UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.

The order says state and local governments should “own” addressing risks like cyberattacks. It’s a mismatch when a small town goes up against China, experts countered.

The sanctions place the companies under a strict licensing regime meant to limit their access to foundational technology for quantum computing, cloud and AI.

The FCC commissioner said letters of inquiry and at least one subpoena have been sent to Chinese-owned companies.

Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.

Sunil Mallik, the CISO of Discover Financial Services.

Dan Lorenc, CEO and co-founder of Chainguard

The Chinese state-backed espionage group started targeting third-party IT services in late 2024, Microsoft researchers said.

A flurry of unsealed indictments reveal China’s alleged well-coordinated effort to use a hacker-for-hire ecosystem to conduct espionage while obscuring the government’s direct involvement.

CrowdStrike observed significant growth in China’s offensive cyber capabilities last year as more groups used sector-specific skills to target critical industries and technologies.