• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Chinese APT Group Vixen Panda Targets Iranian Government Entities

You are here: Home / General Cyber Security News / Chinese APT Group Vixen Panda Targets Iranian Government Entities
January 19, 2023

The Chinese innovative persistent threat (APT) recognized as Vixen Panda has been joined to a new collection of attacks targeting the Iranian govt in between July and December 2022.

The statements occur from cybersecurity scientists at Palo Alto Networks’ Device 42, who shared a report about them with Infosecurity by way of email.

Called “Playful Taurus” by Device 42, Vixen Panda is also recognised as APT15, BackdoorDiplomacy, KeChang and NICKEL. The risk actor has been active considering that at the very least 2010, normally focusing on authorities and diplomatic entities in North and South The usa, Africa and the Center East.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“In June 2021, ESET noted that this team had upgraded their device kit to contain a new backdoor referred to as Turian,” wrote Unit 42 in the advisory revealed before right now.

“This backdoor continues to be under active progress, and we evaluate that it is utilised solely by Playful Taurus actors. Next the evolution of this capability, we not long ago recognized new variants of this backdoor as well as new command and management infrastructure.”

Both equally variants, which highlighted supplemental obfuscation and a modified network protocol, have been deployed in attacks versus numerous Iranian governing administration networks.

“We identified Iranian governing administration infrastructure creating connections with a acknowledged Playful Taurus command and manage (C2) server,” wrote Unit 42. “Pivoting on one particular of the Iranian authorities IPs, we then recognized further infrastructure hosting certificates that overlap with a 2nd Playful Taurus C2 server.”

According to Palo Alto Networks, the updates to the Turian backdoor and new C2 infrastructure propose that Vixen Panda carries on to see good results throughout its cyber-espionage campaigns.

In the advisory, which is readily available below, the firm has also shared file samples and indicators of compromise (IoC) of the new destructive campaign alongside various protection and mitigation strategies.

These incorporate the use of advanced URL filtering and DNS security techniques to recognize domains related with Playful Taurus as malicious.

The Device 42 advisory arrives days after new facts from Recorded Potential instructed that restrictive regulations in China might push cyber-criminals towards new monetization methods.


Some pieces of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Over Four Billion People Affected By Internet Censorship in 2022

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Chinese APT Group Vixen Panda Targets Iranian Government Entities
  • Over Four Billion People Affected By Internet Censorship in 2022
  • Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa
  • 1000 Shipping Vessels Impacted by Ransomware Attack
  • ChatGPT Creates Polymorphic Malware
  • #WEF23: Geopolitical Instability Means a Cyber “Catastrophe” is Imminent
  • Google Ads malvertising campaign prompts questions around Search security
  • Almost Half of Critical Manufacturing at Risk of Breach
  • Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks
  • Nissan Supplier Leaked Data on Thousands of Customers

Copyright © TheCyberSecurity.News, All Rights Reserved.