BlackBerry uncovers China-backed hacker that how they extracts opened data servers for a decade
BlackBerry Ltd.’s researchers found out that China-backed hackers and groups with links to the Chinese government have been extracting data from many of the world's servers for a decade -- largely without being noticed by cyber security.
According to the report published by BlackBerry, the tactics give the hackers the ability to extract information from huge amounts of valuable data from computers using the Linux operating system.
It should be worrying because Linux dominates the back-end infrastructure of large modern data centers. It runs the stock exchanges in New York, London and Tokyo, and nearly all the big tech and e-commerce giants are dependent on it, including the likes of Google, Yahoo, and Amazon.
#BlackBerry executive Eric Cornelius said that the security industry has missed a major component of tactics used by a well-established hacker umbrella group known as WINNIT, which the company says works with China's government. The novel techniques are used against Linux and even the Android operating system.
Cornelius said the point of these China-backed hacking campaigns is to exfiltrate, or steal, information that the United States has claimed is worth “multiple billions of dollars” in intellectual property.
#China #hacker
Further reading:
https://beta.ctvnews.ca/national/sci-tech/2020/4/8/1_4887770.html
BlackBerry Ltd.’s researchers found out that China-backed hackers and groups with links to the Chinese government have been extracting data from many of the world's servers for a decade -- largely without being noticed by cyber security.
According to the report published by BlackBerry, the tactics give the hackers the ability to extract information from huge amounts of valuable data from computers using the Linux operating system.
It should be worrying because Linux dominates the back-end infrastructure of large modern data centers. It runs the stock exchanges in New York, London and Tokyo, and nearly all the big tech and e-commerce giants are dependent on it, including the likes of Google, Yahoo, and Amazon.
#BlackBerry executive Eric Cornelius said that the security industry has missed a major component of tactics used by a well-established hacker umbrella group known as WINNIT, which the company says works with China's government. The novel techniques are used against Linux and even the Android operating system.
Cornelius said the point of these China-backed hacking campaigns is to exfiltrate, or steal, information that the United States has claimed is worth “multiple billions of dollars” in intellectual property.
#China #hacker
Further reading:
https://beta.ctvnews.ca/national/sci-tech/2020/4/8/1_4887770.html
CTVNews
BlackBerry uncovers hacker tools that it says opened data servers for a decade
BlackBerry Ltd. says its researchers have uncovered how China-backed hackers have been able to extract data from many of the world's servers for a decade -- largely without being noticed by cyber security.
'They are trying to steal everything.' US coronavirus response hit by foreign hackers
The Trump administration is pointing the finger at China for attempting to steal coronavirus research as officials are warning the growing wave of cyberattacks on US government agencies and medical institutions leading the pandemic response by nation states and criminal groups. Hospitals, research laboratories, health care providers, and pharmaceutical companies have all been struck by a surge of daily strikes. Officers have also warned that critical research for Covid-19 vaccines risks being stolen and replicated overseas.
Based on the size and scope of the actions, and other factors such as political reasons, officials point their finger at China for the attacks.
Biomedical research relating to vaccines for treatments for the coronavirus is the most valuable today, not just from a commercial value, but whatever countries, company or research lab develops that vaccine first and is able to produce it is going to have a significant geopolitical success story.
During the coronavirus crisis, attacks from nation states and criminal groups have come in a multitude of forms with numerous different goals: posing as US agency or authority with phishing emails to steal data and information, denial of service, ransomware attacks and disinformation, among others, both on the open internet and darknet.
Google's Threat Analysis Group has identified over a dozen government-backed attacker groups. The attacks did not only target US entities, but also WHO. A co-founder of the Cyber Threat Intelligence League commented that countries like China and Iran "can steal information regarding the coronavirus information that they don't have."
While US Cyber Command, NSA, and CISA (the cyber arm of the Department of Homeland Security) are currently operating with an unprecedented amount of leeway, some lawmakers believe more needs to be done to protect US health organizations and agencies amid the ongoing pandemic.
#hacker #CCP #US #CyberSecurity
Full Article: CNN, (25-Apr)
https://edition.cnn.com/2020/04/25/politics/us-china-cyberattacks-coronavirus-research/index.html
https://en.m.wikipedia.org/wiki/Cybersecurity_and_Infrastructure_Security_Agency
Further reading:
Over 500K Zoom accounts being sold on dark web, researchers find
https://t.me/guardiansofhongkong/19901
Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online
https://wapo.st/3aJdatE
The Trump administration is pointing the finger at China for attempting to steal coronavirus research as officials are warning the growing wave of cyberattacks on US government agencies and medical institutions leading the pandemic response by nation states and criminal groups. Hospitals, research laboratories, health care providers, and pharmaceutical companies have all been struck by a surge of daily strikes. Officers have also warned that critical research for Covid-19 vaccines risks being stolen and replicated overseas.
Based on the size and scope of the actions, and other factors such as political reasons, officials point their finger at China for the attacks.
Biomedical research relating to vaccines for treatments for the coronavirus is the most valuable today, not just from a commercial value, but whatever countries, company or research lab develops that vaccine first and is able to produce it is going to have a significant geopolitical success story.
During the coronavirus crisis, attacks from nation states and criminal groups have come in a multitude of forms with numerous different goals: posing as US agency or authority with phishing emails to steal data and information, denial of service, ransomware attacks and disinformation, among others, both on the open internet and darknet.
Google's Threat Analysis Group has identified over a dozen government-backed attacker groups. The attacks did not only target US entities, but also WHO. A co-founder of the Cyber Threat Intelligence League commented that countries like China and Iran "can steal information regarding the coronavirus information that they don't have."
While US Cyber Command, NSA, and CISA (the cyber arm of the Department of Homeland Security) are currently operating with an unprecedented amount of leeway, some lawmakers believe more needs to be done to protect US health organizations and agencies amid the ongoing pandemic.
#hacker #CCP #US #CyberSecurity
Full Article: CNN, (25-Apr)
https://edition.cnn.com/2020/04/25/politics/us-china-cyberattacks-coronavirus-research/index.html
https://en.m.wikipedia.org/wiki/Cybersecurity_and_Infrastructure_Security_Agency
Further reading:
Over 500K Zoom accounts being sold on dark web, researchers find
https://t.me/guardiansofhongkong/19901
Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online
https://wapo.st/3aJdatE
CNN
'They are trying to steal everything.' US coronavirus response hit by foreign hackers
The Trump administration is pointing the finger at China for attempting to steal coronavirus research as officials are warning they have seen a growing wave of cyberattacks on US government agencies and medical institutions leading the pandemic response by…
#Newspaper
China MSS Guangdong State Security Department Hackers
(7 Jul) The US has officially issued wanted orders towards 2 Chinese hackers, Li Xiaoyu and Dong Jiazhi. It is believed the 2 individuals are currently in China.
According to US courts, these 2 hackers have participated in online espionage for 10 years, trying to irrupt sensitive entities and data including US defense contractors, COVID-19 vaccine researches and information of Hong Kong protestors and their supporters for the Chinese communist party.
Source: FBI
Credit: Hong Kong Echo
#FBI #Hacker #Coronavirus
China MSS Guangdong State Security Department Hackers
(7 Jul) The US has officially issued wanted orders towards 2 Chinese hackers, Li Xiaoyu and Dong Jiazhi. It is believed the 2 individuals are currently in China.
According to US courts, these 2 hackers have participated in online espionage for 10 years, trying to irrupt sensitive entities and data including US defense contractors, COVID-19 vaccine researches and information of Hong Kong protestors and their supporters for the Chinese communist party.
Source: FBI
Credit: Hong Kong Echo
#FBI #Hacker #Coronavirus
Federal Bureau of Investigation
CHINA MSS GUANGDONG STATE SECURITY DEPARTMENT HACKERS | Federal Bureau of Investigation
Unauthorized Access; Conspiracy to Access Without Authorization and Damage Computers; Conspiracy to Commit Theft of Trade Secrets; Conspiracy to Commit Wire Fraud; Aggravated Identity Theft
Japanese media: Chinese People’s Liberation Army suspected instructing hackers to attack about 200 Japanese companies and research institutes
Japan NHK quoted a news and stated, Tokyo police discovered there is a Chinese hacker organisation launched a large-scale cyber-attack on about 200 research institutes and private companies including the Japan Aerospace Exploration Agency (JAXA). The Japanese authorities suspect that these hackers were instructed by the Chinese People’s Liberation Army.
The source revealed to the Japan Broadcasting Association, JAXA has been cyber-attacked in 2016. Tokyo police have targeted a 30-year-old Chinese system engineer, accusing him of being a member of the Chinese Communist Party. He was accused of renting domestic servers under a false name to attack the systems of multiple institutions.
He is alleged to have forwarded these server numbers and related certificates to a Chinese hacker organisation called Tick. The man has left Japan, but the Japanese Metropolitan Police Department submitted the man’s case to the prosecutor as early as Tuesday, accusing him of falsifying digital records.
Source: Stand News #Apr20
https://bit.ly/33ySrYc
#China #Japan #NHK #Tokyo #Hacker #JAXA #Engineer #CCP #Communist #Server #Tick
Japan NHK quoted a news and stated, Tokyo police discovered there is a Chinese hacker organisation launched a large-scale cyber-attack on about 200 research institutes and private companies including the Japan Aerospace Exploration Agency (JAXA). The Japanese authorities suspect that these hackers were instructed by the Chinese People’s Liberation Army.
The source revealed to the Japan Broadcasting Association, JAXA has been cyber-attacked in 2016. Tokyo police have targeted a 30-year-old Chinese system engineer, accusing him of being a member of the Chinese Communist Party. He was accused of renting domestic servers under a false name to attack the systems of multiple institutions.
He is alleged to have forwarded these server numbers and related certificates to a Chinese hacker organisation called Tick. The man has left Japan, but the Japanese Metropolitan Police Department submitted the man’s case to the prosecutor as early as Tuesday, accusing him of falsifying digital records.
Source: Stand News #Apr20
https://bit.ly/33ySrYc
#China #Japan #NHK #Tokyo #Hacker #JAXA #Engineer #CCP #Communist #Server #Tick
立場新聞 Stand News
日媒:中國解放軍疑指示黑客 攻擊約 200 間日本企業及研究所 | 立場報道 | 立場新聞
日本放送協會(NHK)引述消息指,東京警方發現有中國黑客組織對日本宇宙航空研究開發機構(JAXA)等約 200...
Intrusion Truth details work of suspected Chinese hackers who are under indictment in US
Intrusion Truth, a mysterious group known for exposing suspected Chinese cyber-espionage operations, on Thursday published a new investigation that traced front companies allegedly used by two Chinese men whom a U.S. grand jury indicted last year.
The findings shed light on a dynamic that U.S. law enforcement officials say is increasingly common: foreign intelligence services’ use of front companies to try to conceal their hacking operations. The details also come at a time when Biden administration officials are dealing with the fallout of another suspected Chinese hacking campaign in which attackers leveraged widely used Microsoft software.
Source: CyberScoop #May06
https://t.co/5AhLumsp8r
#Mysteriou #Chinese #US #Cyber #Microsoft #Hacker
Intrusion Truth, a mysterious group known for exposing suspected Chinese cyber-espionage operations, on Thursday published a new investigation that traced front companies allegedly used by two Chinese men whom a U.S. grand jury indicted last year.
The findings shed light on a dynamic that U.S. law enforcement officials say is increasingly common: foreign intelligence services’ use of front companies to try to conceal their hacking operations. The details also come at a time when Biden administration officials are dealing with the fallout of another suspected Chinese hacking campaign in which attackers leveraged widely used Microsoft software.
