Asian Winter Games
  • www.dailymail.co.uk: China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents
  • sysdig.com: UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell
@www.wsj.com //

China Admits to US Infrastructure Cyberattacks, Trade War - China has reportedly acknowledged its role in cyberattacks against U.S. critical infrastructure, specifically Volt Typhoon, during a secret meeting with U.S. officials.
References: Sam Bent , DataBreaches.Net , WIRED ...
China has reportedly acknowledged its role in cyberattacks against U.S. critical infrastructure, specifically those attributed to the Volt Typhoon campaign. This admission occurred during a secret meeting with U.S. officials in December, according to SecurityWeek. U.S. officials noted that Volt Typhoon's actions, which involved infiltrating various industries' systems through zero-day exploits and other advanced tactics, were an attempt to deter U.S. support for Taiwan. Furthermore, cyberespionage by the Chinese state-backed Salt Typhoon group against U.S. telecommunications firms was also discussed, revealing the compromise of U.S. officials' communications.

These attacks are part of a broader pattern of Chinese state-backed hackers increasing their activity against infrastructure in the U.S., Europe, and the Asia-Pacific region. Recent intelligence indicates groups like Volt Typhoon and Salt Typhoon have infiltrated power grids, telecommunications networks, and transportation systems. Their apparent goal is to preposition for potential wartime disruption or coercive retaliation during periods of geopolitical tension. This approach involves installing dormant "logic bombs" designed to be triggered during a conflict or crisis, maintaining persistent access while minimizing detection risk.

The intensified cyber activities are viewed as a component of China's cyber-enabled irregular warfare strategy. Recent incidents include a power grid failure in Taiwan linked to a Volt Typhoon logic bomb, along with similar occurrences reported in European infrastructure. The attacks' sophistication lies in their "Living Off the Land" techniques, blending state-sponsored hacking with proxy groups and disinformation to achieve strategic objectives without triggering conventional military responses. Such actions, as analyzed by IT security professional Simone Kraus, raise concerns due to their potential for devastating real-world consequences if critical infrastructure is compromised.

Recommended read:
References :
  • Sam Bent: In a closed-door Geneva summit, Chinese officials admitted—albeit indirectly—to orchestrating Volt Typhoon cyberattacks on US infrastructure. The move signals escalating covert conflict over Taiwan and exposes the US grid’s vulnerability to prolonged foreign infiltration.
  • DataBreaches.Net: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate.
  • www.metacurity.com: China acknowledged US cyberattacks at a secret meeting, report
  • WIRED: China Secretly (and Weirdly) Admits It Hacked US Infrastructure
  • Risky Business Media: China privately admits to hacking American critical infrastructure, the US Treasury was compromised by password spraying, America will sign a global spyware agreement after all, and a Chinese APT is abusing the Windows Sandbox to hide its malware.
  • securityaffairs.com: China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports.
  • The Register - Security: China reportedly admitted directing cyberattacks on US infrastructure at a meeting with their American counterparts, according to The Wall Street Journal.…
  • Schneier on Security: China Sort of Admits to Being Behind Volt Typhoon
  • oodaloop.com: China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure: Report
  • www.scworld.com: US critical infrastructure attacks reportedly acknowledged by China
  • OODAloop: In a secret meeting that took place late last year between Chinese and American officials, the former confirmed that China had conducted cyberattacks against US infrastructure as part of the campaign known as Volt Typhoon, according to The Wall Street Journal.
  • cybersecuritynews.com: Chinese Hackers Attacking Critical Infrastructure to Sabotage Networks
  • Metacurity: China acknowledged US cyberattacks at a secret meeting, report
  • ciso2ciso.com: China Sort of Admits to Being Behind Volt Typhoon – Source: www.schneier.com
  • WIRED: Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows
do son@securityonline.info //

Cybercriminals Exploit Signal Messaging App - Cybercriminals are using the Signal app to spread a Remote Access Trojan (RAT) targeting high-value individuals in Ukraine's defense sector by sending malicious files from compromised accounts.
Cybercriminals are actively exploiting the Signal messaging application to distribute an information-stealing Remote Access Trojan (RAT), raising serious privacy concerns. According to a recently published report, a cybercriminal group identified as UNC-200 is behind the campaign, which involves targeting high-value individuals within Ukraine's defense sector. The Computer Emergency Response Team of Ukraine (CERT-UA) has issued warnings about this campaign, which utilizes the Dark Crystal RAT (aka DCRat) to compromise systems.

