Tag Archive for: chinese

Chinese Hackers Indicted in New York for Targeting Government

/in


(TNS) — A band of hackers sent a years-long barrage of malicious e-mails to U.S. politicians, government officials, and private companies as part of a Chinese espionage and intelligence operation, federal prosecutors in Brooklyn said.

The feds on Monday announced the indictment of seven members of a Chinese state-run hacking operation, known in the cyber security community as Advanced Persistent Threat 31, running out of Wuhan since 2010. The indicted suspects all live in China, and have not been arrested by U.S. law enforcement agents.

The group sent tens of thousands of phishing e-mails to government and political officials in the U.S., as well as their family members and other contacts, usually pretending to be from prominent American journalists, according to the indictment.


The e-mails had links to what looked like real news articles, but opening the e-mail would activate a tracking link, sending location, device and network data back to a server controlled by the hackers.

They’d then use that info to target home routers and electronic devices, the feds allege.

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies,” Attorney General Merrick Garland said Monday.

The targets included White House officials and their spouses, officials with the departments of Justice, Commerce, Treasury and State, and senators from both parties across 10 states. The hackers also tried their e-mail schemes on defense contractors, political strategists, commentators and advocates, according to the feds.

In May 2020, the hackers targeted staffers for a presidential campaign — the indictment wouldn’t say which campaign — and sent out tracking e-mails to more political campaigns that November, the feds allege.

Dissidents critical of the Chinese government and their supporters also found themselves in the hackers’ crosshairs, the feds said.

They also used custom malware and “zero-day exploits,” so named because they take…

Source…

U.S. and UK Impose Sanctions on APT 31 Chinese Hackers

/in


In a significant move to counter cyber threats, the United States and the United Kingdom have imposed sanctions on a group of China-linked hackers accused of targeting critical infrastructure in the U.S.

The coordinated action includes indictments, sanctions, and a rewards program aimed at curtailing the activities of these cyber operatives.

The U.S. Department of Justice has unsealed indictments against Zhao Guangzong, Ni Gaobin, and five other individuals for their involvement in a series of cyber attacks.

These individuals are believed to be connected to the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), which is allegedly a front for the Chinese Ministry of State Security (MSS).

The Office of Foreign Assets Control (OFAC) of the Department of the Treasury has sanctioned Wuhan XRZ and the two Chinese nationals, Zhao Guangzong and Ni Gaobin, for their roles in the cyber operations.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

These operations have targeted entities within the U.S. critical infrastructure sectors, posing a direct threat to national security.

APT 31: A Chinese Malicious Cyber Group

The hackers are affiliated with the state-sponsored Advanced Persistent Threat group 31 (APT 31), which is known for its sophisticated cyber espionage campaigns.

OFAC’s sanctions are pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, which targets individuals and entities responsible for or complicit in cyber-enabled activities that threaten the U.S.

This action represents a collaborative effort involving the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), the Department of State, and the UK Foreign,…

Source…

Cybersecurity agencies issue warning over Chinese hacking group

/in


Government cybersecurity authorities in the US and allied nations are sounding the alarm bell again over the Chinese hacking group known as Volt Typhoon.

In a joint advisory issued on Tuesday, the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), FBI, and eight international partners warned that the Beijing-backed Volt Typhoon gang may be gearing up for disruptive or destructive cyber strikes targeting critical infrastructure organisations.

“Volt Typhoon has been pre-positioning themselves on US critical infrastructure organisations’ networks to enable disruption or destruction of critical services in the event of increased geopolitical tensions and/or military conflict with the United States and its allies,” the advisory warns.

“This is a critical business risk for every organisation in the United States and allied countries.”

This latest alert comes just over a month after the same coalition of agencies revealed that Volt Typhoon had compromised the networks of multiple critical infrastructure victims in the US.

The alert recommends that organisations prioritise security efforts through tools like the Cybersecurity Performance Goals and engage with designated Sector Risk Management Agencies. It also urges implementing robust logging practices to detect stealthy “living off the land” techniques favoured by Volt Typhoon, which leverage legitimate software to blend into target environments.

Developing comprehensive incident response plans, conducting cybersecurity drills, and hardening supply chains are also highlighted as critical measures to thwart potential Volt Typhoon intrusions and attacks.

The repeated warnings underscore the grave concerns over Volt Typhoon’s capabilities and suspected destructive intentions against critical infrastructure providers in the US and allied nations amid heightened geopolitical tensions.

(Photo by Thomas Kelley)

See also: Nations demand tech firms tackle scammers

Unified Communications is a two-day event taking place in California, London, and Amsterdam that delves into the future of workplace collaboration in a digital world. The comprehensive event is co-located with Digital Transformation Week,…

Source…

Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol and sex

/in


BEIJING — The hotel was spacious. It was upscale. It had a karaoke bar. The perfect venue, the CEO of the Chinese hacking company thought, to hold a Lunar New Year banquet currying favor with government officials. There was just one drawback, his top deputy said.

“Who goes there?” the deputy wrote. “The girls are so ugly.”

So goes the sordid wheeling and dealing that takes place behind the scenes in China‘s hacking industry, as revealed in a highly unusual leak last month of internal documents from a private contractor linked to China’s government and police. China’s hacking industry, the documents reveal, suffers from shady business practices, disgruntlement over pay and work quality, and poor security protocols.

Private hacking contractors are companies that steal data from other countries to sell to the Chinese authorities. Over the past two decades, Chinese state security’s demand for overseas intelligence has soared, giving rise to a vast network of these private hackers-for-hire companies that have infiltrated hundreds of systems outside China.

Though the existence of these hacking contractors is an open secret in China, little was known about how they operate. But the leaked documents from a firm called I-Soon have pulled back the curtain, revealing a seedy, sprawling industry where corners are cut and rules are murky and poorly enforced in the quest to make money.

Leaked chat records show I-Soon executives wooing officials over lavish dinners and late night binge drinking. They collude with competitors to rig bidding for government contracts. They pay thousands of dollars in “introduction fees” to contacts who bring them lucrative projects. I-Soon has not commented on the documents.

Mei Danowski, a cybersecurity analyst who wrote about I-Soon on her blog, Natto Thoughts, said the documents show that China’s hackers for hire work much like any other industry in China.

“It is profit-driven,” Danowski said. “It is subject to China’s business culture — who you know, who you dine and wine with, and who you are friends with.”

China’s hacking industry rose from the country’s early hacker culture, first appearing in the 1990s as citizens bought computers and went…

Source…