ESET Research analyzes tools from the China-aligned TheWizards group, with targets across Asia and the Middle East
SAN DIEGO, April 30, 2025 (GLOBE NEWSWIRE) -- ESET researchers have analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks by the China-aligned threat actor TheWizards. Spellbinder enables adversary-in-the-middle attacks through IPv6 stateless address autoconfiguration spoofing, which allows the attackers to redirect the update protocols of legitimate Chinese software to malicious servers. Then the legitimate software is tricked into downloading and executing the malicious components that launch the backdoor WizardNet.
TheWizards has been constantly active since at least 2022 until the present and, according to ESET telemetry, targets individuals, gambling companies, and unknown entities in the Philippines, Cambodia, the United Arab Emirates, mainland China, and Hong Kong.
'We initially discovered and analyzed this tool in 2022, and observed a new version with a few changes that was deployed to compromised machines in 2023 and 2024,' says ESET researcher Facundo Muñoz, who analyzed Spellbinder and WizardNet. 'Our research led us to discover a tool used by the attackers that is designed to perform adversary-in-the-middle attacks using IPv6 SLAAC spoofing to intercept and reply to packets in a network, allowing the attackers to redirect traffic and serve malicious updates to legitimate Chinese software,' explains Muñoz.
The final payload in the attack is a backdoor that we named WizardNet – a modular implant that connects to a remote controller to receive and execute .NET modules on the compromised machine. ESET researchers have focused on one of the latest cases, in 2024, in which the update of Tencent QQ software was hijacked. The malicious server that issues the update instructions is still active. This variant of WizardNet supports five commands, three of which allow it to execute .NET modules in memory, thus extending its functionality on the compromised system.
TheWizards and the Chinese company Dianke Network Security Technology (also known as UPSEC) – supplier of the DarkNights backdoor (also known as DarkNimbus), appear to be linked. According to NCSC UK, this malicious backdoor also has Tibetan and Uyghur communities among its primary targets. While TheWizards uses a different backdoor – the WizardNet, the hijacking server is configured to serve DarkNights to updating applications running on Android devices.
For a more detailed analysis and technical breakdown of TheWizards' tools, check out the latest ESET Research blogpost ' TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks ' on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.
About ESET
ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown — securing businesses, critical infrastructure and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow our social media, podcasts and blogs.
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/e64e1152-5dee-4ed7-ad08-e0d87d089a16
Media contact: Jessica Beffa [email protected] 720-413-4938
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNBC
39 minutes ago
- CNBC
Jim Cramer says Nvidia chips could give the U.S. leverage in the trade war with China
CNBC's Jim Cramer on Wednesday said graphics chips from artificial intelligence powerhouse Nvidia could give the U.S. leverage in the ongoing trade war with China. "If Trump's wants to win this game, he may have to show his trump card, Nvidia. As I see it, the others just don't make for a good hand," he said. "You have to play with the cards you've been dealt, and for decades, our government did everything it could to encourage outsourcing to China. They left us with a pretty lousy darn hand, both Republicans and Democrats." Trade tensions between the U.S. and China have been high since President Donald Trump threatened to hit Chinese imports with sky-high tariffs. While the U.S. has agreed to a 90-day pause on the new duties, relations remain tenuous. Trump wrote in a Wednesday social media post that it is "extremely hard" to make a deal with Chinese President Xi Jinping, days after the White House indicated the two may speak this week. Cramer pointed to a few U.S. exports he thinks China wants — natural gas, Boeing planes, turbines for power plants and Nvidia products. He dubbed Nvidia the "one ace in our hand," but said the Trump administration doesn't want to play it. The White House announced strict regulations on Nvidia's exports to China — which CEO Jensen Huang said will cause his company to lose billions and hinder the U.S. from being a global leader in AI. Big business across the U.S. relies heavily on Chinese manufacturers, despite efforts to diversify their supply chains, Cramer lamented. He named Apple, Target, Stanley Black & Decker, Best Buy and Walmart as some prominent names scrambling to adjust to the new trade landscape. "President Trump better be a much tougher negotiator than President Xi, because right now we're so hooked on China it's almost hard to believe," Cramer said. The White House did not immediately respond to request for comment. Click here to download Jim Cramer's Guide to Investing at no cost to help you build long-term wealth and invest The CNBC Investing Club Charitable Trust owns shares of Nvidia and Apple.
Yahoo
an hour ago
- Yahoo
Rivian Stock Dips Below $15: Should You Buy?
Rivian is struggling to grow deliveries but is improving cash burn. The company has a lot of cash and a partnership with Volkswagen. It is aiming to grow production, but is in a tough spot trying to increase customer demand. 10 stocks we like better than Rivian Automotive › Excitement around electric vehicles (EVs) has waned, at least in the United States. Tesla has lost its growth profile and is struggling to ship more units to customers. Chinese brands are taking increasing share in markets outside the United States. One EV upstart stuck in the mud is Rivian Automotive (NASDAQ: RIVN). The maker of high-end trucks and SUVs is experiencing falling deliveries to customers and is struggling to generate positive cash flow. The stock has fallen back below $15 as I write this, and is well off all-time highs from near its initial public offering. Does this make the stock a good buy-the-dip candidate today? The narrative around Rivian Automotive is sound. It is building premium EVs in America, tackling the high-end truck and SUV market, which has strong profit characteristics. It's got new factories under construction and more affordable vehicles coming down the line. And don't forget its EV delivery van product, which has a huge contract from Amazon -- an investor in the company -- as well as other buyers. These tailwinds are not showing up in the numbers today. Rivian expects to deliver 40,000 to 46,000 vehicles this year, compared to 51,579 in 2024. Demand seems to be waning for Rivian vehicles as it serves the high end of the EV space in the United States, which is quite niche. This is a problem that also happened to Tesla before it introduced its more affordable vehicles. Rivian hopes the same can occur with its upcoming R2 product, with plans for a starting price of $45,000. Encouragingly, Rivian has increased its profitability, bringing gross profit to a positive figure in the last two quarters. However, free cash flow is still deeply negative at a $1.86 billion burn over the last 12 months. The company needs more scale and better efficiency in order to build a sustainable business. It has made some progress in this regard, but still has a long slog ahead. Rivian's cash burn is ugly, but it has a lot of funding sources to help it keep building its production capacity over the next few years. There is still $7.2 billion in cash on the balance sheet, along with funding commitments from Volkswagen as part of a joint venture and a proposed $6.6 billion loan from the U.S. government. Volkswagen is a development and software partner for Rivian and plans to invest billions into the stock if Rivian can hit operational and gross profit milestones. Last quarter, Rivian saw a huge increase in its software and services revenue to $318 million compared to $88 million a year prior. A lot of this came from $167 million in revenue from the Volkswagen joint venture, which should help the company get closer to profitability. The segment had positive gross profit of $114 million last quarter. Overall, Rivian will need to get increased scale in its automotive business in order to generate positive free cash flow and become sustainable. It generated a slight gross profit for the automotive segment of $92 million last quarter, which is great progress compared to the ugly figures in years prior. Automotive gross margin was 10% last quarter. This figure will need to grow in the coming years to keep the company improving. If Rivian can return to growing deliveries with its upcoming cheaper models, there is a path to solid profit generation. Rivian generated $5 billion in revenue in 2024 even though its total deliveries were only around 50,000. If total deliveries can grow to 250,000 -- Tesla is close to 2 million, for reference -- I think $20 billion in revenue is possible. A 10% bottom-line net income margin that could occur once gross margin gets higher than today would equate to $2 billion in annual earnings. Given that, a current market cap of $16.6 billion looks mighty cheap. But how likely is the company to return to growth? I am not sure investors should be confident in this occurring. Competition is fierce in the EV space. You have Tesla, legacy competitors, Chinese players selling outside the United States, and other upstart EV brands trying to win customer loyalty. Rivian has a good product, but that does not necessarily mean it can compete and win in this market at scale, which it needs to do in order to succeed. It looks to me like Rivian's product demand is much lower than initially thought, which should keep investors away from the stock. If the company cannot scale customer demand, it will likely never generate a profit, making this a risky stock to buy today. Before you buy stock in Rivian Automotive, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and Rivian Automotive wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $656,825!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $865,550!* Now, it's worth noting Stock Advisor's total average return is 994% — a market-crushing outperformance compared to 172% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 2, 2025 John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Brett Schafer has positions in Amazon. The Motley Fool has positions in and recommends Amazon and Tesla. The Motley Fool recommends Volkswagen Ag. The Motley Fool has a disclosure policy. Rivian Stock Dips Below $15: Should You Buy? was originally published by The Motley Fool Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
