China

New threat group uses custom tools to hijack search results

September 4, 2025

ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, …

China-linked Murky Panda targets and moves laterally through cloud services

August 22, 2025

In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to …

Ports are getting smarter and more hackable

July 23, 2025

A new policy brief from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) warns that critical port infrastructure, responsible for 80 percent of global trade, is …

Microsoft pins on-prem SharePoint attacks on Chinese threat actors

July 22, 2025

This is a developing story, new update here: Storm-2603 spotted deploying ransomware on exploited SharePoint servers As Microsoft continues to update its customer guidance for …

Stealthy backdoor found hiding in SOHO devices running Linux

June 23, 2025

SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader …

LockBit panel data leak shows Chinese orgs among the most targeted

June 12, 2025

The LockBit ransomware-as-a-service (RaaS) operation has netted around $2.3 million USD within 5 months, the data leak stemming from the May 2025 hack of a LockBit affiliate …

Nation-state APTs ramp up attacks on Ukraine and the EU

May 21, 2025

Russian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers, according to ESET. Ukraine faces rising cyber …

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

March 31, 2025

CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who …

China-linked FamousSparrow APT group resurfaces with enhanced capabilities

March 26, 2025

ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate …

China-based Silver Fox spoofs healthcare app to deliver malware

February 25, 2025

Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising …

DeepSeek’s popularity exploited by malware peddlers, scammers

January 29, 2025

As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of …

China-aligned PlushDaemon APT compromises supply chain of Korean VPN

January 22, 2025

ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this …