Tag Archive for: Chinabased

Evolving China-based cyberwarfare demands greater regional resilience

/in


In a speech at this year’s Shangri-La Dialogue, hosted by the International Institute for Strategic Studies in Singapore, Australian Prime Minister Anthony Albanese set out a balanced approach to handling China’s aggressive regional expansion: ‘Australia’s goal is not to prepare for war,’ he said, ‘but to prevent it through deterrence and reassurance and building resilience in the region.’

He went on to say that Australia and its regional allies need to ‘make it crystal clear that when it comes to any unilateral attempt to change the status quo by force, be it in Taiwan, the South China Sea, the East China Sea or elsewhere, the risk of conflict will always far outweigh any potential reward’.

China has recently shown a greater willingness to test the boundaries of physical confrontation. In the cyber domain, however, it has long engaged in aggressive tactics, where the rewards significantly outweigh the potential risks. This is bad news for Australian government organisations, local companies and their counterparts across Southeast Asia, which are having to divert significant resources to protect themselves against evolving Chinese cyber espionage, intellectual property theft and other cyberattacks.

CrowdStrike Intelligence is highly confident that China-nexus adversaries will continue to target both Southeast Asia and Australia in the government, telecommunications, military and civil-society sectors in support of national intelligence-collection priorities. We also expect to see a ramping up of cyber espionage in the AUKUS area as Australia strengthens its defence ties with the US and UK.

Concern around China-based cyber activity has only grown. The extraordinary disclosure in May that VANGUARD PANDA (better known as Volt Typhoon), a China-sponsored adversary group, had been lying dormant in US critical infrastructure networks for at least months suggests persistent assertiveness from China-based cyber actors in support of China’s cyber goals.

To reference the prime minister’s assessment, building resilience and reassurance is vital to deterring such attacks. Understanding more about China-based cyber activities in the region is an important place to…

Source…

Explained | How did a China-based hacking group compromise Microsoft’s cloud security? 

/in


The story so far: In July, Microsoft said that a China-based hacking group breached U.S. government-linked email accounts. The company said the group identified as Storm-0558, gained access to email accounts of 25 organisations, including Western European government agencies, email accounts from top American officials such as Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink. The attacks stemmed from the compromise of a Microsoft engineer’s corporate account. The company further explained that hackers were able to extract a cryptographic key from the engineer’s account to access into email accounts. The flaw has been fixed now.

When did the attacks start?

The attack on email accounts of American government officials was first noticed when customers reported abnormal activity on June 16. Microsoft then began an investigation which revealed that from May 15, Storm-0558 gained access to email accounts affecting approximately 25 organisations in the public cloud including government agencies as well as related customer accounts of individuals associated with them.

What is Storm-0558?

Microsoft Threat Intelligence “with moderate confidence” assessed that Storm-0558 is a China-based threat actor with activities and methods consistent with espionage objectives. The group is thought to operate as its own distinct group and its core working hours are consistent with working hours in China, Microsoft said in a blog post.

In the past, the group has been seen to have primarily targeted U.S. and European diplomatic, economic, and legislative governing bodies, and individuals connected to Taiwan and Uyghur geopolitical interests. The group has been targeting Microsoft accounts since August 2021 and had reportedly obtained credentials for initial access through phishing campaigns and exploited vulnerabilities in public-facing applications to gain access to victims’ networks.

How did the threat actors breach Microsoft’s security?

The China-based threat actor was able to compromise Microsoft’s cloud security systems by using an acquired MSA key to forge tokens to access Outlook Web Access…

Source…

Microsoft warns about China-based hacking group that’s up to no good (again)

/in


Microsoft logoSource: Daniel Rubino / Windows Central

The China-based group of hackers associated with the SolarWinds Serv-U exploits from mid 2021, referred to as “DEV-0322” by Microsoft, is back in the limelight thanks to its efforts to compromise systems utilizing ZOHO ManageEngine ADSelfService Plus software.

DEV-0322’s latest activities appear to have a wide net of targets, including those in “the Defense Industrial Base, higher education, consulting services, and information technology sectors,” according to Microsoft. The tech giant first spotted the China-based hackers’ new operation on September 22, 2021, meaning the dangers have been around for a while now. You can read an in-depth breakdown of the activity Microsoft detected and a host of other technical information over at the company’s blog post wherein it gives an overview of the threat actor’s work as well as what you, the potentially affected individual, can do to suss out whether you’ve been compromised.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

DEV-0322 is one of many, many groups Microsoft is keeping an eye on. In the company’s 2021 Digital Defense Report, it gave details on malicious operations originating from all over the planet, including North Korea, Iran, South Korea, Turkey, and Vietnam. China was also on the list, as was Russia, with the latter nation managing to claim Microsoft’s troublemaker-of-the-year award thanks to its 2020 and 2021 SolarWinds activities, among other attacks.

China worked hard to stay on Microsoft’s radar as well, however, gaining recognition in the aforementioned report for its cyberattack efforts, including one that may have been used to harvest data for secret AI projects.

We may earn a commission for purchases using our links. Learn more.

Source…

New cybersecurity report says China-based group is hacking Asia-Pacific governments – CNBC

/in
  1. New cybersecurity report says China-based group is hacking Asia-Pacific governments  CNBC
  2. Amid Coronavirus Cyber Attacks, a New Report Sheds Light on a Major Chinese Hacking Group  Mother Jones
  3. Naikon, Group Tied to China’s Military, Deploys Debilitating New Cyberattack Tool  The New York Times
  4. Morrison government slams Chinese ‘spy’ rumours  Herald Sun
  5. Chinese hackers attack Australia using ‘invisible’ tool  Tweed Daily News
  6. View Full Coverage on read more

“chinese hackers” – read more