Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label China. Show all posts
Vulnerability
China Cybersecurity espionage Ivanti malware VPN Vulnerability

Chinese Cyber Espionage Suspected in New Ivanti VPN Malware Attack

 

A newly discovered cyberattack campaign targeting Ivanti VPN devices is suspected to be linked to a Chinese cyberespionage group. Security researchers believe the attackers exploited a critical vulnerability in Ivanti Connect Secure, which was patched by the Utah-based company in February. The attack is yet another example of how state-backed Chinese threat actors are rapidly taking advantage of newly disclosed vulnerabilities and frequently targeting Ivanti’s infrastructure.

On Thursday, researchers from Mandiant revealed that a group tracked as UNC5221 exploited a stack-based buffer overflow vulnerability to deploy malicious code from the Spawn malware ecosystem—an attack technique often associated with Chinese state-sponsored activity. Mandiant also identified two previously unknown malware families, which they've named Trailblaze and Brushfire. As seen in earlier attacks tied to Chinese hackers, this group attempted to manipulate Ivanti’s internal Integrity Checker Tool to avoid detection.

The vulnerability, officially tracked as CVE-2025-22457, was used to compromise multiple Ivanti products, including Connect Secure version 22.7R2.5 and earlier, the legacy Connect Secure 9.x line, Policy Secure (Ivanti’s network access control solution), and Zero Trust Access (ZTA) gateways. Ivanti released a patch for Connect Secure on February 11, emphasizing that Policy Secure should not be exposed to the internet, and that "Neurons for ZTA gateways cannot be exploited when in production."

Ivanti acknowledged the attack in a statement: "We are aware of a limited number of customers whose appliances have been exploited." The incident follows warnings from Western intelligence agencies about China's increasing speed and aggression in leveraging newly disclosed software vulnerabilities—often before security teams have time to deploy patches.

Many of the devices targeted were legacy systems no longer receiving software updates, such as the Connect Secure 9.x appliance, which reached end-of-support on December 31, 2024. Older versions of the Connect Secure product line, which were set to be replaced by version 22.7R2.6 as of February 11, were also compromised.

This marks the second consecutive year Ivanti has had to defend its products from persistent attacks by suspected Chinese state-backed hackers. Thursday’s advisory from Mandiant and Ivanti highlights a vulnerability separate from the one flagged in late March by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which had allowed attackers to install a Trojan variant linked to Spawn malware in Ivanti systems.
Read more »
Technology
AI Alibaba China Cloud DeepSeek GenAI Technology

Alibaba Launches Latest Open-source AI Model from Qwen Series for ‘Cost-effective AI agents’

Alibaba Launches Lates Open-source AI Model from Qwen Series for ‘Cost-effective AI agents’

Last week, Alibaba Cloud launched its latest AI model in its “Qwen series,” as large language model (LLM) competition in China continues to intensify after the launch of famous “DeepSeek” AI.

The latest "Qwen2.5-Omni-7B" is a multimodal model- it can process inputs like audio/video, text, and images- while also creating real-time text and natural speech responses, Alibaba’s cloud website reports. It also said that the model can be used on edge devices such as smartphones, providing higher efficiency without giving up on performance. 

According to Alibaba, the “unique combination makes it the perfect foundation for developing agile, cost-effective AI agents that deliver tangible value, especially intelligent voice applications.” For instance, the AI can be used to assist visually impaired individuals to navigate their environment via real-time audio description. 

The latest model is open-sourced on forums GitHub and Hugging Face, after a rising trend in China post DeepSeek breakthrough R1 model open-source. Open-source means a software in which the source code is created freely on web for potential modification and redistribution. 

In recent years, Alibaba claims it has open-sourced more that 200 generative AI models. In the noise of China’s AI dominance intensified by DeepSeek due to its shoe string budget and capabilities, Alibaba and genAI competitors are also releasing new, cost-cutting models and services an exceptional case.

Last week, Chinese tech mammoth Baidu launched a new multimodal foundational model and its first reasoning-based model. Likewise, Alibaba introduced its updated Qwen 2.5 AI model in January and also launched a new variant of its AI assistant tool Quark this month. 

Alibaba has also made strong commitments to its AI plan, recently, it announced a plan to put $53 billion in its cloud computing and AI infrastructure over the next three years, even surpassing its spending in the space over the past decade. 

CNBC talked with Kai Wang, Asia Senior equity analyst at Morningstar, Mr Kai told CNBC that “large Chinese tech players such as Alibaba, which build data centers to meet the computing needs of AI in addition to building their own LLMs, are well positioned to benefit from China's post-DeepSeek AI boom.” According to CNBC, “Alibaba secured a major win for its AI business last month when it confirmed that the company was partnering with Apple to roll out AI integration for iPhones sold in China.”

Read more »
Mobile Applications
AI Chatbot China Cyber Security iOS iOS App Store. Mobile Applications Mobile App Mobile Applications

Tencent’s AI Chatbot Yuanbao Becomes China’s Most Downloaded iOS App

 

Tencent’s AI chatbot, Yuanbao, has surpassed DeepSeek to become the most downloaded free app on China’s iOS App Store. The chatbot, launched in May 2024, gained significant traction following Tencent’s integration of DeepSeek’s R1 reasoning model in February. This move provided users with an additional AI option alongside Tencent’s proprietary Hunyuan model. As a result, Tencent’s Hong Kong-listed shares rose by 1.6% on Tuesday. 

Tencent, which operates China’s largest social media platform, WeChat, further accelerated Yuanbao’s growth by adding a download button for the chatbot within the app. This gave its 1.3 billion users direct access to the AI tool, significantly boosting downloads. By late February, the number of daily active users surged from a few hundred thousand to three million, according to Li Bangzhu, founder of AIcpb.com, a website that tracks AI applications. 

This rise in popularity can largely be attributed to Tencent’s extensive promotional efforts. The company has leveraged WeChat’s vast ecosystem to recommend Yuanbao to users, place ads on its social timeline, and integrate the chatbot across other Tencent applications. In addition to its AI chatbot expansion, Tencent recently reorganized several teams, including those for Yunbao, QQ Browser, Sogou Pinyin, and learning assistant Im, moving them under its Cloud and Smart Industries Group.
  
The company’s aggressive push into AI comes amid intensifying competition from major Chinese tech firms such as Alibaba, Baidu, and ByteDance. Last month, Tencent launched Hunyuan Turbo S, an upgraded AI model designed for faster responses compared to its predecessors and even outperforming DeepSeek. Meanwhile, Baidu announced that it would introduce the latest version of its Ernie 4.5 model this month, which will be made open source on June 30. 

The company will also make its Ernie Bot chatbot free for all users starting April 1. ByteDance is also ramping up its AI efforts, with CEO Liang Rubo prioritizing advancements in generative AI for the first quarter of 2025. The company has launched the Seed Edge project, which focuses on long-term AI research, and has hired AI expert Wu Yonghui from Google to lead its foundational research initiatives. 

With rapid developments in the AI sector, Tencent’s strategic moves indicate its ambition to stay ahead in China’s competitive AI landscape. The success of Yuanbao highlights the increasing importance of AI-powered applications, as well as the role of major tech companies in shaping the future of digital interaction.
Read more »
Ransomware Payload
China Cyber Crime cyber espionage Nailaolocker Ransomware Payload

European Healthcare Entities Targeted With NailaoLocker Ransomware

 

A previously undocumented ransomware payload named NailaoLocker has been detected in assaults targeting European healthcare entities between June and October 2024. 

The attackers employed CVE-2024-24919, a Check Point Security Gateway vulnerability, to obtain access to targeted networks and install the ShadowPad and PlugX malware families, which are closely associated with Chinese state-sponsored threat groups. Orange Cyberdefense CERT attributes the attacks to Chinese cyber-espionage tactics, while there is insufficient evidence to assign them to specific groups. 

According to Orange experts, NailaoLocker is a rather rudimentary ransomware strain when compared to the most renowned families in the area. Orange classifies NailaoLocker as a simple ransomware because it does not terminate security processes or operating services, lacks anti-debugging and sandbox evasion methods, and does not search network shares. 

The malware is installed on target systems using DLL sideloading (sensapi.dll), which involves a genuine and signed executable (usysdiag.exe). The malware loader (NailaoLoader) investigates the environment using memory address checks before decrypting and loading the main payload (usysdiag.exe.dat) into memory. 

The NailaoLocker then activates and begins encrypting files with an AES-256-CTR scheme, appending the ".locked" extension to the encrypted files. After the encryption is completed, the ransomware sends an HTML ransom note with the unusually long filename "unlock_please_view_this_file_unlock_please_view_this_file_unlock_please_view_this_file_unlock_please_view_this_file_unlock_please.html.”

Combining ransomware and espionage

After further investigation, Orange claims to have discovered some parallels between the ransom note's content and a ransomware tool sold by a cybercrime company known as Kodex Softwares (previously Evil Extractor). However, there were no obvious code overlaps, thus the relationship was fuzzy. 

Orange has proposed numerous hypotheses for the assaults, including false flag operations designed to distract, deliberate data theft operations combined with income creation, and, most likely, a Chinese cyberespionage organisation "moonlighting" to generate some money. 

Symantec only revealed last week that suspected Emperor Dragonfly (also known as Bronze Starlight) agents were using RA World ransomware to target Asian software companies and demanding a $2 million ransom. 

