Tag: china-nexus

All items tagged china-nexus.

• Threat actor: FishMonger (I-SOON) ports SprySOCKS to Windows with a kernel-mode rootkit
  in 2026-W25
• FishMonger (I-SOON) ports its SprySOCKS backdoor to Windows with a kernel-driver rootkit
  in 2026-06-17
• PRC UNC6508 ran year-plus espionage through internet-facing REDCap servers and a Google Workspace BCC rule
  in 2026-06-16
• UPDATE: FBI "Operation Ghost Hook" seizes the Outsider PhaaS infrastructure Google had sued
  in 2026-06-15
• VerdantBamboo (UNC5221 / WARP PANDA) — BSD-compiled BRICKSTORM confirmed on pfSense, plus a new PLENET backdoor
  in 2026-W24
• Velvet Ant "Operation Highland" — Sygnia documents decade-long Linux PAM/sshd subversion
  in 2026-W24
• Google sues China-based "Outsider" PhaaS network for weaponising Gemini to mass-produce phishing pages
  in 2026-06-13
• Black Lotus Labs: the Volt Typhoon-linked JDY botnet doubles to 1,500+ devices and weaponises CVE disclosures within hours
  in 2026-06-11
• ANNUAL REPORT [SINGLE-SOURCE] — CrowdStrike 2026 Technology Threat Landscape Report: technology is now the most-targeted sector
  in 2026-06-11
• FIFA World Cup 2026 pre-event threat cluster: Android banking trojans in pirated streaming apps, plus a 13,000-domain fraud layer, ahead of the 11 June kick-off
  in 2026-06-08
• Five Eyes "Safeguarding Our Secrets" — Chinese military intelligence systematically recruiting via LinkedIn and job platforms
  in 2026-W23
• VerdantBamboo / UNC5221 / WARP PANDA — 18-month undetected China-nexus intrusion through MSP pfSense [SINGLE-SOURCE]
  in 2026-W23
• TA4922 — China-nexus cybercrime cluster expands from Japan into Germany, UK and Italy with native-language lures and Atlas RAT
  in 2026-W23
• Five Eyes joint bulletin: Chinese military intelligence recruiting cleared personnel through LinkedIn and job platforms
  in 2026-06-06
• OP-512: China-linked cluster runs a cryptographically-unique, self-reporting IIS web-shell framework against legacy .NET servers [SINGLE-SOURCE]
  in 2026-06-06
• VerdantBamboo (UNC5221 / WARP PANDA): an 18-month China-nexus intrusion that lived entirely on EDR-blind edge appliances and proxied into Microsoft 365 past Conditional Access `[SINGLE-SOURCE]`
  in 2026-06-05
• Proofpoint TA4922: a China-nexus cybercrime cluster expands from Japan into Germany, the UK and Italy with native-language lures and DLL-side-loaded Atlas RAT
  in 2026-06-05
• Ghost Stadium PhaaS — 300+ FIFA domain clones, multi-language fake SSO, targeting UK/Germany/Portugal/Spain fan credentials before June 11 kickoff
  in 2026-05-30
• ANNUAL REPORT — ESET APT Activity Report Q4 2025–Q1 2026: Sandworm strikes NATO energy, Lazarus targets EU drone sector, UNC5221 pivots to Ivanti SPAWN toolset
  in 2026-05-30
• Google's threat-intel group maps a Chinese-language PhaaS ecosystem doing real-time OTP relay over RCS/iMessage [SINGLE-SOURCE]
  in 2026-05-26
• ESET APT Activity Report Q4 2025–Q1 2026 — three state programmes converging on EU energy, defence and edge appliances
  in 2026-W22
• Calypso/Red Lamassu (Bronze Medley) deploys Showboat (Linux) and JFMBackdoor (Windows) against telecoms — new implant pair disclosed by Lumen Black Lotus Labs and PwC Threat Intelligence
  in 2026-05-22
• Webworm (China-aligned) shifts to EU government targets — EchoCreep (Discord C2) and GraphWorm (Microsoft Graph / OneDrive C2) backdoors documented by ESET, with Belgian, Italian, Serbian, Polish and Spanish governmental victims
  in 2026-05-21
• Telecom — sustained pressure from espionage tradecraft and fragile carrier infrastructure
  in 2026-W21
• Webworm (China-aligned; FishMonger / Aquatic Panda) — pivots to EU government targets
  in 2026-W21
• Calypso / Red Lamassu (Bronze Medley, China-aligned) — Showboat and JFMBackdoor against telecoms
  in 2026-W21
• Hardening / detection summary
  in 2026-05-12
• CVE-2026-6973 + CVE-2026-5787 — Ivanti EPMM on-prem pre-auth chain to admin RCE; 508 EU instances internet-exposed; named EU victims include the European Commission
  in 2026-W19
• DigiCert support portal compromise — Salesforce-based support-chat social engineering yielded 60 fraudulent EV code-signing certificates
  in 2026-W19
• DAEMON Tools Lite supply-chain compromise — China-nexus QUIC RAT delivered via signed installers; ~12 selective government / scientific / manufacturing targets
  in 2026-W19
• CL-STA-1132 (PAN-OS CVE-2026-0300 exploitation cluster, likely state-sponsored)
  in 2026-W19
• UAT-8302 (China-nexus, Talos; SE European government victims)
  in 2026-W19
• UPDATE: Ivanti EPMM CVE-2026-6973 — KEV deadline expired today; ~850 internet-exposed instances globally with 508 in Europe; companion CVE-2026-5786/5788 ship in same patch
  in 2026-05-10
• DAEMON Tools Lite supply chain — QUIC RAT deployed via signed installer; EU governments among targeted victims
  in 2026-05-09