#chinese-state-sponsored-hacking

#chinese-state-sponsored-hacking

In recent weeks, China approved the world's first commercial brain-computer interface medical device and unveiled a five-ton class electric vertical takeoff and landing aircraft that has already completed a public flight.

Investigations found that Li Xiong, the former chairman of Huione Group under the Prince Group, is suspected of multiple crimes. Li was identified as a core member of Chen Zhi's criminal gang.

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

The CERT warned that OpenClaw has "extremely weak default security configuration" and must therefore be handled with extreme care. The CERT is worried that attackers can target the tool by embedding malicious instructions in web pages, and that poisoned plugins for the agentic tool can put users at risk. China's cyber-advisors also point out that OpenClaw has already disclosed several severe vulnerabilities that can result in credential theft.

Tianfu Cup was launched as an alternative to the Zero Day Initiative's Pwn2Own competition, which regularly pays out more than $1 million to white hat hackers who demonstrate critical vulnerabilities in consumer and enterprise hardware and software, industrial control systems, and automotive products. Tianfu Cup made headlines in 2021, when participants earned a total of $1.9 million for exploits targeting Windows, Ubuntu, iOS, Microsoft Exchange, Chrome, Safari, Adobe Reader, Asus routers, and various virtualization products.

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop, DriveSwitch, and SilentRaid, according to a Cisco Talos report published today.

The cybersecurity company said it identified the PeckBirdy script framework in 2023 after it observed multiple Chinese gambling websites being injected with malicious scripts, which are designed to download and execute the primary payload in order to facilitate the remote delivery and execution of JavaScript. The end goal of this routine is to serve fake software update web pages for Google Chrome so as to trick users into downloading and running bogus update files, thereby infecting the machines with malware in the process.

A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot, Gemini, to auto-analyze vulnerabilities and plan cyberattacks against US organizations, the company says. While there's no indication that any of these attacks were successful, "APT groups like this continue to experiment with adopting AI to support semi-autonomous offensive operations," Google Threat Intelligence Group chief analyst John Hultquist told The Register. "We anticipate that China-based actors in particular will continue to build agentic approaches for cyber offensive scale."