TZUTC: -0500   
   MSGID: 1175.consprcy@1:2320/105 2caeb211   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Chinese hackers launch major cyberattack campaign against businesses across   
   the world   
      
   Date:   
   Tue, 10 Jun 2025 15:00:35 +0000   
      
   Description:   
   More than 75 organizations targeted since June 2024 as China prepares for   
   conflict, researchers claim.   
      
   FULL STORY   
      
   Chinese hackers have been targeting companies across the world for roughly a   
   year now, and have managed to compromise at least 75 organizations - although   
   the actual number of victims could be a lot bigger.    
      
   Cybersecurity researchers at SentinelLABS were alerted to the campaign after   
   their own infrastructure was targeted, and in an analysis, explained that   
   after spotting this failed breach attempt, they started looking for more   
   victims, tried to identify the attackers, and set out to determine when the   
   campaign started.    
      
   They concluded that the earliest evidence of the campaign was in June 2024,   
   which means that the attacks were going on for approximately a year.    
      
   Preparing for war    
      
   They attributed the attacks to three China-linked threat actor collectives:   
   APT15 (AKA Ke3Chang or Nylon Typhoon), UNC5174, and APT41.    
      
   The former is known for targeting telcos, IT services, and government    
   sectors, and UNC5174 is known to have ties to Chinas Ministry of State   
   Security.    
      
   Apparently, it has been involved in global espionage and resale campaigns in   
   the past, as well. Finally, APT41 was previously seen using ShadowPad - a   
   piece of malware spotted in these attacks, as well.    
      
   The cyberespionage campaign targeted a wide range of victims, including an IT   
   services and logistics company that manages hardware needs for SentinelOne   
   employees, a leading European media organization (targeted for intelligence   
   gathering, apparently), and a South Asian government entity providing IT   
   services and infrastructure across multiple sectors.    
      
   SentinelLABS says most of the victims are operating in manufacturing,   
   government, finance, telecommunications, and research sectors - all    
   essential, critical infrastructure organizations.    
      
   This led the researchers to conclude that the attackers were most likely   
   positioning for potential conflict, either cyber-related, or military.    
      
   "They might be going after government organizations for more direct   
   espionage," SentinelOne threat researcher Tom Hegel told The Register .    
      
   "And then major global media organizations  maybe it's silencing certain   
   topics or disrupting them for reporting on certain things. If they are    
   sitting on their adversaries' networks   media organizations, or government   
   entities or their defense companies  they are able to flip a switch if   
   conflict were to occur."   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/chinese-hackers-launch-major-cyberattac   
   k-campaign-against-businesses-across-the-world   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426