Tag Archive for: Diplomat

China Calls Hacking Report ‘Far-Fetched’ – The Diplomat


China Power | Security | East Asia

The Mandiant report accused a “China-nexus threat actor” of infiltrating the email systems of a wide range of government agencies, trade offices, and academic organizations.

China’s government on Friday rejected as “far-fetched and unprofessional” a report by a U.S. security firm that blamed Chinese-linked hackers for attacks on hundreds of public agencies, schools, and other targets around the world.

A Chinese Foreign Ministry spokesperson repeated accusations that Washington carries out hacking attacks and complained the cybersecurity industry rarely reports on them.

Mandiant’s report came ahead of a visit to Beijing by Secretary of State Antony Blinken aimed at repairing relations that have been strained by disputes over human rights, security, and other irritants. Blinken’s visit was planned earlier this year but was canceled after what the U.S. government said was a Chinese spy balloon flew over the United States.

The report said hackers targeted email to engage in “espionage activity in support of the People’s Republic of China.”

“The relevant content is far-fetched and unprofessional,” said the Chinese spokesperson, Wang Wenbin.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the U.S. government’s political smear against other countries,” Wang said.

The latest attacks exploited a vulnerability in a Barracuda Networks email system and targeted foreign ministries in Southeast Asia, other government agencies, trade offices and academic organizations in Taiwan and Hong Kong, according to Mandiant.

It described the attacks as the biggest cyber espionage campaign known to be conducted by a “China-nexus threat actor” since a 2021 attack on Microsoft Exchange. That affected tens of thousands of computers.

Russia blames US and Apple for hacking diplomat iPhones


 Kremlin

Kremlin

Russia has accused Apple and US intelligence agencies of collaborating to spy on its diplomats by hacking their iPhones.

The Federal Security Service (FSB) issued a statement to say that thousands of Apple devices belonging to Russian diplomats were infected with an unknown malware.

Separately, prominent antivirus firm Kaspersky reported another attack on iOS devices, which Russia’s computer security agency said was linked to the first.

Kaspersky report

A spokesperson for Kaspersky told The Record that “due to the absence of technical details reported,” the security company couldn’t confirm all the findings from the FSB.

Company CEO Eugene Kaspersky did say, though, that the attack it reported was “extremely complex” and “professionally targeted,” adding that, “several dozen iPhones of the company’s employees — both top and middle-management — were impacted.”

The FSB said that the malware also targeted devices outside of Russia and wireless subscribers who use SIM cards registered with diplomatic missions and embassies in Russia. This include those belonging to users located in some NATO bloc countries, as well as Israel, Syria and China.

read more

> PowerPoint files are being hacked to spread this new Russian malware

> Kaspersky hits back after users warned of Russian hacking threats

> Russia hacker group hijacks USB attacks by other criminals

The NSA declined to comment on the accusation from Russia that it colluded with Apple to spy on Russia. An Apple spokesperson said that “We have never worked with any government to insert a backdoor into any Apple product and never will.”

The Russian Ministry for Foreign Affairs also stated that the US was conducting global surveillance, adding that it has “placed itself above the law. No state has a right to abuse its technological capabilities.”

In March this year, Russian officials were told to get rid of their iPhones by Sergei Kiriyenko, First Deputy Chief of Staff of the Presidential Administration, due to the perceived risk of being hacked by western intelligence.

In Kaspersky’s report, the attack can be traced all the way back to 2019, with iOS 15.7 being the most version that the malware can successfully…

Source…

A Recent Chinese Hack Is a Wake-up Call for the Security of the World’s Software Supply Chain – The Diplomat


No one knows, not even the ghosts (人不知,鬼不觉)
-Chinese idiom

It’s perhaps only a coincidence that there’s a famous Chinese saying that neatly summarizes a recent hack on MiMi, a Chinese messaging app. According to recent reports, a Chinese state-backed hacking group inserted malicious code into this messaging app, essentially pulling off the equivalent of the infamous SolarWinds hack. Users of MiMi were served a version of the app with malicious code added, thanks to attackers taking control of the servers that delivered the app. In short, this was a software supply chain attack in which the software delivery pipeline was compromised.

And no one knew for months.

This hack hasn’t gotten much press in Western media, potentially because this appears to be an example of Chinese state surveillance on targets that aren’t in the United States or Europe. That’s a shame because this attack points to a growing trend of software supply chain attacks, even by the Chinese government. Consequently, Western companies and governments should take note and begin preparing defenses.

Admittedly, not all of the details are known (or will ever be known), but forensic code analysis indicates that a particular Chinese state-backed hacking group (sometimes called Lucky Mouse or Iron Tiger) likely took control of servers that allowed users to download the MiMi Chinese chat application, which is aimed at Chinese-speaking users. The hackers then switched out the original software with a malicious version, adding code into the application that fetched and installed malware.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

At that point, the malware, unknown to the user, allowed the attackers to monitor and control the software remotely. This appears to have happened in late 2021 and through the summer of 2022. Interestingly, neither the legitimate application nor the malware were digitally signed, which meant that users had no way of knowing that this software was malicious.

Observers could be forgiven for…

Source…

John Arquilla on the New Challenge of Cyberwarfare – The Diplomat


As we move into the era of 5G networks and the Internet of Things, the challenges of keeping online systems safe and secure is growing ever-more daunting. In parallel, the question of cyberwar is looming larger and larger.

But this is not a new problem. John Arquilla, distinguished professor of defense analysis at the United States Naval Postgraduate School, originally coined the term “cyberwar” over 20 years ago and remains one of the world’s leading experts on the threats posed by cyber technologies to national security. His recent book, “Bitskrieg: The New Challenge of Cyberwarfare” discusses the state of cyberattacks and cybersecurity – and he finds the U.S. critically underprepared for the age of cyberwarfare.

In this interview, Arquilla discusses the future of cyberwar, the potential for cyber arms control, and how best to respond to cyberattacks.

You’ve been discussing cyberwar for 30 years — you even coined the term. But obviously the technologies involved, for both offense and defense, have evolved dramatically since the early 1990s. How has the cyberthreat landscape changed in the past few years, as the Internet of Things and 5G connections become the new normal?

Certainly the scale, pace, and complexity of cyber operations have increased exponentially since the early 1990s. And greater connectivity, especially of physical infrastructures built before the Web and the Net but now connected to them, makes them particularly vulnerable to disruptive malware and other, ever more subtle and hard to detect cyber weapons.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

What hasn’t changed, however, is the fact that attackers still have a considerable edge over defenders, which foretells a period of more active, destabilizing cyberwarfare.

Cyberwarfare is sometimes thought of as an alternative to traditional warfare, but it could be a powerful force booster in a real-world conflict. As you outline, we’ve already seen glimpses of this, for example, in U.S. operations in Iraq and Afghanistan. Can you describe some of the ways cyber operations could be used alongside kinetic operations in a future war?

Source…