Topic: chinese threat actors

  • 'BRICKSTORM' Backdoor: Chinese Hackers Target US Firms

    'BRICKSTORM' Backdoor: Chinese Hackers Target US Firms

    A sophisticated cyber espionage campaign using the BRICKSTORM backdoor is targeting U.S. companies, particularly in legal, tech, and SaaS sectors, and is attributed to Chinese-aligned hackers with goals beyond intelligence gathering. The threat actors, known as UNC5221, employ a complex, multi-st...

    Read More »
  • State Hackers Exploit Most Software Vulnerabilities

    State Hackers Exploit Most Software Vulnerabilities

    State-sponsored hackers were responsible for over half of all attributed software vulnerability exploits in the first half of 2025, primarily targeting critical infrastructure and enterprise systems for espionage rather than financial gain. Chinese state-linked groups dominated these activities, ...

    Read More »
  • Ransomware Attacks Target Vulnerable SharePoint Servers

    Ransomware Attacks Target Vulnerable SharePoint Servers

    Chinese-linked threat actors are exploiting critical SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-53771) to deploy Warlock ransomware, targeting over 400 organizations, including US federal agencies. Suspected Chinese hacking groups Storm-2603, Linen Typhoon, and Violet Typhoon are usi...

    Read More »
  • Hackers Exploit Microsoft ClickOnce & AWS for Stealth Attacks

    Hackers Exploit Microsoft ClickOnce & AWS for Stealth Attacks

    The OneClik cyberattack campaign exploits Microsoft ClickOnce and custom Golang malware to target energy sector organizations, disguising malicious traffic within legitimate AWS cloud services. Attackers use phishing emails with fraudulent Azure-hosted sites to distribute malicious ClickOnce file...

    Read More »
  • Colt Data Breach: Warlock Ransomware Auctions Stolen Customer Files

    Colt Data Breach: Warlock Ransomware Auctions Stolen Customer Files

    Colt Technology Services experienced a data breach where customer documentation was stolen and is now being auctioned online by the Warlock ransomware gang. The stolen files include sensitive financial records, network architecture details, and extensive customer information, with the gang demand...

    Read More »