Latest news with #nationstate
Bloomberg
a day ago
- Business
- Bloomberg
Microsoft Says Chinese Hackers Are Exploiting SharePoint Flaws
Microsoft Corp. accused Chinese hackers of exploiting vulnerabilities in its SharePoint software that have led to breaches worldwide in recent days. Two Chinese nation-state actors have been exploiting these vulnerabilities in SharePoint, Microsoft said in a blog Tuesday. The flaws were discovered in instances of the software installed on customer servers rather than in the cloud, the company said.
News.com.au
08-06-2025
- Business
- News.com.au
Cybersecurity risks continue to mount amid threats from nation-state hacker groups
Fortinet Australia Chief Security Officer Glenn Maiden says the risks around cybersecurity are 'very high' and are continuing to increase. Cybersecurity risks have escalated rapidly, thanks to countries like China and Russia weaponising advanced hacking groups and creating sophisticated deepfakes. Mr Maiden discusses the 'sophisticated nation-state campaigns' which have hit some of the largest companies in the world, including US telecommunication giants. In partnership with Fortinet
Forbes
30-05-2025
- Politics
- Forbes
Brute-Force Router Login Attacks Confirmed — What You Need To Know
AyySSHush campaign targeting thousands of routers confirmed. Thousands of routers worldwide have been targeted by a sophisticated campaign that leverages a two-year-old vulnerability, authentication flaws, and brute-force attacks. The researchers who uncovered the AyySSHush attacks have suggested it is likely the work of a nation-state threat actor. Here's what you need to know. The as-of-yet unidentified threat actors behind the AyySSHush campaign have targeted routers from major manufacturers, with at least 9,000 ASUS router models known to have already been compromised, using a stealthy and persistent backdoor that can survive firmware updates and reboots. State-sponsored hacker groups are known to have been behind everything from Windows password-stealing attacks, targeting presidential political campaigns, and even ransomware attacks against predominantly Western targets. Espionage, however, is one of the primary drivers of these hackers working in tandem with government resources. And what better way to get a data eavesdropping foothold than to compromise a router? Researchers at GreyNoise have reported that just such a sophisticated compromise campaign, that is said to be consistent with such advanced persistent threat actors, although it cannot attribute it to a specific group at this point in time, 'the level of tradecraft suggests a well-resourced and highly capable adversary,' the report stated. Although the GreyNoise research has confirmed that at least 9,000 ASUS routers have been compromised to date, and the number is increasing all the time, it has been reported that other routers from other major vendors such as Cisco, D-Link, and Linksys have also been targeted by AyySSHush. The researchers explained that attackers gain initial access through brute-force login attempts, along with authentication bypass techniques that exploit known vulnerabilities that owners have yet to patch. They then insert a public key that is under their control for remote access. While no malware is installed, the backdoor itself 'is stored in non-volatile memory and is therefore not removed during firmware upgrades or reboots,' GreyNoise warned. I have reached out to ASUS for a statement. "Even something as mundane as a router becomes a strategic asset once it gains long-term identity in a threat actor's infrastructure,' Wade Ellery, field chief technology officer at Radiant Logic, said. Which is why, at the organizational level at least, real-time identity-aware telemetry across all assets, including those routers, is essential. Debbie Gordon, CEO at Cloud Range, meanwhile, wanted that the campaign highlighted a dangerous shift in attacker strategy from quick hits to long-haul persistence. 'AyySSHush's ability to survive factory resets and firmware updates is a wake-up call,' Gordon said, 'edge devices like routers are no longer low-value targets.' With both SoHo and consumer routers targeted by this latest attack, routers can no longer be treated as set-and-forget devices.
