Skip to main content

Tag: china linked hackers

6 articles

Southeast Asian cityscape with industrial control system hinted in background.

China-Linked Hackers Deploy TinyRCT Backdoor in Southeast Asian Infrastructure Attacks

For years, a stealthy China-linked hacking group has been quietly targeting critical infrastructure in Southeast Asia, with a clear strategic interest in disrupting or monitoring key regional industries. Their sophisticated attacks have zeroed in on state-owned energy and government sectors, using a potent tool called the TinyRCT backdoor.

Analyst 207
Rows of computer servers and networking equipment in a server room with a focus on a specific device showing a subtle hint…

China-Linked Hackers Infiltrate Linux Login Software with Decade-Long Backdoor

A stealthy China-linked hacking group, tracked as Velvet Ant, has been quietly infiltrating Linux login software since 2016, embedding a decade-long backdoor that evades routine security cleanups and password resets. This sophisticated operation, dubbed Operation Highland, has allowed the group to fly under the radar and maintain persistent access to targeted systems.

Analyst 207
Interior of a manufacturing facility with industrial equipment, a slightly ajar server room door, and scattered network…

China-Linked Hackers Deploy TencShell Malware Against Global Manufacturer

In a clever move, China-linked hackers adapted existing malware tools to create TencShell, using it to launch a stealthy attack on a global manufacturer's Indian site. Fortunately, researchers at Cato Networks' Cyber Threats Research Lab were able to block the intrusion and uncover the sophisticated tactics used.

Analyst 207
Server room with computer equipment and servers under ordinary indoor lighting.

China-linked hackers exploit Microsoft Exchange in Azerbaijani energy firm attacks.

A group of China-linked hackers, known as FamousSparrow, launched a sustained cyberattack on an Azerbaijani oil and gas company, exploiting Microsoft Exchange vulnerabilities in a multi-wave intrusion that spanned three months. The attackers used the ProxyNotShell exploit to gain and maintain access to the victim's environment.

Analyst 207
Brightly-lit server room with subtle signs of security breach.

China-Linked Hackers Expose Wide-Ranging Espionage Campaign

Meet SHADOW-EARTH-053, a China-aligned espionage group that's been secretly lurking in the shadows since December 2024, using clever tactics like exploiting vulnerabilities and deploying web shells to gain persistent access to sensitive targets. Their sophisticated attacks have been linked to other notorious intrusion sets, revealing a vast and complex espionage campaign.

Analyst 207
A router on a rack in a network closet with multiple cables connected.

China-Linked Hackers Exploit Global Infrastructure in Covert Network Attacks

Be on high alert: China-linked hackers are secretly building global covert networks using compromised routers and devices, putting anyone who's a target at risk of devastating cyber attacks and data theft. This sinister plot, revealed by a joint advisory from 16 government agencies worldwide, has far-reaching implications for organizations and individuals alike.

Analyst 207