Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’

#### [Security](/security/)**3** Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’=====================================================================================**3** Redmond threat intel maven talks explains this persistent pain to *The Reg*—————————————————————————[Jessica Lyons](/Author/Jessica-Lyons ‘Read more by this author’) Fri 6 Dec 2024 // 01:03 UTC [](https://www.reddit.com/submit?url=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Microsoft%3a%20Another%20Chinese%20cyberspy%20crew%20targeting%20US%20critical%20orgs%20%27as%20of%20yesterday%27) [](https://twitter.com/intent/tweet?text=Microsoft%3a%20Another%20Chinese%20cyberspy%20crew%20targeting%20US%20critical%20orgs%20%27as%20of%20yesterday%27&url=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Microsoft%3a%20Another%20Chinese%20cyberspy%20crew%20targeting%20US%20critical%20orgs%20%27as%20of%20yesterday%27&summary=Redmond%20threat%20intel%20maven%20talks%20explains%20this%20persistent%20pain%20to%20%3ci%3eThe%20Reg%3c%2fi%3e) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) A Chinese government-linked group that Microsoft tracks as Storm-0227 yesterday started targeting critical infrastructures organisations and US government agencies, according to Redmond’s threat intel team.The crew has been active since at least January, and while Microsoft declined to enumerate Storm-0227’s victim count, ‘there are indicators that this group is active as of yesterday, actively pursuing threat activity,’ Sherrod DeGrippo, director of threat intelligence strategy, told *The Register*.The espionage crew shares some overlap with [Silk Typhoon](https://www.microsoft.com/en-us/security/security-insider/silk-typhoon) operatives (aka [Hafnium](https://www.theregister.com/2021/03/03/hafnium_exchange_server_attack/)), and other illicit activity that other vendors track as [TAG-100](https://www.recordedfuture.com/research/tag-100-uses-open-source-tools-in-suspected-global-espionage-campaign). Over the last 12 months, the Chinese spies mostly focused on US targets in the defense industrial base, aviation, telecommunications, financial and legal services industries, plus government and non-governmental agencies. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z1LLw5-1NUt7qwgSXjEujwAAAIo&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0)’They’re a significant threat, particularly because they really do embody the activity of persistence,’ DeGrippo said. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z1LLw5-1NUt7qwgSXjEujwAAAIo&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0) ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z1LLw5-1NUt7qwgSXjEujwAAAIo&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0)Storm-0227 typically gains initial access by exploiting security vulnerabilities in public-facing applications or, since September, with spear phishing emails that contain malicious attachments or links. The goal here is to trick people into opening a document or connecting to a website that downloads [SparkRAT](https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/), an open-source remote administration tool written in Go that provides persistent access to victims’ machines. The crew appears not to use custom malware.’ DeGrippo said many actors deploy SparkRAT. ‘Even national-aligned threat actors … are pulling commodity malware out of that trading ecosystem and using it for remote access,’ she said. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z1LLw5-1NUt7qwgSXjEujwAAAIo&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0)Even just five years ago, ‘that was sort of a shocking thing to see a nation-sponsored, espionage-focused threat actor group really leveraging off the shelf malware,’ DeGrippo added. ‘Today we see it very frequently.’Once they’ve broken in, Storm-0227 gets to work stealing credentials to cloud applications including Microsoft 365 and eDiscovery, a tool used by legal professionals to review documents. Abusing legitimate applications helps the intruders to evade detection — they look like just another user, but the gang uses its access to steal email communications and sensitive files.