admin

admin

  • Joined: September 10, 2024
  • Articles: 4667

RedDelta Unleashes PlugX Malware in Espionage Missions Against Mongolia and Taiwan

Jan 10, 2025
Cyber Espionage / Cyber Attack

RedDelta, a state-sponsored threat actor linked to China, has been targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with a tailored version of PlugX malware from July 2023 to December 2024. According to an analysis by Recorded Future’s Insikt Group, the group utilized lure documents related to the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection initiatives in Mongolia, and ASEAN meeting invitations. Notably, compromises of the Mongolian Ministry of Defense in August 2024 and the Communist Party of Vietnam in November 2024 are believed to have occurred. Additionally, various entities in Malaysia, Japan, the United States, Ethiopia, Brazil, Australia, and India were targeted from September to December 2024. Active since at least 2012, RedDelta represents a persistent threat in the cyberspace landscape.

RedDelta Deploys PlugX Malware in Espionage Campaigns Targeting Mongolia and Taiwan Cyber Espionage / Cyber Attack January 10, 2025 In a significant escalation of cyber espionage activities, the state-sponsored threat actor known as RedDelta has exploited various geopolitical themes to…

Navigating a Fluctuating Job Market

Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Guidance for Young Cyber Professionals Amidst AI and Security Automation Brandy Harris • July 30, 2025 Image: Shutterstock You may have clicked on a promising opportunity, only to…

Storm-2603 Exploits SharePoint Vulnerabilities to Deploy Warlock Ransomware on Unpatched Systems

Jul 24, 2025
Vulnerability / Ransomware

Microsoft has disclosed that a threat actor, identified as Storm-2603, is actively exploiting vulnerabilities in SharePoint to deploy Warlock ransomware on targeted systems. In an update released Wednesday, the company noted that these insights stem from ongoing analysis and threat intelligence regarding Storm-2603’s exploitation activities. This financially motivated actor is suspected to be based in China and has previously been linked to the deployment of both Warlock and LockBit ransomware. The attack chain involves exploiting CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability, targeting unpatched on-premises SharePoint servers to facilitate the deployment of the spinstall0.aspx web shell. “This initial access enables command execution via the w3wp.exe process that supports SharePoint,” Microsoft stated. “Storm-2603 subsequently initiates a series of discovery commands, including…”

Storm-2603 Exploits SharePoint Vulnerabilities to Deploy Warlock Ransomware on Unpatched Systems On July 24, 2025, Microsoft disclosed that the cyber group known as Storm-2603 is actively exploiting vulnerabilities in SharePoint software to deploy Warlock ransomware on targeted systems. This revelation…

U.S. Imposes Sanctions on Chinese Cybersecurity Firm Linked to Treasury Hack Associated with Silk Typhoon

Jan 18, 2025
Cyber Espionage / Telecom Security

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has enacted sanctions against a Chinese cybersecurity firm and a Shanghai-based cyber operative for their suspected connections to the Silk Typhoon group and the recent breach of the federal agency’s systems. The Treasury stated in a press release that “malicious cyber actors linked to the People’s Republic of China (PRC) continue to target U.S. government networks, including the recent compromise of Treasury’s information technology systems and sensitive critical infrastructure.” The sanctions specifically target Yin Kecheng, identified as a cyber operative for over a decade and associated with China’s Ministry of State Security (MSS). Kecheng is believed to be linked to the recent breach of Treasury’s network, which was revealed earlier this month and involved a hack of BeyondTrust’s systems, allowing threat actors to access some of the company’s Remote Support SaaS infrastructure.

U.S. Treasury Sanctions Chinese Cybersecurity Firm Over Treasury Network Breach Connected to Silk Typhoon On January 18, 2025, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against a Chinese cybersecurity firm and a cyber actor based…

Unauthorized Access

Access Restricted: The Growing Threat of Shadow AI In today’s digital landscape, unauthorized artificial intelligence (AI) usage has emerged as a significant cybersecurity risk, often referred to as “shadow AI.” Recently, a concerning article highlighted this burgeoning threat, prompting urgent…

DoNot Team Linked to New Tanzeem Android Malware Aimed at Intelligence Gathering

The threat group known as DoNot Team is associated with a new Android malware linked to highly targeted cyber attacks. The malware, identified as Tanzeem (meaning “organization” in Urdu) and its update variant, was discovered by cybersecurity firm Cyfirma in October and December 2024. These applications share nearly identical functionalities, with only slight user interface changes. Cyfirma’s Friday analysis pointed out, “While designed as a chat application, it fails to operate after installation, crashing once the required permissions are granted.” The app’s name indicates a focus on targeting specific individuals or groups both domestically and internationally. DoNot Team, also known as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to originate from India, notorious for utilizing spear-phishing emails and various Android malware strains in their attacks.

DoNot Team Linked to Emerging Tanzeem Android Malware Targeting Intelligence Gathering January 20, 2025 In a notable development in the cyber threat landscape, the hacking group known as DoNot Team has been associated with a new strain of Android malware.…