Tag Archive for: ties

Hackers With China Ties Linked to Global Password Thefts

/in


WASHINGTON – A U.S. cybersecurity firm says a hacking group possibly linked to China has breached nine global organizations including at least one in the United States.

The report by Palo Alto Networks of Santa Clara, California, said it found malicious actors were actively stealing passwords from target organizations with the goal of maintaining long-term access.

The report said from September 22 into early October, the hackers compromised at least nine entities in sectors such as technology, defense, health care, energy and education. None is unidentified in the report. One organization is in the United States.

Ryan Olson, vice president of threat intelligence at Palo Alto Networks, said that “any company doing business with the Pentagon could have a range of data in their emails about defense contracts that could be of interest to foreign spies.”

Nicholas Eftimiades, an assistant teaching professor at Penn State University and a former CIA intelligence officer, told VOA Mandarin the tactics used in these attacks are usually employed against foreign governments. In this case, the hacking group used the tactics against commercial interests on a global scale.

Eftimiades added that if these attacks had not been detected, the threat group would have gained access to thousands of companies and been able to conduct espionage from those companies.

The report was released on the Palo Alto Networks website on November 7. The Chinese Ministry of State Security did not respond to VOA’s request for comment.

Olson told CNN, which first reported the breach, that “in aggregate, access to that information can be really valuable,” adding, “even if it’s not classified information, even if it’s just information about how the business is doing.’

Palo Alto Networks said it detected two programs that were used, Godzilla and NGLite.

Both included instructions in Chinese “and are publicly available for download on GitHub,” said the firm’s report. GitHub is used by millions of developers and companies worldwide for many things including sharing computer code.

The cybersecurity firm added that the tactics used in the attacks appear similar to those used by Emissary Panda, a Chinese threat group that has been…

Source…

Zoom merger with Five9 scrutinized over ties to China • The Register

/in


Zoom’s ties to China are at the center of a US government investigation into the video-conferencing giant’s $15bn plan to take over Five9, a California call-center-in-the-cloud.

The snappily titled Committee for the Assessment of Foreign Participation in the United States Telecommunications Service Sector – known as Team Telecom under a previous president – is right now probing the planned acquisition. This interagency panel is chaired by Attorney General Merrick Garland, and has reps from the Pentagon and Homeland Security.

The FCC was reviewing an application [PDF] by Zoom and Five9 as part of the takeover bid until the regulator was asked by Justice Department official David Plotinsky to hold off until the committee had finished scrutinizing the overall deal.

In a letter dated August 27, and spotted this week on the FCC website by the WSJ, Plotinsky told the FCC that the committee is considering whether the acquisition of Five9 poses “a risk to the national security or law enforcement interests of the United States.”

The Dept of Justice “believes that such risk may be raised by the foreign participation (including the foreign relationships and ownership) associated with the application,” he continued, “and a review by the committee is necessary to assess and make an appropriate recommendation as to how the [FCC] should adjudicate this application.”

woman clicks the wrong thing on laptop, covers mouth from shock

Zoom incompatible with GDPR, claims data protection watchdog for the German city of Hamburg

READ MORE

By foreign relationships and ownership, officials are referring to Zoom’s links with Beijing. Not only was its encryption not that strong nor end-to-end, it also was spotted routing connections through China. Zoom promised to beef up its security, especially so when Uncle Sam found the vid-chat giant fell short of those promises.

Zoom also closed the paid-for account of US-based Chinese activists after they held an international Zoom meeting marking the 31st…

Source…

Biden’s response to China hack seen as tepid due to US economic ties with Beijing | Washington Examiner

/in


When the White House announced President Joe Biden rallied American allies to condemn China’s state-sponsored hacking, many in Washington were perplexed as he bypassed more punitive measures.

China’s Ministry of State Security, which U.S. intelligence officials accused of cyber spying and hacking for profit, was behind multiple “zero-day” exploits that breached the Microsoft Exchange Server, prompting Biden’s response. The attacks take advantage of security holes in widely used software, such as the Microsoft Exchange email service, and can operate undetected until the hole is patched.

WHITE HOUSE DEFENDS BIDEN’S ‘COORDINATED’ RESPONSE TO CHINESE GOVERNMENT-SPONSORED HACKERS

Asked this week why Biden seemed to hold off on a stronger condemnation of China, White House press secretary Jen Psaki said, “That was not the intention he was trying to project.”

The effort to coordinate multilateral partners from the United Kingdom, Australia, Canada, New Zealand, Japan, and NATO “was under [Biden’s] direction,” Psaki said. “He continues to feel its important to lead from a position of strength in close coordination with our partners and allies around the world, and he takes the malicious cyber activity — whether it’s from Russia or China, whomever the actors may be — quite seriously.”

She said economic ties with China wouldn’t stop further U.S. retaliation if deemed necessary.

Dmitri Alperovitch, who leads the Silverado Policy Accelerator, a Washington, D.C.-based cybersecurity think tank, questioned Biden’s inconsistent response in a blog post in light of a forceful retaliation to the SolarWinds breach that U.S. intelligence linked to Russia earlier this year.

“Having drawn a red line in the case of the SolarWinds breach … the United States ought to calibrate its responses to subsequent attacks relative to that line,” he wrote. “By every conceivable technical standard, the Exchange hacks were the more damaging and more reckless of the two actions. For the sake of both strategic and normative consistency, the administration should be prepared to impose more serious consequences.”

It is hard to say why the Biden administration has refrained from using…

Source…

Hackers with suspected China ties breached MTA servers in April

/in


Hackers with possible ties to the Chinese government breached three of the MTA’s computer systems earlier this year, transit officials said Wednesday.

The breach occurred on two separate days in the second week of April and continued unchecked until being discovered on April 20, officials said. Hackers did not access systems related to train operations, safety or customer or employee information, the MTA said.

The authority “quickly and aggressively responded to this attack,” MTA Chief Technology Officer Rafail Portnoy said in a statement. An outside audit “found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems,” Portnoy said.

“The MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat,” he added.

To gain access, the hackers took advantage of vulnerabilities in the remote work tool Pulse Connect Secure to breach three systems used by the MTA’s city transit and commuter rail divisions, according to the New York Times, which first reported the breach.

The hackers reportedly left “web shells” to maintain backdoor access to the MTA’s system, the Times said — and also took steps to erase evidence of their intervention.

MTA officials said the federal Cybersecurity and Infrastructure Security Agency ordered “fixes and patches” that were made within 24 hours of the breach’s discovery. Addressing the breach cost the MTA an estimated $370,000, the Times said.

The MTA has 18 total computer systems. About 5 percent of the MTA’s workforce were instructed to change their passwords as a result of April’s breach, officials said.

The attack is one of several this year that cybersecurity experts suspect are backed by the Chinese government, either directly or indirectly, the Times said.

Dozens of government agencies, contractors and financial institutions were hit by the wave of attacks, which were uncovered in late April.

With Post wires

Source…