ID | Votes | Profile Description |
---|---|---|
I-Soon | 4 | i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi |
Earth Krahang | 3 | Earth Krahang is a threat actor, a term used in cybersecurity to describe an entity responsible for malicious activities. This could be an individual, a private company, or even a government organization. In the world of cybersecurity, unique names are often given to these actors to differentiate th |
Bronze University | 2 | Bronze University, also known as Aquatic Panda, ControlX, RedHotel, and Earth Lusca, is a threat actor group believed to be a Chinese state-sponsored hacking operation. The group has been active since 2021, targeting government, aerospace, education, telecommunications, media, and research organizat |
Chromium | 1 | Chromium is an open-source software project that forms the foundation for several web browsers, including Google Chrome, Microsoft Edge, and Brave. The initial goal of Chromium was to create a fast, secure, and stable browsing experience. Over time, it has evolved to include various features such as |
ISOON | 1 | iSoon, also known as Shanghai Anxun Information Technology or Auxun, is a Chinese information security (InfoSec) vendor based in Shanghai. The company's compromise led to an unusual leak of information that provided further evidence supporting the "quartermaster" theory of Chinese hacking. This theo |
ID | Type | Votes | Profile Description |
---|---|---|---|
Sprysocks | Unspecified | 6 | SprySOCKS is a new strain of malware that has recently been added to the arsenal of Earth Lusca, an advanced persistent threat (APT) group known for its sophisticated cyberattacks. Malware, short for malicious software, is designed to exploit and damage computers or devices without the user's knowle |
ShadowPad | Unspecified | 2 | ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in |
Predator Spyware | Unspecified | 1 | Predator Spyware is a type of malware, or malicious software, that has recently been identified as a significant threat to digital security. This harmful program infiltrates devices without the user's knowledge, often through suspicious downloads, emails, or websites. Once installed, it can steal pe |
Derusbi | Unspecified | 1 | Derusbi is a sophisticated malware family known for its ability to target both Linux and Windows systems. It has been predominantly associated with Chinese cyber espionage operations since 2008, making it a significant concern in the realm of cybersecurity. The malware primarily functions as a tool |
Royal Ransomware | Unspecified | 1 | Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi |
P2pinfect | Unspecified | 1 | P2Pinfect is a malicious software (malware) that has recently been updated to target Redis servers with miners and ransomware, as well as routers and Internet of Things (IoT) devices. This malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once |
Luadream | Unspecified | 1 | LuaDream is a type of malware, specifically designed to exploit and damage computer systems or devices. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or |
Predator | Unspecified | 1 | Predator is a potent malware that, along with NSO Group's Pegasus, remains a leading provider of mercenary spyware. Despite public disclosures in September 2023, Predator's operators have continued their operations with minimal changes, exploiting recently patched zero-day vulnerabilities in Apple a |
ID | Type | Votes | Profile Description |
---|---|---|---|
Earth Akhlut | Unspecified | 3 | Earth Akhlut is a recognized threat actor, originating from China, known for its malicious activities in the realm of cybersecurity. Since 2019, it has been involved in distributing the Shadowpad malware, a sophisticated tool that has caused significant concern within the cybersecurity community. Th |
Winnti | Unspecified | 2 | Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar |
Redhotel | Unspecified | 1 | RedHotel, also known as Aquatic Panda, ControlX, and Bronze University, is a threat actor linked to Chinese state-sponsored cyber groups. It is part of a sophisticated network of espionage operations including RedAlpha, Poison Carp, and i-SOON, which are primarily involved in the theft of telecommun |
ID | Type | Votes | Profile Description |
---|---|---|---|
CVE-2022-40684 | Unspecified | 2 | CVE-2022-40684 is a significant software vulnerability identified in Fortinet devices, specifically relating to an authentication bypass flaw. This flaw in the software design or implementation allows threat actors to exploit the vulnerability, compromising network security and providing unauthorize |
CVE-2022-39952 | Unspecified | 2 | CVE-2022-39952 is a critical vulnerability in Fortinet's network access control suite, FortiNAC. This flaw, which resides in the software design or implementation, could lead to arbitrary code execution, posing a severe threat to network security. The vulnerability was identified and addressed by Fo |
CVE-2019-18935 | Unspecified | 2 | CVE-2019-18935 is a .NET deserialization vulnerability in the Progress Telerik user interface (UI) for ASP.NET AJAX, located in Microsoft's Internet Information Services (IIS) web server. This flaw in software design or implementation was exploited by multiple cyber threat actors, including an Advan |
CVE-2021-22205 | Unspecified | 1 | CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues t |
CVE-2019-9670 | Unspecified | 1 | None |
CVE-2019-9621 | Unspecified | 1 | None |
Earth Lusca Earth Lusca | Unspecified | 1 | None |
CVE-2023-5009 | Unspecified | 1 | None |
CVE-2023-36845 | Unspecified | 1 | CVE-2023-36845 is a significant software vulnerability, specifically a PHP external variable modification bug, identified by WatchTowr Labs' security researchers. The flaw was part of a series of vulnerabilities linked to the SRX firewall system, including a missing authentication for critical funct |
Source | CreatedAt | Title |
---|---|---|
Securityaffairs | 5 days ago | Security Affairs Malware Newsletter - Round 3 |
Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
Securityaffairs | 12 days ago | Security Affairs Malware Newsletter - Round 2 |
Securityaffairs | 20 days ago | Security Affairs Malware Newsletter - Round 1 |
Securityaffairs | a month ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION |
Securityaffairs | a month ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION |
Securityaffairs | a month ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION |
Securityaffairs | 2 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |
Securityaffairs | 3 months ago | Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION |
Securityaffairs | 3 months ago | Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION |
Securityaffairs | 3 months ago | Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION |
Securityaffairs | 4 months ago | Security Affairs newsletter Round 466 by Pierluigi Paganini |
Securityaffairs | 4 months ago | Security Affairs newsletter Round 465 by Pierluigi Paganini |
Securityaffairs | 4 months ago | DinodasRAT Linux variant targets users worldwide |
Securityaffairs | 4 months ago | Security Affairs newsletter Round 464 by Pierluigi Paganini |
BankInfoSecurity | 4 months ago | Trend Micro Spots Possible iSoon Campaign |
InfoSecurity-magazine | 4 months ago | Prolific Chinese Threat Campaign Targets 100+ Victims |
Securityaffairs | 4 months ago | Earth Krahang APT breached tens of government orgs worldwide |
Trend Micro | 4 months ago | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks |
Securityaffairs | 4 months ago | Security Affairs newsletter Round 463 by Pierluigi Paganini |