this post was submitted on 05 Nov 2025
18 points (100.0% liked)

Europe

7676 readers
644 users here now

News and information from Europe 🇪🇺

(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)

Rules (2024-08-30)

  1. This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
  2. No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
  3. Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
  4. No bigotry, sexism, racism, antisemitism, islamophobia, dehumanization of minorities, or glorification of National Socialism. We follow German law; don't question the statehood of Israel.
  5. Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
  6. If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
  7. Light-hearted content, memes, and posts about your European everyday belong in other communities.
  8. Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
  9. No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)
  10. Always provide context with posts: Don't post uncontextualized images or videos, and don't start discussions without giving some context first.

(This list may get expanded as necessary.)

Posts that link to the following sources will be removed

Unless they're the only sources, please also avoid The Sun, Daily Mail, any "thinktank" type organization, and non-Lemmy social media (incl. Substack). Don't link to Twitter directly, instead use xcancel.com. For Reddit, use old:reddit:com

(Lists may get expanded as necessary.)

Ban lengths, etc.

We will use some leeway to decide whether to remove a comment.

If need be, there are also bans: 3 days for lighter offenses, 7 or 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.

If you want to protest a removal or ban, feel free to write privately to the primary mod account @EuroMod@feddit.org

founded 1 year ago
MODERATORS
federalreverse@feddit.org
poVoq@slrpnk.net
anzo@programming.dev
EuroMod@feddit.org
18
China Hackers Exploit Citrix Gateway to Breach European Telecom (securitybuzz.com)
submitted 10 hours ago by Penguin@lemmy.kde.social to c/europe@feddit.org
0 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.kde.social/post/4886177

Archived/non pay-walled

Here is the original report by Darktrace: Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion

Cybersecurity programs typically focus on protecting core applications and digital assets. But what if the bad guys start targeting trusted defensive measures?

This was the case as reported by Darktrace, a cybersecurity platform provider. Its report sheds light on a sophisticated cyber intrusion linked to Salt Typhoon. The threat actor group is believed to be operated by China's Ministry of State Security, which conducts cyber espionage campaigns against other countries.

The recent attack features a blend of zero-day exploitation and trusted software abuse. In this instance, Salt Typhoon infiltrated a European telecommunications provider through a gateway device. The attackers then executed a familiar—but evolving—arsenal of stealth techniques. These included DLL sideloading and abusing trusted antivirus software—such as Norton, Bkav, and IObit—to mask malicious payloads under legitimate binaries. The campaign also deployed a custom backdoor known as SNAPPYBEE (aka Deed RAT) by using a dual command-and-control channel (HTTP and unidentified TCP) to sustain the covert access.

Darktrace analysts attribute the incident to Salt Typhoon based on overlapping tactics, infrastructure, and malware patterns seen in prior operations by the group. The event underscores a growing trend: nation-state actors are increasingly weaponizing legitimate tools and supply-chain software to bypass traditional security controls and AI-powered detection.

...

Given the current geopolitical relationship between the US and China, attacks like this are sure to keep occurring. The two countries compete in world markets. Plus, mutual distrust exists across economic, technological, and military domains.

This campaign also symbolizes broader China-linked cyber operations targeting telecom and communications infrastructure as part of its strategic intelligence-gathering efforts.

“Organizations should expect stealthy activity that blends with normal operations when facing Salt Typhoon,” said Jason Soroko, a Senior Fellow at Sectigo, a provider of comprehensive certificate lifecycle management.”

As this attack illustrates, there has been a shift toward stealth-driven espionage. Attackers now rely less on malware volume. Their focus has turned to exploiting the trust woven into enterprise systems. The time has arrived to apply the zero-trust paradigm to cybersecurity defenses.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here