A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced “technology suite” that runs the whole cybercrime supply chain spectrum to spearhead its operations.

Infoblox is tracking the proprietor and maintainer under the moniker Vigorish Viper, noting that it’s developed by the Yabo Group (aka Yabo Sports), which has been linked to illegal gambling operations and pig butchering scams in the past. In late 2022, it rebranded as Kaiyun Sports and has since been absorbed into another newly formed entity called Ponymuah.

The suite, marketed in China as “baowang” (“包网,” meaning full package) encompasses several components such as Domain Name System (DNS) configurations, website hosting, payment mechanisms, advertising, and mobile apps. It also hosts thousands of domain names and numerous brands in an infrastructure that’s tied to Hong Kong and China.

Play ransomware’s new Linux variant targets VMWare ESXi, expanding its reach. US leads in victims, with manufacturing and services most affected.

CrowdStrike warns of Remcos RAT malware targeting Latin America amid flawed update crisis causing IT disruptions.

Chinese hacking group APT41 targets global industries in six countries, using sophisticated tactics to steal sensitive data in prolonged cyber attacks.

SolarWinds releases critical security patches for Access Rights Manager software to prevent potential data breaches and code execution.

JAXA has not said who the attackers were, but most cybersecurity observers are pointing the finger at state actors working for China.

“The fact that a space agency was targeted with a sophisticated complex attack indicates a state actor with goals to compromise data, not just gather intelligence or send a political message, with the lead suspect being a China affiliated cyber security private company of some sort,” said Irina Tsukerman, a geopolitical analyst and the president of Scarab Rising, a global strategy advisory firm. “Such an attack is likely the work of either a state-backed independent hacker, possibly part of an intelligence gathering gang, whose methods could potentially be analyzed and compared to prior such attacks, or it could be attributed to a private cybersecurity company, most likely affiliated with China, in which case prior incidents could be harder to detect. The most interesting detail was the description of the attack and the fact that the attacker used several different types of malware and nevertheless went undetected.