Chinese Hacking Group Targets IT Service Provider in Espionage Campaign

Cyber Security News by CyberSum.net

Published on October 16, 2025 at 06:00 AM

4 sources

A Chinese threat actor, Jewelbug, has been attributed to a five-month-long intrusion targeting an IT service provider in a country, marking the group's expansion beyond Southeast Asia and South America. The attack, which took place from January to May 2025, involved accessing code repositories and software build systems, potentially for supply chain attacks. The attackers exfiltrated data to a legitimate cloud service to avoid detection. Jewelbug has also been linked to intrusions in a large government organization and a software company, deploying new and advanced backdoors.

Also Read

Cisco SNMP Vulnerability Exploited in Operation Zero Disco

Cybersecurity researchers at Trend Micro have uncovered an active attack campaign called Operation Zero Disco, which exploits a critical vulnerability in Cisco’s SNMP implementation. The vulnerability, tracked as CVE-2025-20352, allows attackers to execute remote code and deploy sophisticated Linux rootkits on vulnerable network devices. The campaign primarily targets older Cisco switch models, enabling persistent unauthorized access and evasion of detection. Attackers use spoofed IP addresses and MAC email addresses to obscure their activities, and the rootkit installs hooks into the IOSd memory space, creating fileless backdoor components that disappear after system reboots but remain active during normal operation.

By Cyber Security News by CyberSum.netOctober 16, 2025 at 03:00 PM