Latest Insights

Reverse Engineering a Siemens Programmable Logic Controller for Funs and Vulns (CVE-2024-54089, CVE-2024-54090, & CVE-2025-40757)

Under the sweltering heat of the Hong Kong summer, we entered a looming building and kicked off what was supposed to be a simple penetration test. Little did we know, this ordeal would lead to panic-stricken emails, extra reports, and a few new CVEs. This is a tale of the unexpected discovery of three CVEs…

12th September 2025

The Dark Side of SEO: Negative SEO Attacks Targeting Businesses in Asia

In June 2025, DarkLab discovered unusual search results indexed on a popular Hong Kong online platform. This led to our deep dive into another form of DNS abuse impacting legitimate entities; negative SEO. This form of SEO poisoning is known to be typically conducted by competitors as a means to damage reputation or ‘flood out’…

10th July 2025

Lurking Behind the Scenes: Keylogger Sites Impersonate Trusted Brokerage Firms for Account Takeover

In an era where digital security is rapidly evolving, cybercriminals are adapting just as quickly – finding new ways to exploit trust and user behaviour. Recent campaigns targeting stock trading accounts have revealed a critical truth: attackers are no longer just stealing credentials – they are orchestrating full account takeovers to commit high-impact financial fraud.…

6th June 202512th June 2025

Don’t do crime CRIME IS BAD – LockBit Ransomware Hacked, Exposing Operational Data

LockBit really can’t catch a break. Following a year of law enforcement disruptions and loss of affiliate base, the world mostly recently witnessed one of the most notorious Ransomware-as-a-Service (RaaS) gangs hit by yet another setback – they’ve been hacked. On a gloomy Thursday morning, our analysts awoke to news of LockBit’s hack – and…

12th May 202513th May 2025

Redirected, Taken Over, & Defaced: Breaking Down the Attacks Abusing Legitimate Hong Kong Websites

Last week, we shared our observations regarding active attacks weaponising trusted Hong Kong domains to serve users to suspicious content for SEO manipulation purposes. Collectively, we have observed over 70 cases of open redirect attacks, web defacements, and/or subdomain takeovers in Hong Kong between January and April 2025. These attacks, specifically those related to online…

22nd April 2025

Redirected, Taken Over, & Defaced: Legitimate Hong Kong Websites Abused to Serve Users to Online Gambling and Adult Content

Per our continuous monitoring, Dark Lab has tracked multiple open redirection, site takeovers, and defacement cases weaponising Hong Kong organisations’ websites. Typically exploited to serve users to adult content, online gambling, and/or phishing sites, these attacks pose significant risks to organisations – including reputational damage, loss of user trust, and potential legal implications. In cases…

14th April 2025

Something went wrong. Please refresh the page and/or try again.