• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Chinese APT Group Vixen Panda Targets Iranian Government Entities

You are here: Home / General Cyber Security News / Chinese APT Group Vixen Panda Targets Iranian Government Entities
January 19, 2023

The Chinese innovative persistent threat (APT) recognized as Vixen Panda has been joined to a new collection of attacks targeting the Iranian govt in between July and December 2022.

The statements occur from cybersecurity scientists at Palo Alto Networks’ Device 42, who shared a report about them with Infosecurity by way of email.

Called “Playful Taurus” by Device 42, Vixen Panda is also recognised as APT15, BackdoorDiplomacy, KeChang and NICKEL. The risk actor has been active considering that at the very least 2010, normally focusing on authorities and diplomatic entities in North and South The usa, Africa and the Center East.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“In June 2021, ESET noted that this team had upgraded their device kit to contain a new backdoor referred to as Turian,” wrote Unit 42 in the advisory revealed before right now.

“This backdoor continues to be under active progress, and we evaluate that it is utilised solely by Playful Taurus actors. Next the evolution of this capability, we not long ago recognized new variants of this backdoor as well as new command and management infrastructure.”

Both equally variants, which highlighted supplemental obfuscation and a modified network protocol, have been deployed in attacks versus numerous Iranian governing administration networks.

“We identified Iranian governing administration infrastructure creating connections with a acknowledged Playful Taurus command and manage (C2) server,” wrote Unit 42. “Pivoting on one particular of the Iranian authorities IPs, we then recognized further infrastructure hosting certificates that overlap with a 2nd Playful Taurus C2 server.”

According to Palo Alto Networks, the updates to the Turian backdoor and new C2 infrastructure propose that Vixen Panda carries on to see good results throughout its cyber-espionage campaigns.

In the advisory, which is readily available below, the firm has also shared file samples and indicators of compromise (IoC) of the new destructive campaign alongside various protection and mitigation strategies.

These incorporate the use of advanced URL filtering and DNS security techniques to recognize domains related with Playful Taurus as malicious.

The Device 42 advisory arrives days after new facts from Recorded Potential instructed that restrictive regulations in China might push cyber-criminals towards new monetization methods.


Some pieces of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Over Four Billion People Affected By Internet Censorship in 2022
Next Post: Mailchimp Suffers Another Security Breach Compromising Some Customers’ Information mailchimp suffers another security breach compromising some customers' information»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.