The shift in strategy is concerning since Chinese state-backed players have not adopted the strategy of North Korean actors, who are known to pursue several objectives concurrently, including financial advantages through ransomware operations.
Read more »
DeepSeek
AI Models AI technology AI Threat China Cyber Security Data Mining Data Privacy data security DeepSeek

DeepSeek AI Raises Data Security Concerns Amid Ties to China

 

The launch of DeepSeek AI has created waves in the tech world, offering powerful artificial intelligence models at a fraction of the cost compared to established players like OpenAI and Google. 

However, its rapid rise in popularity has also sparked serious concerns about data security, with critics drawing comparisons to TikTok and its ties to China. Government officials and cybersecurity experts warn that the open-source AI assistant could pose a significant risk to American users. 

On Thursday, two U.S. lawmakers announced plans to introduce legislation banning DeepSeek from all government devices, citing fears that the Chinese Communist Party (CCP) could access sensitive data collected by the app. This move follows similar actions in Australia and several U.S. states, with New York recently enacting a statewide ban on government systems. 

The growing concern stems from China’s data laws, which require companies to share user information with the government upon request. Like TikTok, DeepSeek’s data could be mined for intelligence purposes or even used to push disinformation campaigns. Although the AI app is the current focus of security conversations, experts say that the risks extend beyond any single model, and users should exercise caution with all AI systems. 

Unlike social media platforms that users can consciously avoid, AI models like DeepSeek are more difficult to track. Dimitri Sirota, CEO of BigID, a cybersecurity company specializing in AI security compliance, points out that many companies already use multiple AI models, often switching between them without users’ knowledge. This fluidity makes it challenging to control where sensitive data might end up. 

Kelcey Morgan, senior manager of product management at Rapid7, emphasizes that businesses and individuals should take a broad approach to AI security. Instead of focusing solely on DeepSeek, companies should develop comprehensive practices to protect their data, regardless of the latest AI trend. The potential for China to use DeepSeek’s data for intelligence is not far-fetched, according to cybersecurity experts. 

With significant computing power and data processing capabilities, the CCP could combine information from multiple sources to create detailed profiles of American users. Though this might not seem urgent now, experts warn that today’s young, casual users could grow into influential figures worth targeting in the future. 

To stay safe, experts advise treating AI interactions with the same caution as any online activity. Users should avoid sharing sensitive information, be skeptical of unusual questions, and thoroughly review an app’s terms and conditions. Ultimately, staying informed and vigilant about where and how data is shared will be critical as AI technologies continue to evolve and become more integrated into everyday life.
Read more »
Technology
Artificial Intelligence China DeepSeek Garante Italy Technology

Italy Takes Action Against DeepSeek AI Over User Data Risks

 



Italy’s data protection authority, Garante, has ordered Chinese AI chatbot DeepSeek to halt its operations in the country. The decision comes after the company failed to provide clear answers about how it collects and handles user data. Authorities fear that the chatbot’s data practices could pose security risks, leading to its removal from Italian app stores.  


Why Did Italy Ban DeepSeek?  

The main reason behind the ban is DeepSeek’s lack of transparency regarding its data collection policies. Italian regulators reached out to the company with concerns over whether it was handling user information in a way that aligns with European privacy laws. However, DeepSeek’s response was deemed “totally insufficient,” raising even more doubts about its operations.  

Garante stated that DeepSeek denied having a presence in Italy and claimed that European regulations did not apply to it. Despite this, authorities believe that the company’s AI assistant has been accessible to Italian users, making it subject to the region’s data protection rules. To address these concerns, Italy has launched an official investigation into DeepSeek’s activities.  


Growing Concerns Over AI and Data Security  

DeepSeek is an advanced AI chatbot developed by a Chinese startup, positioned as a competitor to OpenAI’s ChatGPT and Google’s Gemini. With over 10 million downloads worldwide, it is considered a strong contender in the AI market. However, its expansion into Western countries has sparked concerns about how user data might be used.  

Italy is not the only country scrutinizing DeepSeek’s data practices. Authorities in France, South Korea, and Ireland have also launched investigations, highlighting global concerns about AI-driven data collection. Many governments fear that personal data gathered by AI chatbots could be misused for surveillance or other security threats.  

This is not the first time Italy has taken action against an AI company. In 2023, Garante temporarily blocked OpenAI’s ChatGPT over privacy issues. OpenAI was later fined €15 million after being accused of using personal data to train its AI without proper consent.  


Impact on the AI and Tech Industry

The crackdown on DeepSeek comes at a time when AI technology is shaping global markets. Just this week, concerns over China’s growing influence in AI led to a significant drop in the U.S. stock market. The NASDAQ 100 index lost $1 trillion in value, with AI chipmaker Nvidia alone suffering a $600 million loss.  

