Yazılar

U.S. Investigates Malware Email Linked to China Targeting Trade Talks

/in /tarafından

U.S. authorities are probing a malware-laden email disguised as coming from Republican Representative John Moolenaar, aimed at infiltrating organizations connected to U.S.-China trade negotiations, the Wall Street Journal reported Sunday.

The July email was sent to trade groups, law firms, and government agencies, asking recipients to review draft legislation. Cyber analysts traced the malware to APT41, a hacking group widely believed to be linked to Chinese intelligence. Opening the attachment would have given hackers deep access to the targets’ systems.

Moolenaar, a vocal critic of Beijing and chair of a congressional committee on U.S.-China competition, said the incident was “another example of Chinese cyber operations aimed at stealing U.S. strategy,” adding: “We will not be intimidated.”

The attack coincided with sensitive trade talks in Sweden, which temporarily extended a tariff truce between Donald Trump and Xi Jinping until their expected November meeting at an Asian economic summit.

The Chinese embassy in Washington denied knowledge of the incident, stressing opposition to all cyberattacks while warning against “smearing others without solid evidence.”

The FBI confirmed it is working with partners to track those responsible. Meanwhile, the Capitol Police are investigating after staff on Moolenaar’s committee noticed unusual inquiries about the fake message.

The episode adds to mounting evidence of Beijing-linked cyber campaigns targeting U.S. institutions to gain insight into trade and national security deliberations.

U.S. Secretly Embeds Trackers in AI Chip Shipments to Detect Diversions to China

/in /tarafından

U.S. authorities have placed hidden location trackers in select shipments of advanced AI chips to monitor potential illegal diversions to China. The tactic, previously unreported, targets high-risk shipments and aims to enforce export restrictions on companies like Nvidia, AMD, Dell, and Super Micro. Trackers are embedded in packaging and sometimes inside the servers themselves, enabling investigators to track products and build cases against violators. The Department of Commerce, FBI, and Homeland Security Investigations may all be involved. While U.S. officials see it as a law enforcement tool, Chinese authorities have criticized such measures as attempts to control technology access.

U.S. Indicts Russian Hacker Behind Qakbot Malware, Unseals Charges Against DanaBot Network

/in /tarafından

The U.S. Department of Justice on Thursday unsealed criminal charges against Russian national Rustam Rafailevich Gallyamov, accusing him of masterminding Qakbot, a long-running malware operation that infected thousands of computers worldwide and facilitated ransomware and cyber fraud schemes.

At the same time, prosecutors also announced charges against 16 individuals allegedly behind the DanaBot malware, part of an international enforcement effort called Operation Endgame.

Qakbot Mastermind Indicted

  • Rustam Gallyamov, 48, of Moscow, is accused of leading a cybercriminal group responsible for developing and deploying Qakbot since the early 2010s.

  • Qakbot was used to:

    • Infect computers with ransomware and other malware

    • Build and operate botnets to control compromised devices

    • Launch further malicious campaigns

  • A federal complaint also seeks the forfeiture of over $24 million in seized crypto and fiat funds linked to the case.

  • The DOJ said Gallyamov remained active in cybercrime operations as recently as January 2025, despite a major 2023 international takedown of Qakbot infrastructure.

  • Gallyamov’s current whereabouts are unknown, and he has not responded to comment requests.

DanaBot Network Brought Down

  • Prosecutors in Los Angeles also unsealed charges against 16 people tied to the DanaBot malware operation.

  • DanaBot has infected more than 300,000 computers globally since 2018 and caused an estimated $50 million in damages.

  • Initially designed to steal banking credentials, DanaBot evolved to include broader information-theft capabilities and enabled unauthorized access for further cybercrime.

  • It was still seeing 1,000 new infections daily across over 40 countries in 2025, according to threat researchers at Black Lotus Labs, a participant in Operation Endgame.

  • This coordinated campaign involved international law enforcement and cybersecurity firms to dismantle infrastructure and arrest perpetrators globally.

Broader Impact

  • These cases illustrate the ongoing and evolving threat of malware and cybercrime, even after major takedowns.

  • The DOJ emphasized that it will continue pursuing cybercriminals operating beyond U.S. borders, often in partnership with global agencies.