* [T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’](https://www.theregister.com/2024/12/05/tmobile_cso_telecom_attack/)* [China has utterly pwned ‘thousands and thousands’ of devices at US telcos](https://www.theregister.com/2024/11/25/salt_typhoon_mark_warner_warning/)* [China’s Volt Typhoon crew and its botnet surge back with a vengeance](https://www.theregister.com/2024/11/13/china_volt_typhoon_back/)* [Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator](https://www.theregister.com/2024/11/20/musk_chinese_cyberspies/)DeGrippo said the group uses the data it steals to understand victims’ operations.’If you have the email communications that go with that file, and reference that file, and talk about what the point of it is, and why they’re using it, what it means, and why I’m sending this to you – it gives a richness to the intelligence gathering that the threat actor is doing,’ she said.Storm-0227’s victims overlap with some of the sectors hit by other Chinese cyber-spy crews like [Salt Typhoon](https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/) (which has [attacked](https://www.theregister.com/2024/12/05/tmobile_cso_telecom_attack/) telcos around the world) and [Volt Typhoon](https://www.theregister.com/2024/11/13/china_volt_typhoon_back/).DeGrippo said the threat isn’t going away anytime soon.’China continues to focus on these kinds of targets,’ she said. ‘They’re pulling out files that are of espionage value, communications that are contextual espionage value to those files, and looking at US interests.’ ® [Sponsored: Where do European SMEs start when it comes to conquering the world?](https://go.theregister.com/tl/3112/shttps://www.theregister.com/2024/11/25/where_do_european_smes_start/) Share [](https://www.reddit.com/submit?url=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Microsoft%3a%20Another%20Chinese%20cyberspy%20crew%20targeting%20US%20critical%20orgs%20%27as%20of%20yesterday%27) [](https://twitter.com/intent/tweet?text=Microsoft%3a%20Another%20Chinese%20cyberspy%20crew%20targeting%20US%20critical%20orgs%20%27as%20of%20yesterday%27&url=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Microsoft%3a%20Another%20Chinese%20cyberspy%20crew%20targeting%20US%20critical%20orgs%20%27as%20of%20yesterday%27&summary=Redmond%20threat%20intel%20maven%20talks%20explains%20this%20persistent%20pain%20to%20%3ci%3eThe%20Reg%3c%2fi%3e) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) #### More about* [China](/Tag/China/)* [Cybercrime](/Tag/Cybercrime/)* [Microsoft](/Tag/Microsoft/) More like these × ### More about* [China](/Tag/China/)* [Cybercrime](/Tag/Cybercrime/)* [Microsoft](/Tag/Microsoft/)* [Security](/Tag/Security/) ### Narrower topics* [2FA](/Tag/2FA/)* [Active Directory](/Tag/Active%20Directory/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Authentication](/Tag/Authentication/)* [Azure](/Tag/Azure/)* [BEC](/Tag/BEC/)* [Bing](/Tag/Bing/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [BSoD](/Tag/BSoD/)* [Bug Bounty](/Tag/Bug%20Bounty/)* [CHERI](/Tag/CHERI/)* [China Mobile](/Tag/China%20Mobile/)* [China telecom](/Tag/China%20telecom/)* [China Unicom](/Tag/China%20Unicom/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Cyberspace Administration of China](/Tag/Cyberspace%20Administration%20of%20China/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [Excel](/Tag/Excel/)* [Exchange Server](/Tag/Exchange%20Server/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [Great Firewall](/Tag/Great%20Firewall/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [HoloLens](/Tag/HoloLens/)* [Hong Kong](/Tag/Hong%20Kong/)* [Identity Theft](/Tag/Identity%20Theft/)* [Incident response](/Tag/Incident%20response/)* [Information Technology and the People’s Republic of China](/Tag/Information%20Technology%20and%20the%20People%27s%20Republic%20of%20China/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Internet Explorer](/Tag/Internet%20Explorer/)* [JD.com](/Tag/JD.com/)* [Kenna Security](/Tag/Kenna%20Security/)* [LinkedIn](/Tag/LinkedIn/)* [Microsoft 365](/Tag/Microsoft%20365/)* [Microsoft Build](/Tag/Microsoft%20Build/)* [Microsoft Edge](/Tag/Microsoft%20Edge/)* [Microsoft Fabric](/Tag/Microsoft%20Fabric/)* [Microsoft Ignite](/Tag/Microsoft%20Ignite/)* [Microsoft Office](/Tag/Microsoft%20Office/)* [Microsoft Surface](/Tag/Microsoft%20Surface/)* [Microsoft Teams](/Tag/Microsoft%20Teams/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [.NET](/Tag/.NET/)* [Office 365](/Tag/Office%20365/)* [OS/2](/Tag/OS%2F2/)* [Outlook](/Tag/Outlook/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Patch Tuesday](/Tag/Patch%20Tuesday/)* [Phishing](/Tag/Phishing/)* [Pluton](/Tag/Pluton/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Semiconductor