In late 2021, Volexity discovered an intrusion in an environment monitored as part of its Network Security Monitoring service. Volexity detected a system running frp, otherwise known as fast reverse proxy, and subsequently detected internal port scanning shortly afterward. This traffic was determined to be unauthorized and the system, a MacBook Pro running macOS 11.6 (Big Sur), was isolated for further forensic analysis. Volexity was able to run Surge Collect to acquire system memory (RAM) and select files of interest from the machine for analysis. This led to the discovery of a macOS variant of a malware implant Volexity calls GIMMICK. Volexity has encountered Windows versions of the malware family on several previous occasions. GIMMICK is used in targeted attacks by Storm Cloud, a Chinese espionage threat actor known to attack organizations across Asia. It is a feature-rich, multi-platform malware family that uses public cloud hosting services (such as Google […]

While many apps collect vast troves of user data, sometimes without explicit consent, experts say Chinese e-commerce giant Pinduoduo has taken violations of privacy and data security to the next level.

A suspected Chinese actor used a zero-day vulnerability in FortiOS and custom malware for espionage.

TikTok’s software development kits could undermine Joe Biden's order to stop internet traffic flowing from federal employees' phones to TikTok within 30 days.

The “news broadcasters” appear stunningly real, but they are AI-generated deepfakes in first-of-their-kind propaganda videos that a research report published Tuesday attributed to Chinese state-aligned actors. The fake anchors — for a fictious news outlet called Wolf News — were created by artificial intelligence software and appeared in footage on social media that seemed to […]

Researchers in China claim to have reached a breakthrough in quantum computing, figuring out how they can break the RSA public-key encryption system using a quantum computer of around the power that will soon be publicly available. Breaking 2048-bit RSA — in other words finding a method to consistently and quickly discover the secret prime numbers underpinning the algorithm — would be extremely significant. Although the RSA algorithm itself has largely been replaced in consumer-facing protocols, such as Transport Layer Security, it is still widely used in older enterprise and operational technology software and in many code-signing certificates.

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong.

ByteDance confirmed it used TikTok to monitor journalists’ physical location using their IP addresses, as first reported by Forbes in October.

The five-member FCC said it has voted unanimously to adopt new rules that will block the importation or sale of certain technology products that pose security risks to U.S. critical infrastructure.

Mandiant has recently observed DRAGONBRIDGE, an influence campaign we assess with high confidence to be operating in support of the political interests of the People’s Republic of China (PRC), aggressively targeting the United States by seeking to sow division both between the U.S. and its allies and within the U.S. political system itself. Recent narratives include: * Claims that the China-nexus threat group APT41 is instead a U.S. government-backed actor. * Aggressive attempts to discredit the U.S. democratic process, including attempts to discourage Americans from voting in the 2022 U.S. midterm elections. * Allegations that the U.S. was responsible for the Nord Stream gas pipeline explosions.

In 2017, a team of New York Times journalists revealed that, beginning in 2010, Beijing’s counterintelligence apparatus had systematically rolled up the CIA’s sources in China.

CISA analyzed 15 files associated with China Chopper malware. The files are modified Offline Address Book (OAB) Virtual Directory (VD) configuration files for Microsoft Exchange servers. The files have been modified with a variant of the China Chopper webshell. The webshells allow an attacker to remotely access the server and execute arbitrary code on the system(s).referenced in this bulletin or otherwise.

The White House is investigating the telecoms equipment maker over concerns sensitive data could be transmitted to China.

Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors.