Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group
Global Security

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

AdminBy AdminJune 9, 2025No Comments4 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


09 June 2025Red LakshmananState Security / Cyber ​​-Spy

The intelligence activity aimed at the US cybersecurity campaign Sentinelone was part of a wider set of partially related invasion of several purposes between July 2024 and March 2025.

“Victinology includes a state organization of South Asia, European media -organization and more than 70 organizations in a wide range of sectors,” – Sentinelone security researchers Alexandar Milekoski and Tom Hegel – Note In a report published today.

Some of the target sectors include production, government, finance, telecommunications and research. Also, the victims was attended by IT services and a logistics company that managed logistics equipment for Sentinelone employees during the violation in early 2025.

The malicious activity has been linked to high confidence in the Chinese-NEXUSEUS DEGROM, with some attacks related to the threatening cluster called PurpleWhich, in turn, intersect with cyber groups, are publicly reported as APT15 and UNC5174.

At the end of April 2024. Sentinelone For the first time disclosed Active intelligence activity related to Phurplehaze aimed at some of its servers that were intentionally available through the Internet, “virtue of their functionality”.

Cybersecurity

“The actor’s activity was limited to the reflection and assessment of the availability of individual servers that are probably in preparation for potential future actions,” the researchers said.

It is now unknown whether the intention of the attackers was just aiming at an IT -logistics organization, or they plan to expand their attention and the organizations downstream. Further investigation of the attacks revealed six different clusters of activity (named to F), dating from June 2024 with a compromise of the unnamed state structure of South Asia.

The clusters are given below –

  • Activities A: Invasion of the state structure of South Asia (June 2024)
  • Activity B: A set of invades aimed at organizing worldwide (between July 2024 to March 2025)
  • ACTIVITIES C: Invasion of IT -services and logistics campaign (early 2025)
  • Activity D: The invasion of the same South -Asian government enterprise was compromised (October 2024)
  • Activity E: Intelligence on Server Sentinelone (October 2024)
  • ACTIVITIES F: Invasion of the leading European media organization (late September 2024)

It is said that in June 2024 an attack on the government structure, according to Sentinelone, led to the deployment of Shadowpad, which is embarrassed with the help of Scatterbrain. Artifacts and infrastructure Shadowpad intersect with recent Shadowpad companies that delivered a family extortion family Nailolocker After operation of the gateway gateway to the Check Point.

After October 2024, the same organization was aimed at giving up Go reverse christened Singer who uses SSH to connect to the infected host. The same noted that Sentinelone was used in connection with the attack in September 2024, aimed at the leading European media organization.

Also for these two clusters of activity is the use of tools developed by the IT teamThc). Development notes for the first time the Thc program programs abused state participants.

Cybersecurity

Sentinelone attributed to Factor China-NEXUS actor with free accessories to “initial access broker”, which is tracked by Google Mandiant called UNC5174 (AKA UTEUS or UETUS). It is worth noting that the threat group was Recently related Prior to active exploitation of SAP Netwaver’s shortcomings to deliver Goreverse, Goreshell option. Cybersecurity Company Collectively monitors D, E and F as a Purplehaze.

“Actor threatened used Ball (Operational relay) Network infrastructure we evaluate to work with China and used Cve-2024-8963 vulnerability together with CVE-2024-8190 In order to establish the initial consolidation, a few days before the vulnerabilities were publicly disclosed, “the researchers said.

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.