TrueConf Zero-Day Exploited in Asian Government Attacks by Chinese Hackers
Chinese hackers exploited a zero-day vulnerability in TrueConf video conferencing software to attack government agencies in Asia, compromising a central server used by dozens of government entities.
Key Points
- Chinese hackers exploited zero-day vulnerability in TrueConf video conferencing software
- Compromised central server serving dozens of government entities
- Attackers replaced legitimate updates with malicious code
- Attribution to Chinese threat actors by Check Point researchers
Full Details
Security researchers at Check Point have uncovered a sophisticated cyberattack campaign, dubbed TrueChaos, in which Chinese hackers exploited a zero-day vulnerability in the TrueConf video conferencing platform. The attackers compromised an on-premises TrueConf server operated by a governmental IT department, which served as the video conferencing platform for dozens of government entities across the country. The hackers replaced legitimate software updates with malicious ones, effectively infecting all clients that connected to the compromised server. This attack demonstrates how threat actors abuse trusted relationships between central infrastructure and end users. The incident highlights the significant risks of supply chain attacks in government IT systems and the sophistication of state-sponsored cyber operations targeting Asian governments.
Why It Matters
This attack demonstrates the vulnerability of government supply chains to sophisticated state-sponsored hackers. Organizations should carefully verify software update integrity and implement additional security layers for critical infrastructure.
Get stories like this delivered daily
AI-curated news, personalized to your interests. Zero noise.
Start 7-Day Free Trial →More in Global News
Iran Strait of Hormuz warning adds to shipping uncertainty
Only a few vessels have crossed the strait since the US-Iran ceasefire deal, according to BBC Verify analysis.
Israeli attack kills Al Jazeera journalist Mohammed Wishah in Gaza
Al Jazeera reported that Israel killed seven of its journalists in Gaza in September 2025, a claim the IDF disputes, alleging the reporters were linked to Hamas. Separately, Iranian state media briefly posted a direct threat in Arabic to 'hammer' Al Jazeera's main offices in Doha, including a map of the headquarters, which was deleted hours later but prompted the network to build secret backup studios. The threat is seen as retaliation for US-Israeli attacks on Iranian energy infrastructure amid
Starmer says a lot of work remains to make US-Iran ceasefire hold
The prime minister says fully reopening the Strait of Hormuz would help "stabilise" prices in the UK.
Hegseth: Iran ‘begged’ for ceasefire, claims ‘historic victory’
US Defense Secretary Pete Hegseth claimed a decisive victory over Iran.