Threat Intelligence, Malware

APT41 expands cyberespionage to target Windows

Share
Chinese cyber threat
(Adobe Stock)

Windows systems have been targeted by Chinese state-sponsored hacking operation APT41, also known as Winnti, Barium, Bronze Atlas, Wicked Panda, and Brass Typhoon, in a new cyberespionage campaign involving DeepData surveillance framework after targeting iOS systems with the LightSpy malwareSecurityWeek reports.

DeepData, which has a layout identical to LightSpy and features a dozen infostealing-focused plugins, enables not only the exfiltration of data from browsers, password managers, and social networking apps, but also the recording of audio from its targets, according to an analysis from the BlackBerry Research and Intelligence Team. While DeepData was noted to have only been integrated with keylogging capabilities last month, attackers began development more than two years ago in a bid to facilitate long-term intelligence operations. "Since their initial development of the LightSpy spyware implant in 2022, the attacker has been persistently and methodically working on the strategic targeting of communication platforms, with the emphasis on stealth and persistent access," said researchers.

Related

Israel subjected to Iranian attacks with new WezRat infostealer

Malicious emails spoofing Israel's National Cyber Directorate have been leveraged by Cotton Sandstorm to lure targeted entities into downloading a Google Chrome security update, which facilitates the delivery of WezRAT that enables file downloading, screenshot capturing, keystroke logging, clipboard content extraction, and Chromium browser cookie compromise.

Novel PXA Stealer leveraged by Vietnamese hackers

Attackers delivered phishing emails with a ZIP file attachment with an executable Rust-based loader, which prompts Windows batch scripts that not only open lure documents but also facilitate the deactivation of antivirus software prior to the deployment of the Python-based information-stealing malware, an analysis from Cisco Talos showed.

T-Mobile reportedly compromised in sweeping Chinese attack against telcos

Investigation into the reported breach — which the New York Times reported had been conducted to target the campaigns of President-elect Donald Trump and Vice President Kamala Harris — is already being conducted by T-Mobile, which has so far not discovered evidence suggesting that its systems or data had been affected by the intrusion.

Related Events

Related Terms

Account HarvestingCorruptionData MiningDeauthentication AttackDictionary AttackDomain HijackingDrive-by DownloadDumpster DivingHybrid AttackInformation Warfare

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.