Sign in Subscribe

China

SLOW#TEMPEST Campaign Targets Chinese Users with Cobalt Strike and Mimikatz Attacks

SLOW#TEMPEST Campaign Targets Chinese Users with Cobalt Strike and Mimikatz Attacks

This campaign, targeting Chinese-speaking users, employed a combination of Cobalt Strike and Mimikatz to infiltrate and persist within compromised systems. The attack appears to have been conducted through phishing emails containing malicious ZIP files

Godzilla Fileless Backdoor Exploits CVE-2023-22527 in Atlassian Confluence

Godzilla Fileless Backdoor Exploits CVE-2023-22527 in Atlassian Confluence

The Godzilla webshell, a Chinese-language malware, leverages AES encryption to evade detection and remains memory-resident, making it particularly challenging for legacy anti-virus solutions to detect.

Velvet Ant Threat Group Exploits Zero-Day Vulnerability in Cisco Nexus Switches to Deploy Malware

Velvet Ant Threat Group Exploits Zero-Day Vulnerability in Cisco Nexus Switches to Deploy Malware

On August 22, 2024, Sygnia released a detailed report uncovering a sophisticated cyber espionage campaign conducted by the China-nexus threat group "Velvet Ant." This group recently exploited a zero-day vulnerability (CVE-2024-20399) in Cisco Nexus Switch appliances