This malicious activity involves distributing messages via Signal that contain what appears to be meeting minutes. These messages are sent from compromised accounts to enhance credibility, enticing unsuspecting users to download malicious archive files. The archives contain a decoy PDF and an executable that deploys the DCRat malware, giving attackers remote access and control, stealing valuable information and executing arbitrary commands. CERT-UA attributes this activity to UAC-0200, active since summer 2024, who noted that the use of popular messengers increases the attack surface, including due to the creation of uncontrolled information exchange channels.

Recommended read:
References :
  • cyberinsider.com: Ukraine Warns Signal Used for Spreading RATs on High-Value Targets
  • securityonline.info: CERT-UA Alert: DarkCrystal RAT Deployed via Signal in Ukraine
  • SOC Prime Blog: Detect UAC-0200 Attacks Using DarkCrystal RAT
  • The DefendOps Diaries: Russian Cyber Espionage Targets Ukrainian Military via Signal
  • BleepingComputer: Ukrainian military targeted in new Signal spear-phishing attacks
  • BleepingComputer: Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces.
  • securityaffairs.com: CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
  • The Hacker News: CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
  • BleepingComputer: Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces.
  • Sam Bent: Report: Cybercriminals Leverage Signal App to Deploy Info-Stealing RAT, Raising Privacy Concerns
  • bsky.app: CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
  • www.scworld.com: Attackers, tracked under the UAC-0200 threat cluster, leveraged the Signal messaging app to deliver messages purportedly containing minutes of the meeting reports as archive files.
@csoonline.com //

US Halts Cyber Operations Against Russia? - Reports claimed the US government paused cyber operations against Russia, causing debate, but CISA denied these reports as fake news, highlighting the sensitivity and importance of reliable reporting.
Recent reports have surfaced indicating that the US government ordered a temporary halt to offensive cyber operations against Russia, a decision that has stirred considerable debate and concern within the cybersecurity community. According to an exclusive report, Defense Secretary Pete Hegseth instructed U.S. Cyber Command (CYBERCOM) to suspend all planning against Moscow, including offensive digital actions. The directive, delivered to CYBERCOM chief Gen. Timothy Haugh, appears to be part of a broader effort by the White House to normalize relations with Russia amid ongoing negotiations regarding the war in Ukraine.

The decision to pause cyber operations has been met with skepticism and warnings from cybersecurity professionals, who fear the potential consequences of reducing vigilance against a known digital adversary. Concerns have been raised about potential increases in global cyber threats and a decrease in shared confidence in the U.S. as a defensive partner. However, the Cybersecurity and Infrastructure Security Agency (CISA) has denied these reports, labeling them as fake news and a danger to national security. CISA also noted that Russia has been at the center of numerous cybersecurity concerns for the U.S.

Recommended read:
References :
  • bsky.app: DHS says CISA will not stop monitoring Russian cyber threats
  • The Register - Security: US Cyber Command reportedly pauses cyberattacks on Russia
  • Anonymous ???????? :af:: US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged.
  • securityboulevard.com: Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia
  • www.bitdefender.com: Stop targeting Russian hackers, Trump administration orders US Cyber Command
  • www.csoonline.com: US Cybercom, CISA retreat in fight against Russian cyber threats: reports
  • Carly Page: The US has suspended its offensive cyber operations against Russia, according to reports, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
  • Metacurity: US Cybercom, CISA are softening stances on Russia as a cyber foe: reports
  • Zack Whittaker: The U.S. has reportedly suspended its offensive cyber operations against Russia, per multiple news outlets, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
  • securityaffairs.com: CISA maintains stance on Russian cyber threats despite policy shift
  • CyberInsider: CISA Denies Reports That It Has Halted Cyber Operations Against Russian Threats
  • iHLS: U.S. Pauses Cyber Operations Against Russia

Posts

Blogs

Research Tools