an hour ago
- Yahoo
Skilled Immigrants are skipping the H-1B process and choosing faster paths to the Green Card
San Francisco, CA, June 04, 2025 (GLOBE NEWSWIRE) -- For many skilled professionals hoping to live and work in the United States, EB1A Experts know that the H-1B visa has long been the most familiar route. But these days, it's less of a clear path and more of a gamble. A lottery-based selection process, employer dependence, and long delays in getting permanent residency have made the journey frustrating and worrying for some. At this point of time, the need of the hour for skilled professionals is to look beyond this traditional route to secure a standard path to work and thrive in the United States. H-1B by the Numbers In 2024, the U.S. received 758,994 eligible registrations for the lottery. Still, only 65,000 visas were available under the regular cap, and another 20,000 were set aside for those with a U.S. master's degree or higher. That left more than 85% of applicants without a way challenges aren't over even for those who make it through the lottery. H-1B workers are legally tied to their sponsoring employers. Changing jobs requires paperwork, risk, and sometimes a process restart. When applying for a green card, the wait in categories like EB2 or EB3 can stretch across a decade or more, especially for Indian and Chinese professionals with solid careers and long-term goals, the H-1B route feels increasingly out of step with reality. A Better Option: The EB1A Green Card The EB1A green card is for individuals with substantial achievements in their fields. That could mean industry recognition, influential work, published research, leadership roles, or any combination. While it was once seen as an elite category for award winners or global figures, it's now accessible to more people than ever, especially in high-growth fields like AI, engineering, and data biggest difference? EB1A doesn't require employer sponsorship. Applicants can file independently. The process is also faster, with many receiving decisions swiftly. When premium processing is used. And the criteria, though rigorous, are clearly outlined. You have a shot if you meet at least three out of short, it's a path that rewards merit, not randomness. Why is this shift happening now There are a few reasons why more professionals are moving toward EB1A instead of waiting on H-1B or green card queues: The H-1B lottery is unpredictable, and getting selected is far from guaranteed. Green card backlogs are growing, with no apparent signs of policy reform in the short term. Skilled workers are building stronger profiles — leading major projects, publishing, and gaining recognition in ways that align with EB1A standards. More information and support are available, making the EB1A process less intimidating and achievable. This isn't just a workaround — it's a more innovative strategy that more professionals are beginning to understand. The Role of EB1A Experts One company helping lead this shift is EB1A Experts, a service that focuses exclusively on helping tech professionals prepare and apply for the EB1A green card. Instead of the existing generic approaches, the team uses a structured process supported by AI Turing, which evaluates each client's background against past USCIS approvals and identifies areas to model is designed around precision: matching each applicant's work to the proper EB1A criteria and building a clear, evidence-backed profile. Some key results: Over 92% approval rate Criteria specific teams End-to-end profile-building support in the most comprehensive way The company doesn't promise shortcuts but offers structure, speed, and clarity in a process that's often confusing and overwhelming. What comes next As more skilled immigrants realize they don't have to stay stuck in the H-1B loop, the EB1A pathway is becoming more than just an alternative—it's a first choice. This shift reflects a broader shift in how global talent approaches U.S. immigration: not as something left to chance but as a process that can be managed strategically. The demand for faster, flexible options will only grow. Professionals who understand their options early will have an edge, not just in how they build their careers but also in how they shape their lives in the U.S. CONTACT: Shazir Mucklai Imperium AI 2144225414 shazir at while retrieving data Sign in to access your portfolio Error while retrieving data Error while retrieving data Error while retrieving data Error while retrieving data