Manufacturing International Corporation](/Tag/Semiconductor%20Manufacturing%20International%20Corporation/)* [SharePoint](/Tag/SharePoint/)* [Shenzhen](/Tag/Shenzhen/)* [Skype](/Tag/Skype/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [SQL Server](/Tag/SQL%20Server/)* [Surveillance](/Tag/Surveillance/)* [TLS](/Tag/TLS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [Uyghur Muslims](/Tag/Uyghur%20Muslims/)* [Visual Studio](/Tag/Visual%20Studio/)* [Visual Studio Code](/Tag/Visual%20Studio%20Code/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [Windows](/Tag/Windows/)* [Windows 10](/Tag/Windows%2010/)* [Windows 11](/Tag/Windows%2011/)* [Windows 7](/Tag/Windows%207/)* [Windows 8](/Tag/Windows%208/)* [Windows Server](/Tag/Windows%20Server/)* [Windows Server 2003](/Tag/Windows%20Server%202003/)* [Windows Server 2008](/Tag/Windows%20Server%202008/)* [Windows Server 2012](/Tag/Windows%20Server%202012/)* [Windows Server 2013](/Tag/Windows%20Server%202013/)* [Windows Server 2016](/Tag/Windows%20Server%202016/)* [Windows Subsystem for Linux](/Tag/Windows%20Subsystem%20for%20Linux/)* [Windows XP](/Tag/Windows%20XP/)* [Xbox](/Tag/Xbox/)* [Xbox 360](/Tag/Xbox%20360/)* [Zero trust](/Tag/Zero%20trust/) ### Broader topics* [APAC](/Tag/APAC/)* [Bill Gates](/Tag/Bill%20Gates/) #### More aboutShare [](https://www.reddit.com/submit?url=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Microsoft%3a%20Another%20Chinese%20cyberspy%20crew%20targeting%20US%20critical%20orgs%20%27as%20of%20yesterday%27) [](https://twitter.com/intent/tweet?text=Microsoft%3a%20Another%20Chinese%20cyberspy%20crew%20targeting%20US%20critical%20orgs%20%27as%20of%20yesterday%27&url=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Microsoft%3a%20Another%20Chinese%20cyberspy%20crew%20targeting%20US%20critical%20orgs%20%27as%20of%20yesterday%27&summary=Redmond%20threat%20intel%20maven%20talks%20explains%20this%20persistent%20pain%20to%20%3ci%3eThe%20Reg%3c%2fi%3e) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) **3** COMMENTS #### More about* [China](/Tag/China/)* [Cybercrime](/Tag/Cybercrime/)* [Microsoft](/Tag/Microsoft/) More like these × ### More about* [China](/Tag/China/)* [Cybercrime](/Tag/Cybercrime/)* [Microsoft](/Tag/Microsoft/)* [Security](/Tag/Security/) ### Narrower topics* [2FA](/Tag/2FA/)* [Active Directory](/Tag/Active%20Directory/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Authentication](/Tag/Authentication/)* [Azure](/Tag/Azure/)* [BEC](/Tag/BEC/)* [Bing](/Tag/Bing/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [BSoD](/Tag/BSoD/)* [Bug Bounty](/Tag/Bug%20Bounty/)* [CHERI](/Tag/CHERI/)* [China Mobile](/Tag/China%20Mobile/)* [China telecom](/Tag/China%20telecom/)* [China Unicom](/Tag/China%20Unicom/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Cyberspace Administration of China](/Tag/Cyberspace%20Administration%20of%20China/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [Excel](/Tag/Excel/)* [Exchange Server](/Tag/Exchange%20Server/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [Great Firewall](/Tag/Great%20Firewall/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [HoloLens](/Tag/HoloLens/)* [Hong Kong](/Tag/Hong%20Kong/)* [Identity Theft](/Tag/Identity%20Theft/)* [Incident response](/Tag/Incident%20response/)* [Information Technology and the People’s Republic of China](/Tag/Information%20Technology%20and%20the%20People%27s%20Republic%20of%20China/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Internet Explorer](/Tag/Internet%20Explorer/)* [JD.com](/Tag/JD.com/)* [Kenna Security](/Tag/Kenna%20Security/)* [LinkedIn](/Tag/LinkedIn/)* [Microsoft 365](/Tag/Microsoft%20365/)* [Microsoft Build](/Tag/Microsoft%20Build/)* [Microsoft Edge](/Tag/Microsoft%20Edge/)* [Microsoft Fabric](/Tag/Microsoft%20Fabric/)* [Microsoft Ignite](/Tag/Microsoft%20Ignite/)* [Microsoft Office](/Tag/Microsoft%20Office/)* [Microsoft Surface](/Tag/Microsoft%20Surface/)* [Microsoft Teams](/Tag/Microsoft%20Teams/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [.NET](/Tag/.NET/)* [Office 365](/Tag/Office%20365/)* [OS/2](/Tag/OS%2F2/)* [Outlook](/Tag/Outlook/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Patch Tuesday](/Tag/Patch%20Tuesday/)* [Phishing](/Tag/Phishing/)* [Pluton](/Tag/Pluton/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Semiconductor Manufacturing International