VulnHub

Real-time Cybersecurity News

China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years

darkreading
Actively Exploited

Overview

Researchers have discovered a long-running cyberespionage campaign linked to Chinese hackers targeting military organizations in Southeast Asia. The attackers utilized advanced backdoor techniques and traditional evasion methods to maintain ongoing access to these sensitive networks. This campaign has raised concerns about the security of military operations and the potential for sensitive information to be compromised. The infiltration has reportedly been active for years, indicating that these hackers have been able to operate undetected for an extended period. This situation highlights the ongoing cybersecurity challenges faced by military organizations in the region and the need for enhanced defenses against such sophisticated threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Southeast Asian military organizations
  • Action Required: Organizations should conduct thorough security audits, implement advanced threat detection systems, and regularly update their cybersecurity protocols to counteract similar intrusions.
  • Timeline: Ongoing since several years

Original Article Summary

Researchers uncovered an extensive cyberespionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional targets.

Impact

Southeast Asian military organizations

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since several years

Remediation

Organizations should conduct thorough security audits, implement advanced threat detection systems, and regularly update their cybersecurity protocols to counteract similar intrusions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026

darkreading

Franz Regul, the former Chief Information Security Officer for the Paris 2024 Olympics, addressed the unique cybersecurity challenges faced by the event, especially as it prepares for the upcoming games. With a focus on evolving threats, Regul implemented strategies to safeguard sensitive data and protect against potential attacks. As the Olympics draw nearer, the need for a strong cybersecurity framework becomes increasingly vital, particularly with the high-profile nature of the event attracting various malicious actors. The lessons learned from Paris 2024 will also inform security measures for the Milan Cortina 2026 Olympics, aiming to create a safer environment for athletes and spectators alike. This proactive approach to cybersecurity underscores the importance of preparedness in large-scale events.

Mar 17, 2026

GlassWorm supply chain attack campaign expands further

SCM feed for Latest

The GlassWorm supply chain attack campaign has escalated, involving dozens of malicious Open VSX extensions and over 150 compromised GitHub repositories, according to reports from The Hacker News. This campaign targets software development environments, potentially affecting developers who use these extensions and repositories for their projects. By infiltrating trusted sources, attackers can distribute malicious code that may compromise the integrity of software development processes. Users and organizations relying on these platforms need to be vigilant and ensure their systems are secure to mitigate the risk of infection. The widespread nature of this attack highlights the growing threat to software supply chains and the need for heightened security measures in development practices.

Mar 16, 2026

Report: Cloud identity compromise drove 80% of 2025 incidents

SCM feed for Latest

According to Field Effect's 2026 Cyber Threat Outlook, compromised cloud identities were responsible for over 80% of the incident alerts investigated in 2025. This significant statistic indicates that attackers are increasingly targeting cloud services to gain unauthorized access. The shift in focus toward cloud identity compromises suggests that organizations need to bolster their security measures around these services. Companies that rely heavily on cloud infrastructure should prioritize identity management and implement stronger authentication processes to mitigate risks. This trend emphasizes the critical need for ongoing vigilance in cybersecurity practices as attackers adapt their strategies.

Mar 16, 2026

Microsoft releases out-of-band update for Windows 11 RRAS vulnerabilities

SCM feed for Latest

Microsoft has released an out-of-band update to address three vulnerabilities in Windows 11's Routing and Remote Access Service (RRAS). The vulnerabilities, identified as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, could potentially allow remote code execution when users connect to a malicious server. This is a serious concern as it could enable attackers to execute harmful code on affected systems. Users of Windows 11 should ensure they apply the latest updates to protect their devices from these risks. The prompt release of this patch reflects the urgency in addressing vulnerabilities that can be exploited remotely, highlighting the need for users to stay vigilant about software updates.

Mar 16, 2026

FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft

Hackread – Cybersecurity News, Data Breaches, AI and More

The FBI has issued a warning to gamers about malware embedded in certain Steam games that has been stealing sensitive browser data and draining cryptocurrency wallets. This malicious activity reportedly took place between May 2024 and January 2026, affecting users who downloaded these compromised games. The malware exploits vulnerabilities to access personal information, making it a significant concern for the gaming community, especially as the popularity of cryptocurrencies continues to rise. Gamers are advised to be cautious about the games they download and to monitor their cryptocurrency accounts for any unusual activity. This incident underscores the need for heightened security awareness among gamers.

Mar 16, 2026

GlassWorm Malware Evolves to Hide in Dependencies

darkreading

Researchers have discovered a new evolution of the GlassWorm malware, which now includes several malicious browser extensions that employ advanced evasion techniques. These extensions can hide within legitimate software dependencies, making them harder to detect. Users of affected browsers are at risk, as these extensions can compromise their systems by stealing sensitive information or enabling unauthorized access. This development is particularly concerning for organizations that rely on various web applications, as it can lead to significant data breaches if not addressed. Companies and users should remain vigilant and ensure their security measures are up-to-date to combat this growing threat.

Mar 16, 2026