Amid ongoing fears over TikTok, Chinese generative AI platform DeepSeek says it’s sending heaps of US user data straight to its home country, potentially setting the stage for greater scrutiny.
Chinese hackers breached the US government office that reviews foreign investments for national security risks, three US officials familiar with the matter told CNN.
The theft, which has not previously been reported, underscores Beijing’s keen interest in spying on a US government office that has broad powers to block Chinese investment in the US as tensions between the world’s two superpowers remain high.
The breach was part of a broader incursion by the hackers into the Treasury Department’s unclassified system. The office targeted by the hackers, the Committee on Foreign Investment in the US (CFIUS), in December gained greater authority to scrutinize real estate sales near US military bases. US lawmakers and national security officials have grown increasingly worried that the Chinese government or its proxies could use land acquisitions to spy on those bases.
More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon.
Massive ‘Typhoon’ cyberattacks on U.S. infrastructure and telecoms sought to lay groundwork for potential conflict with Beijing, as intruders gathered data and got in position to impede response and sow chaos
U.S. officials say the sanctioned Chinese firm provided botnet infrastructure for the China-backed hacking group Flax Typhoon
A suspected Chinese hacking campaign that began in November is exploiting a vulnerability in Palo Alto firewalls to install a custom malware backdoor for espionage.
The department notified lawmakers of the episode, which it said was linked to a state-sponsored actor in China.
In a letter informing lawmakers of the episode, the Treasury Department said that it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them
Treasury officials attributed the December theft of unclassified documents to China.
The Treasury said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support tech for large organizations and government departments, that hackers had “gained access to a key used by the vendor” for providing remote access technical support to Treasury employees. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.
China's ICCs reshape global propaganda via targeted messaging, social media, and influence networks to amplify the Communist Party's voice globally.
Chinese social media platforms like WeChat, Douyin, Zhihu, Xiaohongshu, and Weibo now required popular users’ legal names to be made visible to the public.
Experts say the catchall term for online fraud furthers harm against victims and could dissuade people from reporting attempts to bilk them out of their money.
Senators briefed on the wide-ranging breaches by Chinese hackers called for action on Wednesday to protect the country's telecommunications networks.
Since February 2024, the World Watch Cyber Threat Intelligence team has been working on an extensive study of the private and public relationships within the Chinese cyber offensive ecosystem. This includes:
Leaders of the big telecommunications companies were summoned to the White House to discuss strategies for overhauling the security of the nation’s telecommunications networks amid growing alarm at the scope of a Chinese hack.
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware. Recorded Future’s Insikt Group discovered that the attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a disguised security certificate. This malware, often used by threat actors for remote access and post-exploitation, highlights a continued cyber-espionage focus on Tibetan entities. TAG-112’s infrastructure, concealed using Cloudflare, links this campaign to other China-sponsored operations, particularly TAG-102 (Evasive Panda).
At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack tooling.
GLASSBRIDGE is an umbrella group of four different companies that operate networks of inauthentic news sites and newswire services.
T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests.
Chinese government cyberspies Volt Typhoon reportedly breached Singapore Telecommunications over the summer as part of their ongoing attacks against critical infrastructure operators.
The digital break-in was discovered in June, according to Bloomberg, citing "two people familiar with the matter" who told the news outlet that the Singtel breach was "a test run by China for further hacks against US telecommunications companies."
