ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

Threat Score:
53
Security Affairs
1 day ago

Overview

Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell campaign exploiting four Microsoft SharePoint flaws, linking it to China-nexus groups APT27, APT31, and a new cluster, Storm-2603. The researchers pointed out that Storm-2603’s goals remain […]...

Related Articles

5 articles
1

New Linux backdoor Plague bypasses auth via malicious PAM module

Security Affairs 1 hour ago

A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access. Nextron Systems researchers discovered a new stealthy Linux backdoor called Plague, hidden as a malicious PAM (Pluggable Authentication Module) module. It silently bypasses authentication and grants persistent SSH access. A Pluggable Authentication Module […]

Score
88
Read more
2

China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions

Security Affairs 2 hours ago

China questioned Nvidia over suspected backdoors in its H20 chips, adding to rising tensions in the tech fight between the U.S. and Beijing. China’s internet watchdog has summoned Nvidia over concerns that its H20 AI chips may contain hidden backdoors. Nvidia H20 chips are AI GPUs tailored for the Chinese market, based on Hopper architecture. […]

Score
83
Read more
3

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

The Hacker News 8 hours ago

Telecommunications organizations in Southeast Asia have been targeted by a state- threat actor known asCL-STA-0969to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024. The attacks are characterized by the use of several tools to enable remote access, as well as the deployment of Cordscan, which can collect location d

Score
78
Read more
4

Julio de 2025: los ataques cibernéticos más grandes, ataques de ransomware e violaciones de datos

Ciberseguridadpyme 14 hours ago

La ⁣ciberseguridad se ha convertido en una preocupación seria ya que nuestras ⁢vidas⁣ están significativamente entrelazadas con las tecnologías digitales. Julio de 2025 ha ‍demostrado ser un punto de inflexión debido a algunos de⁣ los mayores ataques⁤ cibernéticos, ataques de ransomware y violaciones de datos presenciadas en⁢ múltiples sectores ⁤y regiones⁣ a nivel mundial. los […] La entrada Julio de 2025: los ataques cibernéticos más grandes, ataques de ransomware e violaciones de datos se pub

Score
76
Read more
5

📥 Download the complete threat report to uncover the full scale of the FBI-flagged Funnull DNS infrastructure ->> https://lnkd.in/ehSBvCBx The FBI's recent FLASH alert exposed #Funnull as the backbone of a global cryptocurrency #fraud operation active since - LinkedIn

News 6 hours ago

EnglishUnited States Deutsch English Español Français Italiano العربية All languages Afrikaans azərbaycan bosanski català Čeština Cymraeg Dansk Deutsch eesti EnglishUnited Kingdom EspañolEspaña EspañolLatinoamérica euskara Filipino FrançaisCanada FrançaisFrance Gaeilge galego Hrvatski Indonesia isiZulu íslenska Italiano Kiswahili latviešu lietuvių magyar Melayu Nederlands norsk o‘zbek polski PortuguêsBrasil PortuguêsPortugal română shqip Slovenčina slovenščina srpski (latinica) Suomi Svenska Tiế

Score
75
Read more