CCTR.14.April.24

Technical details relates to ZX backdoor Over the past 90 days, Palo Alto Networks Unit 42 have identified two Chinese advanced persistent threat (APT) groups engaging in cyberespionage activities against entities and member countries associated with the Association of Southeast Asian Nations (ASEAN). The first APT group, Mustang Panda, is believed to have targeted entities in Myanmar, the Philippines, Japan, and Singapore. These campaigns coincided with the ASEAN-Australia Special Summit in March. The second APT group has targeted various government entities in Southeast Asia, including Cambodia, Laos, and Singapore, in recent months. Ref 🤖ShadowRay CVE-2023-48022 CVSS 9.8, is a critical vulnerability in the Ray AI framework used by major tech companies. This vulnerability has been exploited by threat actors since at least September 2023, it allows unauthorized access to sensitive data, posing significant risks such as ransomware attacks and financial fraud. While Anyscale the framework maintainer, emphasizes shared responsibility for security and their plans to introduce authentication in future versions, the vulnerability remains unpatched and disputed for now. Ref 🐍The Checkmarx discovered an attack campaign targeting the software supply chain, affecting number of victims (potentially over 170K users affected). The attackers used various tactics, including creating malicious open-source tools, distributing fake Python packages, and deploying a fake Python packages mirror. This incident highlights the importance of vigilance when installing packages and repositories, emphasizing the need for thorough vetting of dependencies and maintaining robust security practices. Collaboration within the cybersecurity community is crucial in combating such threats. Reg