Search cyberveille.decio.ch

Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors

An unknown threat cluster has been targeting at least between June and October 2024 European organizations, notably in the healthcare sector. Tracked as Green Nailao by Orange Cyberdefense CERT, the campaign relied on DLL search-order hijacking to deploy ShadowPad and PlugX – two implants often associated with China-nexus targeted intrusions. The ShadowPad variant our reverse-engineering team analyzed is highly obfuscated and uses Windows services and registry keys to persist on the system in the event of a reboot. In several Incident Response engagements, we observed the consecutive deployment of a previously undocumented ransomware payload. The campaign was enabled by the exploitation of CVE-2024-24919 (link for our World Watch and Vulnerability Intelligence customers) on vulnerable Check Point Security Gateways. IoCs and Yara rules can be found on our dedicated GitHub page here.

#orangecyberdefense #EN #2025 #health #NailaoLocker:#China #campaign #ShadowPad #PlugX #Europe

·orangecyberdefense.com·Feb 21, 2025

Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors

entagon ran secret anti-vax campaign to undermine China during pandemic

The U.S. military launched a clandestine program amid the COVID crisis to discredit China’s Sinovac inoculation – payback for Beijing’s efforts to blame Washington for the pandemic. One target: the Filipino public. Health experts say the gambit was indefensible and put innocent lives at risk.

#reuters #EN #2024 #disinformation #US #CHina #pandemic #Philippines #campaign #Covid-19 #antivax

·reuters.com·Jun 15, 2024

entagon ran secret anti-vax campaign to undermine China during pandemic

Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections

Mandiant has recently observed DRAGONBRIDGE, an influence campaign we assess with high confidence to be operating in support of the political interests of the People’s Republic of China (PRC), aggressively targeting the United States by seeking to sow division both between the U.S. and its allies and within the U.S. political system itself. Recent narratives include: * Claims that the China-nexus threat group APT41 is instead a U.S. government-backed actor. * Aggressive attempts to discredit the U.S. democratic process, including attempts to discourage Americans from voting in the 2022 U.S. midterm elections. * Allegations that the U.S. was responsible for the Nord Stream gas pipeline explosions.

#Mendiant #2022 #EN #PRC #China #US #DRAGONBRIDGE #Campaign #Influence #TTPs #Midterm

·mandiant.com·Oct 26, 2022

Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections

Mandiant has recently observed DRAGONBRIDGE, an influence campaign we assess with high confidence to be operating in support of the political interests of the People’s Republic of China (PRC), aggressively targeting the United States by seeking to sow division both between the U.S. and its allies and within the U.S. political system itself. Recent narratives include: * Claims that the China-nexus threat group APT41 is instead a U.S. government-backed actor. * Aggressive attempts to discredit the U.S. democratic process, including attempts to discourage Americans from voting in the 2022 U.S. midterm elections. * Allegations that the U.S. was responsible for the Nord Stream gas pipeline explosions.

#Mendiant #2022 #EN #PRC #China #US #DRAGONBRIDGE #Campaign #Influence #TTPs #Midterm

·mandiant.com·Oct 26, 2022

Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections