Tag Archive for: chinese

Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack, ET Telecom

/in


Boston: In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior US officials including Commerce Secretary Gina Raimondo. The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple US agencies that deal with China. It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem. Microsoft products “underpin essential services that support national security, the foundations of our economy, and public health and safety.”

The panel said the intrusion, discovered in June by the State Department and dating to May “was preventable and should never have occurred,” blaming its success on “a cascade of avoidable errors.” What’s more, the board said, Microsoft still doesn’t know how the hackers got in.

The panel made sweeping recommendations, including urging Microsoft to put on hold adding features to its cloud computing environment until “substantial security improvements have been made.”

It said Microsoft’s CEO and board should institute “rapid cultural change” including publicly sharing “a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.”

In a statement, Microsoft said it appreciated the board’s investigation and would “continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries.”

In all, the state-backed Chinese hackers broke into the Microsoft Exchange Online email of 22 organisations and more than 500 individuals around the world including the US ambassador to China, Nicholas Burns – accessing some cloud-based email boxes for at least six weeks and downloading some…

Source…

What is Volt Typhoon? A cybersecurity expert explains the Chinese hackers targeting US critical infrastructure

/in


Volt Typhoon is a Chinese state-sponsored hacker group. The United States government and its primary global intelligence partners, known as the Five Eyes, issued a warning on March 19, 2024, about the group’s activity targeting critical infrastructure.

The warning echoes analyses by the cybersecurity community about Chinese state-sponsored hacking in recent years. As with many cyberattacks and attackers, Volt Typhoon has many aliases and also is known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite and Insidious Taurus. Following these latest warnings, China again denied that it engages in offensive cyberespionage.

Volt Typhoon has compromised thousands of devices around the world since it was publicly identified by security analysts at Microsoft in May 2023. However, some analysts in both the government and cybersecurity community believe the group has been targeting infrastructure since mid-2021, and possibly much longer.

Volt Typhoon uses malicious software that penetrates internet-connected systems by exploiting vulnerabilities such as weak administrator passwords, factory default logins and devices that haven’t been updated regularly. The hackers have targeted communications, energy, transportation, water and wastewater systems in the U.S. and its territories, such as Guam.

In many ways, Volt Typhoon functions similarly to traditional botnet operators that have plagued the internet for decades. It takes control of vulnerable internet devices such as routers and security cameras to hide and establish a beachhead in advance of using that system to launch future attacks.

Operating this way makes it difficult for cybersecurity defenders to accurately identify the source of an attack. Worse, defenders could accidentally retaliate against a third party who is unaware that they are caught up in Volt Typhoon’s botnet.

Why Volt Typhoon matters

Disrupting critical infrastructure has the potential to cause economic harm around the world. Volt Typhoon’s operation also poses a threat to the U.S. military by potentially disrupting power and water to military facilities and critical supply chains.

FBI Director…

Source…

US authorities charge seven over Chinese hacking

/in


The US Department of Justice (DoJ) has unsealed an indictment charging seven Chinese nationals with conspiracy to commit computer intrusions and conspiracy to commit wire fraud, alleging their involvement in the state-backed APT31 hacking group over a 14-year period.

Concurrent with new sanctions issued today by deputy prime minister Oliver Dowden, APT31 is accused by the Americans of a wide-ranging campaign of espionage furthering the intelligence objectives of the Chinese government.

Those named are Ni Gaobin, 38; Weng Ming, 37; Cheng Feng, 34; Peng Yaowen, 38; Sun Xiaohui, 38; Xiong Wang, 35; and Zhao Guangzong, 38. All are believed to be located in China, and it is highly unlikely they will face a court.

“Over 10,000 malicious emails, impacting thousands of victims, across multiple continents. As alleged in today’s indictment, this prolific global hacking operation – backed by the People’s Republic of China government – targeted journalists, political officials and companies to repress critics of the Chinese regime, compromise government institutions and steal trade secrets,” said US deputy attorney general Lisa Monaco.

“The Department of Justice will relentlessly pursue, expose and hold accountable cyber criminals who would undermine democracies and threaten our national security.”

Attorney general Merrick Garland added: “The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses.

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies”
Merrick Garland, US attorney general

The US said it was pulling back the curtain on China’s vast hacking…

Source…

Britain summons Chinese charge d’affaires over alleged cyber hacking, ET Telecom

/in


LONDON: Britain on Tuesday summoned the charge d’affaires of the Chinese Embassy in London after accusing Chinese state-backed hackers of stealing data from Britain’s elections watchdog and carrying out a surveillance operation against parliamentarians.

Britain said the Chinese hackers stole the voter registration data – mostly names and addresses – of about 40 million people from the Electoral Commission and tried to break into lawmakers’ emails.

“The (Foreign Office) set out the government’s unequivocal condemnation of Chinese state-affiliated organisations and individuals undertaking malicious cyber activity against UK democratic institutions and parliamentarians,” a spokesperson for Britain’s Foreign Office said in a statement.

A spokesman for Prime Minister Rishi Sunak said on Tuesday the government is close to finalising a new foreign influence registration system that would require anyone working undeclared for a foreign country in the so-called “enhanced tier” to declare their activity.

Under Britain’s new National Security Act, individuals, such as lawyers, a public relations company or an undercover spy working for a country in the “enhanced tier” would have to record their activity in a register or face prosecution.

British Deputy Prime Minister Oliver Dowden said on Monday that China’s alleged hacking of British democratic institutions meant there was a “strong case” for including the country in the enhanced tier.

China has denied the spying allegations. The Chinese embassy in London said on Monday the claims said the claims were ”completely fabricated” and it will make “a justified and necessary response”.

The British government has previously said it would be inappropriate to call China a “threat” because it is too simplistic to view relations with the world’s second biggest economy through a single word.

Source…