Chinese authorities allege a 27-month NSA operation against the China's National Time Service Center. Initial credential theft apparently via a smartphone-messaging exploit. They relese technical details, including information about 80+ remote logins between April 11 and August 3, 2023 to map the network, followed by deployment of a framework and two documented exfiltration runs
The stated objective is long-term espionage and pre-positioning inside China’s national timing infrastructure, explicitly moving toward the high-precision terrestrial timing/navigation system. The target’s mission (generating and distributing national time) is presented as a lever over telecom synchronization, financial timestamping, energy, transport, and defense.
Entry allegedly came via an SMS service vulnerability on a foreign-brand smartphone used by staff, enabling monitoring of employees and theft of workstation credentials. Early access required repeatedly disabling endpoint antivirus. By March–April 2024 attackers upgraded to a persistent stack. Documented lateral movement hit the internet authentication server and firewall; C2 infrastructure includes nodes in the U.S. and Europe (e.g., Germany, France, Finland, Poland, Denmark).
An attempted reach into the high-precision timing system is described, but there is no evidence in the materials of service disruption. China admits to a long-dwell intrusion with credible pathways to operational impact on national time distribution, even if actual disruption is not demonstrated in the provided record.
How to assess it? In a sense, it is a response to political discussions in the US about Chinese cyberattacks and the deployment (prepositioning) of tools in US infrastructure for potential future attacks, such as sabotage. China essentially says that the US is doing the same thing. https://t.co/TN8qZQhZNN
"CVE Foundation Launched to Secure the Future of the CVE Program"
Please note this is not an official CVE Board action, but the action of a rogue group within the CVE Board to try and save the CVE Program.
https://t.co/vkWsjUWZan
https://t.co/8jHSMCZWzH
Has @Oracle explained to anyone how a threat actor got a text file with their email address in the webroot of an OCI login server? Because I feel like if you're gonna deny an incident, that's a REALLY important detail.
https://t.co/EHPXzdCGmw
Oracle Cloud denied the breach—but we dug deeper. In Part 2 of our investigation, CloudSEK validates the leaked data, analyzes threat actor activity, and uncovers evidence you need to see.
Read the full report 👇
https://t.co/ml0kAC22Hx
#CyberSecurity#CloudSecurity
@UK_Daniel_Card@taran_atwal@zscaler yeah that’s a HUGE analytical leap. you don’t see adversaries burning a back door to multiple orgs by selling access to one org for 20k through an individual broker
My old boss did a lot of stupid things, like, proper mental, but the funniest was when he was on the roof of our shop, and looked like he was about to leap the 6-foot distance to one of the other buildings.
I said, "Jim, there's no way you'll make that jump."
🚨9.8 vulnerability reported for Ivanti🚨
Zero Day Initiative reported a 9.8 vuln for Ivanti is incoming. No word on which product.
Someone wanna work on some cyber threat memetelligence? I need coffee… ☕️