Corporation](/Tag/Semiconductor%20Manufacturing%20International%20Corporation/)* [SharePoint](/Tag/SharePoint/)* [Shenzhen](/Tag/Shenzhen/)* [Skype](/Tag/Skype/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [SQL Server](/Tag/SQL%20Server/)* [Surveillance](/Tag/Surveillance/)* [TLS](/Tag/TLS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [Uyghur Muslims](/Tag/Uyghur%20Muslims/)* [Visual Studio](/Tag/Visual%20Studio/)* [Visual Studio Code](/Tag/Visual%20Studio%20Code/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [Windows](/Tag/Windows/)* [Windows 10](/Tag/Windows%2010/)* [Windows 11](/Tag/Windows%2011/)* [Windows 7](/Tag/Windows%207/)* [Windows 8](/Tag/Windows%208/)* [Windows Server](/Tag/Windows%20Server/)* [Windows Server 2003](/Tag/Windows%20Server%202003/)* [Windows Server 2008](/Tag/Windows%20Server%202008/)* [Windows Server 2012](/Tag/Windows%20Server%202012/)* [Windows Server 2013](/Tag/Windows%20Server%202013/)* [Windows Server 2016](/Tag/Windows%20Server%202016/)* [Windows Subsystem for Linux](/Tag/Windows%20Subsystem%20for%20Linux/)* [Windows XP](/Tag/Windows%20XP/)* [Xbox](/Tag/Xbox/)* [Xbox 360](/Tag/Xbox%20360/)* [Zero trust](/Tag/Zero%20trust/) ### Broader topics* [APAC](/Tag/APAC/)* [Bill Gates](/Tag/Bill%20Gates/) #### TIP US OFF[Send us news](https://www.theregister.com/Profile/contact/)[#### T-Mobile US ‘monitoring’ China’s ‘industry-wide attack’ amid fresh security breach fearsupdated Un-carrier said to be among those hit by Salt Typhoon, including AT-&T, VerizonNetworks18 days -| 2](/2024/11/18/tmobile_us_attack_salt_typhoon/?td=keepreading) [#### T-Mobile US takes a victory lap after stopping cyberattacks: ‘Other providers may be seeing different outcomes’Funny what putting more effort and resources into IT security can doCSO9 days -| 9](/2024/11/27/tmobile_cyberattack_victory_lap/?td=keepreading) [#### Salt Typhoon’s surge extends far beyond US telcosPlus, a brand-new backdoor, GhostSpider, is linked to the cyber spy crew’s operationsSecurity8 days -| 7](/2024/11/27/salt_typhoons_us_telcos/?td=keepreading) [#### Why AI builds best on private cloudsAI projects under pressure to show real value in the tightest of timeframes might be worth keeping on-premisesSponsored Feature](/2024/10/29/why_ai_builds_best_on/?td=keepreading) [#### Security? We’ve heard of it: How Microsoft plans to better defend WindowsIgnite Did we say CrowdStrike? We meant, er, The July Incident…CSO11 days -| 27](/2024/11/25/microsoft_talks_up_beefier_windows/?td=keepreading) [#### China has utterly pwned ‘thousands and thousands’ of devices at US telcosSenate Intelligence Committee chair says his ‘hair is on fire’ as execs front the White HouseCyber-crime11 days -| 51](/2024/11/25/salt_typhoon_mark_warner_warning/?td=keepreading) [#### T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’interview Security chief talks to El Reg as Feds urge everyone to use encrypted chatCSO1 day -| 44](/2024/12/05/tmobile_cso_telecom_attack/?td=keepreading) [#### Telco security is a dumpster fire and everyone’s getting burnedOpinion The politics of cybersecurity are too important to be left to the politiciansSecurity4 days -| 61](/2024/12/02/telco_security_opinion/?td=keepreading) [#### The only thing worse than being fired is scammers fooling you into thinking you’re firedScumbags play on victims’ worst fears in phishing campaign referencing UK Employment TribunalCyber-crime8 days -| 50](/2024/11/28/fired_phishing_campaign_cloudflare/?td=keepreading) [#### Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senatorMeet Liminal Panda, which prowls telecom networks in South Asia and AfricaCSO15 days -| 32](/2024/11/20/musk_chinese_cyberspies/?td=keepreading) [#### Microsoft preps big guns to shift Copilot software and PCsCanalys Forums EMEA IT admins be warned: 13,000 tech suppliers coming for your employer’s checkbookAI + ML7 days -| 53](/2024/11/29/microsoft_preps_big_guns_for/?td=keepreading) [#### China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealerNo word on when or if the issue will be fixedSecurity16 days -| 2](/2024/11/19/china_brazenbamboo_fortinet_0day/?td=keepreading)

Related Tags:
Playcrypt

Play

NAICS: 485 – Transit And Ground Passenger Transportation

NAICS: 48 – Transportation

NAICS: 517 – Telecommunications

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 92 – Public Administration

NAICS: 51 – Information

NAICS: 928 – National Security And International Affairs

Associated Indicators:

Threat Intel Solutions

Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us