ESET reports China-aligned LongNosedGoblin spying on government networks in Southeast Asia & Japan using Group Policy and cloud-based malware control.
Category: cybercrime/malcode
Clop ransomware targets Gladinet CentreStack in data theft attacks
The Clop ransomware gang (also known as Cl0p) is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign.
Gladinet CentreStack enables businesses to securely share files hosted on on-premises file servers through web browsers, mobile apps, and mapped drives without requiring a VPN. According to Gladinet, CentreStack “is used by thousands of businesses from over 49 countries.”
Since April, Gladinet has released security updates to address several other security flaws that were exploited in attacks, some of them as zero-days.
France arrests Latvian for installing malware on Italian ferry
French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled them to remotely control the vessel.
As the Paris prosecutor’s office announced this week, a Bulgarian national has been released without any charge, while a Latvian suspect who recently joined the crew of the Fantastic ferry (owned by Italian shipping company Grandi Navi Veloci) remains detained and was transferred to Paris on Sunday.
The Latvian crew member now faces charges of conspiring to infiltrate computer systems on behalf of a foreign power after a remote access tool was discovered aboard the ferry, as Le Parisien first reported.
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab.
“Kimwolf is a botnet compiled using the NDK [Native Development Kit],” the company said in a report published today. “In addition to typical DDoS attack capabilities, it integrates proxy forwarding, reverse shell, and file management functions.”
The hyper-scale botnet is estimated to have issued 1.7 billion DDoS attack commands within a three-day period between November 19 and 22, 2025, around the same time one of its command-and-control (C2) domains – 14emeliaterracewestroxburyma02132[.]su – came first in Cloudflare’s list of top 100 domains, briefly even surpassing Google.
France arrests suspect tied to cyberattack on Interior Ministry
French authorities arrested a 22-year-old suspect on Tuesday for a cyberattack that targeted France’s Ministry of the Interior earlier this month.
In a statement issued by Public Prosecutor Laure Beccuau, officials said the suspected hacker was arrested on December 17, 2025, as part of an investigation into the attack.
“A person was arrested on December 17, 2025, as part of the investigation opened by the cybercrime unit of the Paris public prosecutor’s office, on charges including unauthorized access to an automated personal data processing system implemented by the State, committed by an organized group, following the cyberattack against the Ministry of the Interior,” reads the statement translated into English.