How Chinese Hackers are Using Kernel-Mode Rootkits to Make ToneShell Malware Unstoppable
Read the full report on -
CyberDudeBivash News delivers daily cybersecurity threat intel, CVE alerts, malware trends, and crypto security briefings.
seen from Brazil
seen from Yemen

seen from Dominican Republic
seen from United States
seen from United States
seen from United States
seen from United States
seen from United States

seen from United States

seen from Singapore
seen from United States
seen from Australia

seen from United States

seen from United States
seen from United States
seen from United States

seen from United States
seen from Türkiye

seen from United States
seen from United States
How Chinese Hackers are Using Kernel-Mode Rootkits to Make ToneShell Malware Unstoppable
Read the full report on -
CyberDudeBivash News delivers daily cybersecurity threat intel, CVE alerts, malware trends, and crypto security briefings.

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
Chinese Spy Malware "BRICKSTORM" Is Hiding Inside Corporate Servers. (Check Your Systems NOW).
Read the full report on -
CyberDudeBivash offers real-time cybersecurity news, threat intelligence, zero-day vulnerabilities, malware reports, and security tools.
APT30, 3 Minute Profile
Spear phishing campaigns begin with a lure email relevant to the victim that carries a malicious Microsoft Word document, which, according to Kaspersky Lab, actually contains “a CVE-2012-0158 exploit, an executable with a double extension, or an executable with an RTLO filename”. One of its most prolific spear phishing campaigns was the March 2014 attacks targeting organizations from countries affected by the MH370 tragedy. Upon opening/ execution, the malicious payload, an 8kb encrypted file and configuration data, is injected into the browser memory where it decrypts the ports and paths to the C2C server, a user agent string, filenames and paths to relevant components, and hash sums of the user API functions. The malicious code downloads the main malware from the C2C server over an SSL connection and then it loads it independently of the operating system functions without saving it to the hard drive by assuming control of the XS02 function and then handling the installation in memory.
naikongroup
ATP30
ATP30, also known as the Naikon group is one of the most active APT groups in Asia. Since 2010, it has launched spear phishing campaigns into organizations surrounding the South China Sea, intent on harvesting geo-political intelligence from civilian and military government organizations in the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos, and China. The actors speak native Chinese. Based on the choice of targets, the operating language, and the sophistication of the toolkit, there is a distinct possibility that APT30 is a Chinese state sponsored threat group. Spear phishing campaigns begin with a lure email relevant to the victim that carries a malicious Microsoft Word document, which, according to Kaspersky Lab, actually contains “a CVE-2012-0158 exploit, an executable with a double extension, or an executable with an RTLO filename”. One of its most prolific spear phishing campaigns was the March 2014 attacks targeting organizations from countries affected by the MH370 tragedy. Upon opening/ execution, the malicious payload, an 8kb encrypted file and configuration data, is injected into the browser memory where it decrypts the ports and paths to the C2C server, a user agent string, filenames and paths to relevant components, and hash sums of the user API functions. The malicious code downloads the main malware from the C2C server over an SSL connection and then it loads it independently of the operating system functions without saving it to the hard drive by assuming control of the XS02 function and then handling the installation in memory.
chineseapt
APT30, 3 Minute Profile
Spear phishing campaigns begin with a lure email relevant to the victim that carries a malicious Microsoft Word document, which, according to Kaspersky Lab, actually contains “a CVE-2012-0158 exploit, an executable with a double extension, or an executable with an RTLO filename”. One of its most prolific spear phishing campaigns was the March 2014 attacks targeting organizations from countries affected by the MH370 tragedy. Upon opening/ execution, the malicious payload, an 8kb encrypted file and configuration data, is injected into the browser memory where it decrypts the ports and paths to the C2C server, a user agent string, filenames and paths to relevant components, and hash sums of the user API functions. The malicious code downloads the main malware from the C2C server over an SSL connection and then it loads it independently of the operating system functions without saving it to the hard drive by assuming control of the XS02 function and then handling the installation in memory.

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming