Explore

Rapid Read Rapid Read
China-Linked APT GopherWhisper Exploits Legitimate Services in Government Cyber Attacks

China-Linked APT GopherWhisper Exploits Legitimate Services in Government Cyber Attacks

A newly identified advanced persistent threat (APT) group, named GopherWhisper, has been exploiting legitimate services for command-and-control (C&C) communication and data exfiltration, according to cybersecurity firm ESET. The group, believed to be operating out of China, has been active since at least November 2023. GopherWhisper came to attention in January 2025 during an investigation into a Go-based backdoor found on the systems of a governmental entity in Mongolia. This led to the discovery of several other backdoors, custom loaders, and injectors associated with the group. The backdoor, dubbed LaxGopher, uses Slack for C&C communication and can execute commands, exfiltrate data, and deploy additional payloads. Other tools in their arsenal include CompactGopher, a file collector, and RatGopher, a Go-based backdoor using Discord for communication. The group has also used a C++ backdoor called SSLORDoor and other tools like BoxOfFriends and FriendDelivery. ESET's investigation revealed that GopherWhis...
Rapid Read Rapid Read
China-Linked APT Group GopherWhisper Exploits Legitimate Services in Government Cyber Attacks

China-Linked APT Group GopherWhisper Exploits Legitimate Services in Government Cyber Attacks

A newly identified advanced persistent threat (APT) group, known as GopherWhisper, has been exploiting legitimate services for command-and-control (C&C) communication and data exfiltration in cyber attacks targeting government entities. According to cybersecurity firm ESET, GopherWhisper has been active since at least November 2023 and is believed to be operating out of China. The group was first brought to attention in January 2025 during an investigation into a Go-based backdoor found on the systems of a governmental entity in Mongolia. This investigation led to the discovery of several other backdoors, custom loaders, and injectors associated with the group. GopherWhisper utilizes various tools, including LaxGopher, which uses Slack for C&C communication, and RatGopher, which employs Discord for similar purposes. The group has also developed a C++ backdoor called SSLORDoor, which uses OpenSSL BIO for communication. These tools allow the group to execute commands, exfiltrate data, and manipulate files on...
Rapid Read Rapid Read
U.S. Senate Committee Examines China's Alleged Theft of American Military Technology

U.S. Senate Committee Examines China's Alleged Theft of American Military Technology

The U.S. Senate Committee on the Judiciary recently held a hearing titled 'Stealth Stealing: China’s Ongoing Theft of US Innovation,' focusing on the alleged theft of American technology by China. Key witnesses included Mark Cohen from the University of Akron, Tom Lyons of the 2430 Group, and Helen Toner from Georgetown University. The hearing addressed concerns over China's appropriation of U.S. military technology, such as the F-35 Lightning II jet fighter, which has a Chinese counterpart, the J-35, that closely resembles it. The hearing highlighted the case of Su Bin, a Chinese national who pleaded guilty to stealing F-35 technical data. The discussion underscored the broader issue of intellectual property theft, with economic losses estimated between $400 billion and $600 billion annually, impacting American taxpayers and businesses.
Rapid Read Rapid Read
US Federal Agency's Cisco Firewall Compromised by 'Firestarter' Backdoor

US Federal Agency's Cisco Firewall Compromised by 'Firestarter' Backdoor

A U.S. federal agency has been compromised by the 'Firestarter' backdoor, part of a China-linked espionage campaign targeting Cisco firewalls. The campaign, known as ArcaneDoor, exploited vulnerabilities in Cisco's Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. Despite patches issued by Cisco, the malware persists, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to issue an updated directive. Federal agencies are required to check for infections and apply necessary patches by April 24, 2026. The Firestarter backdoor allows attackers remote access and control, posing a significant threat to national security.
Rapid Read Rapid Read
U.S. Agencies Warn Against China-Nexus Covert Networks of Compromised Devices

U.S. Agencies Warn Against China-Nexus Covert Networks of Compromised Devices

The United States Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with international partners, has issued a cybersecurity advisory warning about the increasing use of covert networks of compromised devices by China-nexus cyber actors. These networks, often referred to as botnets, are primarily composed of compromised Small Office Home Office (SOHO) routers, Internet of Things (IoT), and smart devices. The advisory highlights a shift in tactics, techniques, and procedures (TTPs) by these actors, moving from individually procured infrastructure to large-scale networks of compromised devices. This development poses a significant threat to critical national infrastructure, as these networks are used to route cyber activities and pre-position offensive cyber capabilities. The advisory aims to equip network defenders with the necessary tools to combat these threats.
Rapid Read Rapid Read
U.S. and Allies Issue Advisory on China-Nexus Cyber Threats Using Compromised Devices

U.S. and Allies Issue Advisory on China-Nexus Cyber Threats Using Compromised Devices

The United States, along with international partners, has issued a cybersecurity advisory warning about China-nexus cyber actors using networks of compromised devices to conduct malicious activities. These covert networks, often comprising compromised routers and IoT devices, are being used strategically by Chinese state-sponsored groups like Volt Typhoon and Flax Typhoon. The advisory aims to equip network defenders with tools to counter these threats, highlighting a shift in tactics from individually procured infrastructure to large-scale networks of compromised devices.
Rapid Read Rapid Read
China's Naval Drills Indicate Increased Focus on Taiwan Invasion Preparedness

China's Naval Drills Indicate Increased Focus on Taiwan Invasion Preparedness

China's military has been conducting increasingly sophisticated naval exercises near Taiwan, simulating scenarios such as naval blockades, air incursions, and amphibious landings. A recent analysis by scholars at the U.S. Naval War College highlights a shift towards more realistic and operationally grounded rehearsals for a potential invasion of Taiwan. The exercises, which took place last fall, involved large-scale, coordinated operations across multiple locations, reflecting a strategic focus on Taiwan's geography. The drills included the use of civilian roll-on/roll-off vessels and amphibious armored vehicles, with the PLA Navy employing new tactics such as navigating through aquaculture rafts, which are common near Taiwan's shores. This development comes amid concerns within the Pentagon about the U.S.'s ability to defend Taiwan, given current stock levels of critical interceptors and munitions.
Rapid Read Rapid Read
UK Biobank Data Breach Raises Concerns Over Data Security and Trust

UK Biobank Data Breach Raises Concerns Over Data Security and Trust

A significant data security breach has occurred at the UK Biobank, where 'de-identified' data from 500,000 volunteers was listed for sale on a Chinese consumer website. The listings, which appeared on Alibaba's Taobao platform, were removed before any purchases were made. The breach did not expose personal data such as names or contact details but involved data typically accessible only to vetted researchers. The UK government believes the breach originated from research organizations with legitimate access, and access by these groups has been revoked. The incident has raised concerns about data security, especially as the UK government plans to launch a data-sharing initiative involving GP records.
Rapid Read Rapid Read
White House Accuses China of Industrial-Scale AI Model Copying, Raising Security Concerns

White House Accuses China of Industrial-Scale AI Model Copying, Raising Security Concerns

The White House has accused Chinese entities of conducting large-scale campaigns to copy American artificial intelligence (AI) models. According to a memo from Michael Kratsios, the White House director of the office of science and technology policy, these campaigns involve using tens of thousands of surrogate accounts and complex tools to extract proprietary information from U.S. companies. The process at the center of these accusations is known as 'distillation,' which transfers knowledge from a large AI model to a smaller one. This technique, while common in AI training, has been allegedly used by Chinese firms like DeepSeek to mimic the capabilities of U.S. models, including those from companies like Anthropic and OpenAI. The U.S. and China are in a competitive race to develop advanced AI technologies, with AI becoming a significant point of tension in their trade relations.
Rapid Read Rapid Read
UK Biobank Data Breach Raises Concerns Over Public Data Security

UK Biobank Data Breach Raises Concerns Over Public Data Security

UK Biobank has reported a data breach involving the sale of anonymized health data of 500,000 volunteers on a Chinese website. The breach has been described as 'deeply concerning' by UK officials, prompting the suspension of access to the database for involved academic institutions. The breach highlights vulnerabilities in data management and the need for stricter controls. UK Biobank is implementing measures to limit data file sizes and monitor exports to prevent future incidents. The breach has sparked discussions on the adequacy of current data protection practices and the trustworthiness of public data handling.
Rapid Read Rapid Read
White House Accuses China of Industrial-Scale AI Model Copying

White House Accuses China of Industrial-Scale AI Model Copying

The White House has accused Chinese entities of conducting large-scale campaigns to copy American AI models. According to a memo from Michael Kratsios, the White House director of the office of science and technology policy, these campaigns involve using numerous surrogate accounts and complex tools to extract proprietary information from U.S. companies. The accusations center around a process called 'distillation,' which transfers knowledge from large AI models to smaller ones. This practice has raised concerns about security and the exploitation of American innovation. The U.S. and China are engaged in a competitive race to develop advanced AI technology, with these allegations adding tension to the ongoing trade disputes between the two nations.
Rapid Read Rapid Read
White House Accuses China of 'Industrial-Scale' AI Technology Theft Ahead of Trump-Xi Summit

White House Accuses China of 'Industrial-Scale' AI Technology Theft Ahead of Trump-Xi Summit

The White House Office of Science and Technology Policy has accused China of conducting 'industrial-scale' AI technology theft. This accusation comes just weeks before a planned summit between President Trump and Chinese President Xi Jinping. The U.S. claims that foreign entities, primarily in China, are using mass-proxy distillation processes to steal American AI innovations. The Office of Science and Technology Policy (OSTP) has outlined evidence of these activities, which involve using tens of thousands of proxies to siphon American AI technology. The accusation is part of a broader concern about the integrity and reliability of AI models developed through such means. The announcement follows a House Judiciary Committee hearing on China's ongoing theft of U.S. innovation, which reportedly costs the U.S. economy between $400-600 billion annually.