Source: CyberScoop #May06
https://t.co/5AhLumsp8r
#Mysteriou #Chinese #US #Cyber #Microsoft #Hacker
USA and NATO Condemn China's Malicious Cyberattack
The Guardian reported that the USA and NATO along with the European Union, United Kingdom, Japan, Canada, Australia and New Zealand condemned Malicious Cyberattacks by China. The attack includes the invasion of 250,000 Microsoft Exchange email servers, affecting at least 30,000 US governmental and non-governmental organizations. It is the first cyber behaviour condemn by NATO since its establishment in 1949. Antony Blinken, the United States Secretary of State, indicates that the systemic cyberattack from China is irresponsible, destructive and brings instability, seriously threatening the economy and national security of the USA.
On the same day, the US Department of Justice prosecuted four China citizens, including three security department officials and one criminal hacker contractor, accusing them of extorting and endangering the USA national security. Between 2011 and 2018, they invaded the computer system of various organizations, universities and government institutions, asking for trade secrets of aeronautics, national defence, education, government, medical, biopharmaceutical and maritime.
Source: Stand News #Jul20
https://bit.ly/2ViBmkW
#USA #NATO #China #Blinken #Hacker #MicrosoftExchange #CyberAttack
The Guardian reported that the USA and NATO along with the European Union, United Kingdom, Japan, Canada, Australia and New Zealand condemned Malicious Cyberattacks by China. The attack includes the invasion of 250,000 Microsoft Exchange email servers, affecting at least 30,000 US governmental and non-governmental organizations. It is the first cyber behaviour condemn by NATO since its establishment in 1949. Antony Blinken, the United States Secretary of State, indicates that the systemic cyberattack from China is irresponsible, destructive and brings instability, seriously threatening the economy and national security of the USA.
On the same day, the US Department of Justice prosecuted four China citizens, including three security department officials and one criminal hacker contractor, accusing them of extorting and endangering the USA national security. Between 2011 and 2018, they invaded the computer system of various organizations, universities and government institutions, asking for trade secrets of aeronautics, national defence, education, government, medical, biopharmaceutical and maritime.
Source: Stand News #Jul20
https://bit.ly/2ViBmkW
#USA #NATO #China #Blinken #Hacker #MicrosoftExchange #CyberAttack
Spies for Hire: China’s New Breed of Hackers Blends Espionage and Entrepreneurship
China’s buzzy high-tech companies don’t usually recruit Cambodian speakers, so the job ads for three well-paid positions with those language skills stood out. The ad, seeking writers of research reports, was placed by an internet security start-up in China’s tropical island-province of Hainan.
That start-up was more than it seemed, according to American law enforcement. Hainan Xiandun Technology was part of a web of front companies controlled by China’s secretive state security ministry, according to a federal indictment from May. They hacked computers from the United States to Cambodia to Saudi Arabia, seeking sensitive government data as well as less-obvious spy stuff, like details of a New Jersey company’s fire-suppression system, according to prosecutors.
Source: NY Times #Aug26
https://www.nytimes.com/2021/08/26/technology/china-hackers.html
#China #Spy #Hacker #UnitedStates #Cambodia #Saudi #Arabia
China’s buzzy high-tech companies don’t usually recruit Cambodian speakers, so the job ads for three well-paid positions with those language skills stood out. The ad, seeking writers of research reports, was placed by an internet security start-up in China’s tropical island-province of Hainan.
That start-up was more than it seemed, according to American law enforcement. Hainan Xiandun Technology was part of a web of front companies controlled by China’s secretive state security ministry, according to a federal indictment from May. They hacked computers from the United States to Cambodia to Saudi Arabia, seeking sensitive government data as well as less-obvious spy stuff, like details of a New Jersey company’s fire-suppression system, according to prosecutors.
Source: NY Times #Aug26
https://www.nytimes.com/2021/08/26/technology/china-hackers.html
#China #Spy #Hacker #UnitedStates #Cambodia #Saudi #Arabia
At least 13 phone firms hit by suspected Chinese hackers since 2019, say experts
At least 13 phone companies around the world have been compromised since 2019 by sophisticated hackers who are believed to come from China, a cybersecurity expert group has said.
