Chinese hackers abuse Microsoft APP-v tool to evade antivirus

The Chinese APT hacking group “Mustang Panda” has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. This technique was discovered by threat researchers at Trend Micro, who track the threat group as Earth Preta, reporting that they have verified over 200 victims since 2022. Mustang Panda’s targeting scope, based on Trend Micro’s visibility, includes government entities in the Asia-Pacific region, while the primary attack method is spear-phishing emails that appear to come from government agencies, NGOs, think tanks, or law enforcement.

US military and defense contractors hit with Infostealer malware

Despite their multi-billion dollar budgets, US agencies have been infected by Infostealer malware, and have had credentials and information stolen from official devices. A report from Hudson Rock has revealed for as little as $10 per computer, criminals can ‘purchase stolen data from employees who work in classified defense and military sectors’. Infostealers are a type of malware that has developed as a crucial tool for cybercriminals. As the name suggests, they gather sensitive information stored on a victim’s device, usually to leverage in identity theft, extortion, or financial fraud – but in this case, it’s likely to be confidential or classified data, potentially relating to national security.

Pro-Russia Hackers NoName057(16) Hit Italian Banks and Airports

A pro-Russia hacker group, NoName057(16), has launched a wave of DDoS (distributed denial-of-service) attacks targeting key Italian organizations. Early on Monday, the group disrupted the websites of major airports in Milan, including Linate and Malpensa, as well as the Transport Authority, the Intesa San Paolo bank and the ports of Taranto and Trieste. The attacks were reportedly minor, with the Italian National Cybersecurity Agency (ACN) stepping in swiftly to mitigate disruptions. Officials confirmed that services were restored quickly, with no significant impact on operations.

VC Company Insight Partners Hacked

Private equity and venture capital company Insight Partners revealed on Tuesday that it was recently targeted in a cyberattack that involved unauthorized access to its information systems.  According to Insight Partners, hackers gained access to its systems through a sophisticated social engineering attack. The breach was detected on January 16, 2025, and the company believes the attacker was kicked out the same day.  However, the investment giant admitted that it will take several weeks to complete its investigation into the scope of the incident. 

Google now allows digital fingerprinting of its users

In the ongoing saga that is Google’s struggle to replace tracking cookies, we have entered a new phase. But whether that’s good news is another matter. For years, Google has been saying it will phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams. But it’s not been straight forward for Google. As we reported in July, 2024, the tech giant said that due to feedback from authorities and other stakeholders in advertising, Google was looking at a new path forward in finding the balance between privacy and an ad-supported internet.