The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat actor along with insight into their recent activity as well as their longstanding tactics, techniques, and procedures (TTPs), including a persistent interest in the exploitation of zero-day vulnerabilities in various public-facing appliances and moving from on-premises to cloud environments.
A federal judge in Washington, D.C., today, unsealed two separate indictments that allege Chinese nationals Yin Kecheng, 38, (尹 可成) a/k/a “YKC” (“YIN”) and Zhou Shuai, 45, (周帅) a/k/a “Coldface” (“ZHOU”) violated various federal statutes by participating in years-long, sophisticated computer hacking conspiracies that successfully targeted a wide variety of U.S.-based victims
Amid ongoing fears over TikTok, Chinese generative AI platform DeepSeek says it’s sending heaps of US user data straight to its home country, potentially setting the stage for greater scrutiny.
Chinese hackers breached the US government office that reviews foreign investments for national security risks, three US officials familiar with the matter told CNN.
The theft, which has not previously been reported, underscores Beijing’s keen interest in spying on a US government office that has broad powers to block Chinese investment in the US as tensions between the world’s two superpowers remain high.
The breach was part of a broader incursion by the hackers into the Treasury Department’s unclassified system. The office targeted by the hackers, the Committee on Foreign Investment in the US (CFIUS), in December gained greater authority to scrutinize real estate sales near US military bases. US lawmakers and national security officials have grown increasingly worried that the Chinese government or its proxies could use land acquisitions to spy on those bases.
More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon.
Massive ‘Typhoon’ cyberattacks on U.S. infrastructure and telecoms sought to lay groundwork for potential conflict with Beijing, as intruders gathered data and got in position to impede response and sow chaos
U.S. officials say the sanctioned Chinese firm provided botnet infrastructure for the China-backed hacking group Flax Typhoon
A suspected Chinese hacking campaign that began in November is exploiting a vulnerability in Palo Alto firewalls to install a custom malware backdoor for espionage.
The department notified lawmakers of the episode, which it said was linked to a state-sponsored actor in China.
In a letter informing lawmakers of the episode, the Treasury Department said that it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them
Treasury officials attributed the December theft of unclassified documents to China.
The Treasury said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support tech for large organizations and government departments, that hackers had “gained access to a key used by the vendor” for providing remote access technical support to Treasury employees. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.
China's ICCs reshape global propaganda via targeted messaging, social media, and influence networks to amplify the Communist Party's voice globally.
Chinese social media platforms like WeChat, Douyin, Zhihu, Xiaohongshu, and Weibo now required popular users’ legal names to be made visible to the public.
Experts say the catchall term for online fraud furthers harm against victims and could dissuade people from reporting attempts to bilk them out of their money.
Senators briefed on the wide-ranging breaches by Chinese hackers called for action on Wednesday to protect the country's telecommunications networks.
Since February 2024, the World Watch Cyber Threat Intelligence team has been working on an extensive study of the private and public relationships within the Chinese cyber offensive ecosystem. This includes:
Leaders of the big telecommunications companies were summoned to the White House to discuss strategies for overhauling the security of the nation’s telecommunications networks amid growing alarm at the scope of a Chinese hack.
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware. Recorded Future’s Insikt Group discovered that the attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a disguised security certificate. This malware, often used by threat actors for remote access and post-exploitation, highlights a continued cyber-espionage focus on Tibetan entities. TAG-112’s infrastructure, concealed using Cloudflare, links this campaign to other China-sponsored operations, particularly TAG-102 (Evasive Panda).