The roaming hackers – known as LightBasin – were able to “search and find” individual mobile phones and “target accordingly”, according to CrowdStrike, a group regularly cited by western intelligence.
Hackers were also able to obtain personal subscriber information held by phone companies and metadata showing who made and received calls.
Source: The Guardian #Oct19
https://www.theguardian.com/technology/2021/oct/19/phone-firms-hit-by-suspected-chinese-hackers-lightbasin-china?CMP=Share_iOSApp_Other
#China #Hacker #Cybersecurity
At least 13 phone companies around the world have been compromised since 2019 by sophisticated hackers who are believed to come from China, a cybersecurity expert group has said.
The roaming hackers – known as LightBasin – were able to “search and find” individual mobile phones and “target accordingly”, according to CrowdStrike, a group regularly cited by western intelligence.
Hackers were also able to obtain personal subscriber information held by phone companies and metadata showing who made and received calls.
Source: The Guardian #Oct19
https://www.theguardian.com/technology/2021/oct/19/phone-firms-hit-by-suspected-chinese-hackers-lightbasin-china?CMP=Share_iOSApp_Other
#China #Hacker #Cybersecurity
Chinese hacking shows clear ‘geopolitical goals,’ targets Taiwan, Hong Kong universities
Hackers from China have targeted political issues and universities in Taiwan and Hong Kong, Microsoft said in its 2021 Digital Defense Report, which covers the period between July 2020 and June 2021.
Cristin Goodwin, head of Microsoft’s Digital Security Unit, noted China’s geopolitical goals, reported AP. According to the October 2021 report, the “Chromium” cyber activity group targeted “sensitive social, economic, and political issues surrounding Hong Kong and Taiwan” in addition to China’s neighbors, such as India, Malaysia, Mongolia, Pakistan, and Thailand.
Source: Taiwan News #Oct08
https://www.taiwannews.com.tw/en/news/4309568
#China #Chinese #Hacking #Hacker #Microsoft #HongKong #Taiwan
Hackers from China have targeted political issues and universities in Taiwan and Hong Kong, Microsoft said in its 2021 Digital Defense Report, which covers the period between July 2020 and June 2021.
Cristin Goodwin, head of Microsoft’s Digital Security Unit, noted China’s geopolitical goals, reported AP. According to the October 2021 report, the “Chromium” cyber activity group targeted “sensitive social, economic, and political issues surrounding Hong Kong and Taiwan” in addition to China’s neighbors, such as India, Malaysia, Mongolia, Pakistan, and Thailand.
Source: Taiwan News #Oct08
https://www.taiwannews.com.tw/en/news/4309568
#China #Chinese #Hacking #Hacker #Microsoft #HongKong #Taiwan
Chinese hackers stole millions worth of U.S. COVID relief money, Secret Service says
Chinese hackers have stolen tens of millions of dollars worth of U.S. COVID relief benefits since 2020, the Secret Service said on Monday.
The Secret Service declined to provide any additional details but confirmed a report by NBC News that said the Chinese hacking team that is reportedly responsible is known within the security research community as APT41 or Winnti.
APT41 is a prolific cybercriminal group that had conducted a mix of government-backed cyber intrusions and financially motivated data breaches, according to experts.
Source:Reuter #Dec06
https://www.reuters.com/technology/chinese-hackers-stole-millions-worth-us-covid-relief-money-secret-service-says-2022-12-05/
#Chinese #Hacker #US #COVID
Chinese hackers have stolen tens of millions of dollars worth of U.S. COVID relief benefits since 2020, the Secret Service said on Monday.
The Secret Service declined to provide any additional details but confirmed a report by NBC News that said the Chinese hacking team that is reportedly responsible is known within the security research community as APT41 or Winnti.
APT41 is a prolific cybercriminal group that had conducted a mix of government-backed cyber intrusions and financially motivated data breaches, according to experts.
Source:Reuter #Dec06
https://www.reuters.com/technology/chinese-hackers-stole-millions-worth-us-covid-relief-money-secret-service-says-2022-12-05/
#Chinese #Hacker #US #COVID