Tag Archive for: china

China suspected to be behind Ivanti zero-day exploits

/in


Ivanti is working on a patch to fix two high-impact vulnerabilities allowing attackers to control an affected system.

Attackers have been exploiting two zero-day vulnerabilities affecting the security software provider Ivanti’s products. CISA urged admins to take note of the flaws and added the vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, to the Known Exploited Vulnerabilities catalog, requiring government institutions to remediate the issue.

“When combined, these two vulnerabilities make it trivial for attackers to run commands on the system. In this particular incident, the attacker leveraged these exploits to steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance,” researchers at Volexity said.

However, Ivanti has yet to release a patch for the affected systems. For the time being, the company issued a workaround via its blog.

“We have seen evidence of threat actors attempting to manipulate Ivanti’s internal integrity checker (ICT). Out of an abundance of caution, we are recommending that all customers run the external ICT,” reads Ivanti’s blog.

The zero-days are an authentication bypass and command-injection vulnerabilities that allow attackers to perform a wide array of attacks, including remote code execution and system takeover. According to Ivanti, the company is aware of “less than ten customers” who were impacted by the vulnerabilities.

Ivanti claims to have over 40 thousand customers in total.

Researchers believe that the affected systems may have been exploited as early as December 3rd, 2023. The culprits behind the exploits are suspected to be UTA0178, believed to be a Chinese nation-state-level threat actor.

There‘s little insight into the attacker‘s motives. However, researchers observed threat actors carrying out reconnaissance and system exploration tasks.

“This primarily consisted of looking through user files, configuration files, and testing access to systems. The primary notable activity beyond that was deployment of webshells to multiple systems,” Volexity researchers said.

“>

More…

Source…

China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

/in


The individuals confessed to creating variations of ransomware, enhancing the software through the utilization of OpenAI’s ChatGPT, carrying out vulnerability scans, infiltrating networks to secure access, deploying ransomware, and engaging in extortion.

Chinese media has reported the country’s first major step towards countering the use of ChatGPT as four Chinese individuals have been arrested for developing ransomware using ChatGPT. This is the country’s first instance involving the popular yet officially banned chatbot.

The arrests should not come as a surprise, as cybercriminals have been eager to exploit the AI chatbot for malicious purposes. Those who could not exploit it have created their own versions of the malicious ChatGPT, infamously known as WormGPT and FraudGPT.

According to the South China Morning Post (SCMP), the cyber attackers came under the authorities’ radar after an unidentified company in Hangzhou reported a cybercrime. The hackers demanded 20,000 Tether to unblock/restore access to their systems.

In late November 2023, the police arrested two suspects in Beijing and two in Inner Mongolia. The suspects admitted to writing ransomware versions, optimizing the program using the popular chatbot, conducting vulnerability scans, infiltrating networks to gain access and implanting ransomware, and performing extortion.

The use of ChatGPT, a chatbot developed by OpenAI, is prohibited in China as part of Beijing’s initiatives to limit access to foreign generative artificial intelligence products. In response, China has introduced its own version of ChatGPT named Ernie Bot. However, the report does not provide clear information on whether utilizing ChatGPT is subject to legal charges in China.

According to SCMP’s report, three of the detainees were previously implicated in other criminal activities, including spreading misinformation and selling stolen CCTV footage through deep fake technology.

Despite OpenAI blocking internet protocol addresses in China, Hong Kong, and sanctioned regions such as North Korea and Iran, certain users find ways to bypass these restrictions by using VPNs and obtaining phone numbers from supported…

Source…

4 held in China for using ChatGPT to execute ransomware attack

/in


4 held in China for using ChatGPT to execute ransomware attack

4 held in China for using ChatGPT to execute ransomware attackIANS

Chinese authorities have arrested four people for developing ransomware with the help of OpenAI’s AI chatbot ChatGPT, the first such case in the country.

ChatGPT is not officially available in the country and Beijing has been cracking down on foreign-based AI tech, reports South China Morning Post.

The attack was reported by an unidentified company in Hangzhou, capital of eastern Zhejiang province, which had its systems blocked by ransomware.

The hackers demanded 20,000 Tether, a cryptocurrency stablecoin pegged one-to-one to the US dollar, to restore access, according to Xinhua news agency.

The police arrested two suspects in Beijing and two others in Inner Mongolia, who admitted to “writing versions of ransomware, optimising the program with the help of ChatGPT, conducting vulnerability scans, gaining access through infiltration, implanting ransomware, and carrying out extortion.”

OpenAI has blocked internet protocol addresses in China, Hong Kong and sanctioned markets like North Korea and Iran.

chatGPT

chatGPTIANS

“Some users get around restrictions using virtual private networks (VPNs) and a phone number from a supported region,” according to the report.

In May, police in northwestern Gansu province arrested a man who allegedly used ChatGPT to generate fake news about a train crash and disseminated it online.

In August, Hong Kong police arrested six people who used deepfake technology to create fake images of identification documents used for loan scams targeting banks.

(With inputs from IANS)