While DeepSeek has been removed from Italian app stores, users who downloaded it before the ban can still access the chatbot. Additionally, its web-based version remains functional, raising questions about how regulators will enforce the restriction effectively.  

As AI continues to make new advancements, countries are becoming more cautious about companies that fail to meet privacy and security standards. With multiple nations now investigating DeepSeek, its future in Western markets remains uncertain.



Read more »
Network Security
Backdoor China Contec Data Breach Healthcare Network Security

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Cybersecurity & Infrastructure Security Agency (CISA) in the US rolled out an investigation report concerning three firmware variants used in Contec CMS800, a patient monitoring system used in healthcare facilities and hospitals. 

CIS finds hidden backdoor in Chinese software

Experts found that the devices had a hidden backdoor with a hard-coded IP address, enabling transmission of patient data. This is doable as the devices will start a link to a central monitoring system through a wireless or wired network, as per the product description. 

The agency disclosed the codes that send data to a select IP address. The decoded data includes detailed information- patients, hospital department, doctor’s name, date of birth, admission date, and other details about the device users. 

Details about three flaws

The flaw is filed under “CVE-2025-0626 with a CVSS v4 score of 7.7 out of 10” says Tom’s Hardware, while also talking about two other vulnerabilities “filed under CVE-2024- 12248, which indicates that it could allow an attacker to write data remotely to execute a code” and “CVE-2025-0683, which relates to privacy vulnerability.”

Impact of vulnerabilities

The three cybersecurity flaws can allow threat actors to dodge cybersecurity checks, get access, and also manipulate the device, the FDA says, not being “aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time."

FDA said that Contec Medical Systems is a device manufacturer in China, its products are used in the healthcare industry- clinics, hospitals, etc., in the US and European Union. However, experts found that these can also be bought from eBay for $599. 

About Contec

These devices are also rebranded as Epsimed MN-120, the FDA believes. Contec products are FDA-approved and sold in more than 130 countries. As part of its vulnerability disclosure process, the CISA research team discovered uncovered this flaw. 

The agency has also mentioned that the IP address is not linked with any medical device manufacturer, “Still, it is a third-party university, though it doesn't mention the university, the IP address, or the country it is sending data to,” reports Tom Hardware. 

The CISA has also assessed that the coding was meant to be a substitute update system because it doesn’t include standard update techniques like doing integrity checks or tracking updated versions. Instead, it offers a remote file sent to the IP address. To solve this, the FDA suggests removing the monitoring device from its network and tracking the patient’s physical condition and vital stats.

Read more »
US
China Cyber Security National Security Security States US

US Imposes Ban on Chinese and Russian Tech in Passenger Cars Over Security Risks

 

The United States has introduced a new regulation barring the use of Chinese and Russian technology in passenger vehicles sold domestically, citing national security risks. According to AFP, the ban covers both hardware and software from these countries, forming part of a broader effort to reduce China's influence in critical industries.

Outgoing President Joe Biden initiated the rule after a prolonged regulatory process aimed at tightening controls on foreign-linked technologies. This follows recent debates over restricting drones and other equipment from adversarial nations. Commerce Secretary Gina Raimondo highlighted the growing reliance of modern cars on advanced technology like cameras, microphones, GPS systems, and internet connectivity, which could pose risks if developed using foreign components.

"This is a targeted approach to keep Chinese and Russian-manufactured tech off American roads," said Raimondo.

The rule initially applies to passenger vehicles under 10,001 pounds, with plans to extend it to commercial vehicles, such as buses and trucks, in the future. It prohibits manufacturers with significant ties to China or Russia from selling cars equipped with foreign-made hardware or software for internet connectivity or autonomous driving.

Implementation will occur in two stages:

  • Software ban: Effective from the 2027 model year.
  • Hardware ban: Beginning with the 2030 model year.Imports of such technology from China and Russia will also face restrictions.

The regulation could affect companies like BYD, a Chinese electric vehicle manufacturer operating a facility in California that produces buses and other vehicles. US officials have raised concerns that connected vehicles equipped with foreign technology could be exploited to misuse sensitive data or interfere with critical systems.

National Economic Advisor Lael Brainard warned, "China is attempting to dominate the future of the auto industry," underscoring the need to shield American vehicles from foreign influence.

The new rule aligns with a broader strategy to bolster domestic industries and reduce dependence on foreign technologies. On the same day, President Biden signed an executive order to fast-track the development of AI infrastructure in the US.

"We will not let America fall behind in building the technology that will define the future," Biden stated.

As Biden prepares to leave office, these measures will transition to the administration of President-elect Donald Trump, who takes office next Monday. While it remains uncertain how Trump will handle these policies, significant shifts in strategy are anticipated.
Read more »
Subscribe to: Posts (Atom)