Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware
The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation.
"A npm package’s manifest is published independently from its tarball," Darcy Clarke, a former GitHub and npm engineering manager Read More
The Hacker News | #1 Trusted Cybersecurity News Site
American chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities. […] Read More
UK and allies expose Russian FSB hacking group, sanction members
The UK National Cyber Security Centre (NCSC) and Microsoft warn that the Russian state-backed actor “Callisto Group” (aka “Seaborgium” or “Star Blizzard”) is targeting organizations worldwide with spear-phishing campaigns used to steal account credentials and data. […] Read More
China Conceling State, Corporate & Academic Assets For Offensive Attacks
China’s cyber threat landscape has evolved into a complex ecosystem involving state actors, private companies, and academic institutions.
This intricate network supports and enhances China’s offensive cyber capabilities, blurring the lines between government, industry, and academia.
China’s cybersecurity industry, valued at over $22 billion, includes numerous private companies supporting state-sponsored cyber operations.
Large firms like ThreatBook, Qihoo360, and Qi An Xin provide defensive security solutions and indirectly contribute to offensive operations. Smaller companies like i-SOON offer specialized services ranging from penetration testing to malware development.
Cybersecurity researchers at Orange Cyber Defense noted that the contractors operate in a competitive environment but occasionally collaborate.
Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.
State actors in China’s cyber threat ecosystem
The key state actors in China’s cyber threat ecosystem include:-
People’s Liberation Army (PLA):
Consolidated SIGINT capabilities in the 2010s
Established the Strategic Support Force (SSF) in 2015-2016
Recently reorganized with the creation of the PLA Information Support Force and PLA Cyberspace Force in 2024
Ministry of State Security (MSS):
Serves as both internal security service and foreign intelligence collection agency
Plays an increasingly prominent role in cyberespionage operations
Utilizes a mix of in-house talents and cyber contractors
Ministry of Public Security (MPS):
Responsible for public law enforcement and political security
Operates in the cyber field due to counterintelligence and computer crime investigation mandates
Academic institutions play a crucial role in advancing China’s cyber capabilitie. Military universities work closely with armed forces on projects like malware effectiveness testing.
Civilian universities collaborate with military structures for offensive operations, while the universities serve as talent pipelines for the PLA, MSS, and private contractors.
Besides this, the hacking competitions act as recruitment platforms and sources of vulnerabilities.
China’s vulnerability disclosure ecosystem exemplifies the integration of private companies and universities into the state cybersecurity framework.
Multiple interconnected vulnerability databases (like CNVD, CNNVD) managed by different entities. Vulnerabilities collected from industry partners and academic institutions.
Discovered vulnerabilities have been repurposed for state-sponsored cyber campaigns.
This comprehensive ecosystem demonstrates China’s strategic approach to building and maintaining its offensive cyber capabilities, leveraging a wide range of actors and resources to support its objectives in cyberspace.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar