Chinese

now browsing by tag

 
 

What Chinese company Zhenhua Data will do with data of 35,000 Aussies | #facebookdating | #tinder | #pof | romancescams | #scams

You – the internet user – have become the front line in a battle for hearts, minds and political advantage. And your personal details are the weapons in an international […] View full post on National Cyber Security

U.S. Sanctions Chinese Officials Over Hong Kong Policy—Including Carrie Lam | #Databreach | Pentest | #cybersecurity | #informationsecurity

WASHINGTON—The U.S. levied sanctions on some of Hong Kong’s leading officials and China’s top enforcers of Beijing’s clampdown on the territory, ratcheting up the Trump administration’s use of sanctions against […] View full post on National Cyber Security

2 Chinese Charged with Laundering $100 Million for North Korean Hackers

Source: National Cyber Security – Produced By Gregory Evans

North Korea Hacking Cryptocurrency

Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards.

According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated by Lazarus Group, a cybercrime group with ties with the North Korean government.

The two individuals in question — Tian Yinyin (田寅寅, and Li Jiadong (李家东) — were both charged with operating an unlicensed money transmitting business and money laundering conspiracy.

Prosecutors said the defendants worked on behalf of the threat actors based in North Korea to allegedly launder over a $100 million worth of stolen cryptocurrency to obscure transactions, adding the hacking of cryptocurrency exchanges posed a severe threat to the security of the global financial system.

It’s worth noting that Lazarus Group was one among the three hacking outfits to be sanctioned by the US government last September for conducting a variety of financially-motivated operations ranging from cyber-espionage to data theft, so as to fund the country’s illicit weapon and missile programs.

Per the US Treasury, the Lazarus Group stole the funds in 2018 after an employee of a cryptocurrency exchange unwittingly downloaded malware through an email, which gave the threat actor access to private keys, virtual currency, and other customer information.

“Lazarus Group cyber actors used the private keys to steal virtual currencies (250 million dollar equivalent at date of theft) from this exchange, accounting for nearly half of the DPRK’s estimated virtual currency heists that year.” the Treasury said.

While the name of the exchange remains unknown, a report by Kaspersky back in August 2018 detailed a campaign that involved dropping malware in the corporate networks of a number of crypto-exchanges by sending spear-phishing emails.

Stating that North Korea trains hackers to “target and launder stolen funds from financial institutions,” the Treasury added that both Tian and Li received $91 million from North Korea-controlled accounts that can be traced by the 2018 cryptocurrency exchange hack and an additional $9.5 million from a hack of a second exchange.

Prosecutors said the two individuals helped convert more than $34 million of the illicit funds they received back into Chinese yuan by moving them to a bank account linked to the exchange account, in addition to converting $1.4 million worth of cryptocurrency into Apple gift cards.

Created in 2007, the Lazarus Group has gone after a number of targets, including militaries, governments, financial institutions, media companies, and utility sectors, to perpetrate monetary heists and destructive malware attacks, making it the most-profitable cryptocurrency-hacker syndicate in the world.

A United Nations report last August estimated North Korea to have generated an estimated $2 billion for its weapons programs through “widespread and increasingly sophisticated cyberattacks” targeting banks and cryptocurrency exchanges.

The Original Source Of This Story: Source link

The post 2 Chinese Charged with Laundering $100 Million for North Korean Hackers appeared first on National Cyber Security.

View full post on National Cyber Security

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans

The U.S. Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.

The nine-count indictment names Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可) and Liu Lei (刘磊) as members of the PLA’s 54th Research Institute, a component of the Chinese military. They are each charged with three counts of conspiracy to commit computer fraud, economic espionage and wire fraud.

The government says the men disguised their hacking activity by routing attack traffic through 34 servers located in nearly 20 countries, using encrypted communications channels within Equifax’s network to blend in with normal network activity, and deleting log files daily to remove evidence of their meanderings through the company’s systems.

U.S. Attorney General Bill Barr said at a press conference today that the Justice Department doesn’t normally charge members of another country’s military with crimes (this is only the second time the agency has indicted Chinese military hackers). But in a carefully worded statement that seemed designed to deflect any criticism of past offensive cyber actions by the U.S. military against foreign targets, Barr said the DOJ did so in this case because the accused “indiscriminately” targeted American civilians on a massive scale.

“The United States, like other nations, has gathered intelligence throughout its history to ensure that national security and foreign policy decision makers have access to timely, accurate and insightful information,” Barr said. “But we collect information only for legitimate national security purposes. We don’t indiscriminately violate the privacy of ordinary citizens.”

FBI Deputy Director David Bowdich sought to address the criticism about the wisdom of indicting Chinese military officers for attacking U.S. commercial and government interests. Some security experts have charged that such indictments could both lessen the charges’ impact and leave American officials open to parallel criminal allegations from Chinese authorities.

“Some might wonder what good it does when these hackers are seemingly beyond our reach,” Bowdich said. “We answer this question all the time. We can’t take them into custody, try them in a court of law and lock them up. Not today, anyway. But one day these criminals will slip up, and when they do we’ll be there. We in law enforcement will not let hackers off the hook just because they’re halfway around the world.”

The attorney general said the attack on Equifax was just the latest in a long string of cyber espionage attacks that sought trade secrets and sensitive data from a broad range of industries, and including managed service providers and their clients worldwide, as well as U.S. companies in the nuclear power, metals and solar products industries.

“Indeed, about 80 percent of our economic espionage prosecutions have implicated the Chinese government, and about 60 percent of all trade secret thefts cases in recent years involved some connection with China,” he said.

The indictments come on the heels of a conference held by US government officials this week that detailed the breadth of hacking attacks involving the theft of intellectual property by Chinese entities.

“The FBI has about a thousand investigations involving China’s attempted theft of U.S.-based technology in all 56 of our field offices and spanning just about every industry and sector,” FBI Director Christopher Wray reportedly told attendees at the gathering in Washington, D.C., dubbed the “China Initiative Conference.”

At a time when increasingly combative trade relations with China combined with public fears over the ongoing Coronavirus flu outbreak are stirring Sinophobia in some pockets of the U.S. and other countries, Bowdich was quick to clarify that the DOJ’s beef was with the Chinese government, not its citizenry.

“Our concern is not with the Chinese people or with the Chinese American,” he said. “It is with the Chinese government and the Chinese Communist Party. Confronting this threat directly doesn’t mean we should not do business with China, host Chinese students, welcome Chinese visitors or co-exist with China as a country on the world stage. What it does mean is when China violates our criminal laws and international norms, we will hold them accountable for it.”

A copy of the indictment is available here.

ANALYSIS

DOJ officials praised Equifax for their “close collaboration” in sharing data that helped investigators piece together this whodunnit. Attorney General Barr noted that the accused not only stole personal and in some cases financial data on Americans, they also stole Equifax’s trade secrets, which he said were “embodied by the compiled data and complex database designs used to store personal information.”

While the DOJ’s announcement today portrays Equifax in a somewhat sympathetic light, it’s important to remember that Equifax repeatedly has proven itself an extremely poor steward of the highly sensitive information that it holds on most Americans.

Equifax’s actions immediately before and after its breach disclosure on Sept 7, 2017 revealed a company so inept at managing its public response that one couldn’t help but wonder how it might have handled its internal affairs and security. Indeed, Equifax and its leadership careened from one feckless blunder to the next in a series of debacles that KrebsOnSecurity described at the time as a complete “dumpster fire” of a breach response.

For starters, the Web site that Equifax set up to let consumers check if they were affected by the breach consistently gave conflicting answers, and was initially flagged by some Web browsers as a potential phishing site.

Compounding the confusion, on Sept. 19, 2017, Equifax’s Twitter account told people looking for information about the breach to visit the wrong Web site, which also was blocked by multiple browsers as a phishing site.

https://krebsonsecurity.com/

And two weeks after its breach disclosure, Equifax began notifying consumers of their eligibility to enroll in free credit monitoring — but the messages did not come from Equifax’s domain and were in many other ways indistinguishable from a phishing attempt.

It soon emerged the intruders had gained access to Equifax’s systems by attacking a software vulnerability in an Internet-facing server that had been left unpatched for four months after security experts warned that the flaw was being broadly exploited. We also learned that the server in question was tied to an online dispute portal at Equifax, which the intruders quickly seeded with tools that allowed them to maintain access to the credit bureau’s systems.

This is especially notable because on Sept. 12, 2017 — just five days after Equifax went public with its breach — KrebsOnSecurity broke the news that the administrative account for a separate Equifax dispute resolution portal catering to consumers in Argentina was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”

https://krebsonsecurity.com/

A partial list of active and inactive Equifax employees in Argentina. This page also let anyone add or remove users at will, or modify existing user accounts.

Perhaps we all should have seen this megabreach coming. In May 2017, KrebsOnSecurity detailed how countless employees at many major U.S. companies suffered tax refund fraud with the IRS thanks to a laughably insecure portal at Equifax’s TALX payroll division, which provides online payroll, HR and tax services to thousands of U.S. firms.

https://krebsonsecurity.com/

Equifax’s TALX — now called Equifax Workforce Solutions — aided tax thieves by relying on outdated and insufficient consumer authentication methods.

In October 2017, KrebsOnSecurity showed how easy it was to learn the complete salary history of a large portion of Americans simply by knowing someone’s Social Security number and date of birth, thanks to yet another Equifax portal.

Around that same time, we also learned that at least two Equifax executives sought to profit from the disaster through insider trading just days prior to the breach announcement. Jun Ying, Equifax’s former chief information officer, dumped all of his stock in the company in late August 2017, realizing a gain of $480,000 and avoiding a loss of more than $117,000 when news of the breach dinged Equifax’s stock price.

Sudhakar Reddy Bonthu, a former manager at Equifax who was contracted to help the company with its breach response, bought 86 “put” options in Equifax stock on Sept. 1, 2017 that allowed him to profit when the company’s share price dropped. Bonthu was later sentenced to eight months of home confinement; Ying got four months in prison and one year of supervised release. Both were fined and/or ordered to pay back their ill-gotten gains.

While Equifax’s stock price took a steep hit in the months following its breach disclosure, shares in the company [NYSE:EFX] gained a whopping 50.5% in 2019, according to data from S&P Global Market Intelligence.

KrebsOnSecurity has long maintained that the 2017 breach at Equifax was not the work of financially-motivated identity thieves, as there has been exactly zero evidence to date that anything close to the size of the data cache stolen from that incident has shown up for sale in the cybercrime underground.

However, readers should understand that there are countless other companies with access to SSN, DOB and other information crooks need to apply for credit in your name that get hacked all the time, and that this data on a great many Americans is already for sale across various cybercrime bazaars.

Readers also should know that while identity theft protection services of the kind offered by Equifax and other companies may alert you if crooks open a new line of credit in your name, these services generally do nothing to stop that identity theft from taking place. ID theft protection services are most useful in helping people recover from such crimes.

As such, KrebsOnSecurity continues to encourage readers to place a freeze on their credit files with Equifax and the other major credit bureaus. This process puts you in control over who gets to grant credit in your name. Placing a freeze is now free for all Americans and their dependents. For more information on how to do that and what to expect from a freeze, please see this primer.



Tags: Coronavirus, Equifax breach, FBI Deputy Director David Bowdich, FBI Director Christopher Wray, Jun Ying, Liu Lei, Sudhakar Reddy Bonthu, U.S. Attorney General Bill Barr, U.S. Justice Department, Wang Qian, Wu Zhiyong, Xu Ke

The source of this story comes from click here!

The post U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack — Krebs on Security appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Chinese Military Personnel Charged with Equifax Hack

Source: National Cyber Security – Produced By Gregory Evans The US has indicted Chinese military personnel today on charges of hacking into Equifax’s computer systems and stealing valuable trade secrets and the personal data of nearly 150 million Americans. A federal grand jury in Atlanta, Georgia, returned the indictment last week against four members of the Chinese […] View full post on AmIHackerProof.com

#hacking | Malaysia warns of Chinese hacking campaign targeting government projects

Source: National Cyber Security – Produced By Gregory Evans


Image:Azlan Baharudin

Special feature


Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

A Chinese state-sponsored hacking group has been targeting Malaysian government officials, computer experts with the Malaysian government said on Wednesday.

The purpose of the attacks has been to infect computers of government officials with malware and then steal confidential documents from government networks, Malaysia’s Computer Emergency Response Team (MyCERT) said in a security advisory.

Attacks pattern

The attacks against government officials consist of highly-targeted spear-phishing emails.

MyCERT says the attackers have been pretending to be a journalist, an individual from a trade publication, and representatives for a military organization and non-governmental organization (NGO).

The emails contained links to documents stored on Google Drive. The documents, when opened, asked recipients to enable macros.

The malicious macros used two Office exploits (CVE-2014-6352 and CVE-2017-0199) to execute malicious code on the victim’s system to download and install malware.

“The group’s operations tend to target government-sponsored projects and take large amounts of information specific to such projects, including proposals, meetings, financial data, shipping information, plans and drawings, and raw data,” MyCERT said.

MyCERT officials didn’t say if government officials were compromised in these attacks.

Indirectly pointing the finger at China

However, while MyCERT didn’t accuse the Chinese government directly, their advisory included links to research from the cyber-security community.

The write-ups [1, 2, 3, 4] describe the hacking tools and modus operandi of a cyber-espionage group known as APT40, known for its hacking activity alligned with the interests of the Chinese government.

In an exposé published last month, an online group of cyber-security analysts calling themselves Intrusion Truth have claimed that APT40 are contractors hired and operating under the supervision of the Hainan department of the Chinese Ministry of State Security.

According to FireEye, besides Malaysia, the group has also targeted Cambodia, Belgium, Germany, Hong Kong, Philippines, Norway, Saudi Arabia, Switzerland, the United States, and the United Kingdom.

The group has been primarily focused on “engineering, transportation, and the defense industry, especially where these sectors overlap with maritime technologies.”

The APT40 group is also tracked by other security firms, but under other names, such as TEMP.Periscope, TEMP.Jumper, Leviathan, BRONZE MOHAWK, GADOLINIUM. The group has been active since 2014, according to multiple reports.

Source link

The post #hacking | Malaysia warns of Chinese hacking campaign targeting government projects appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Chinese hackers bypass two-factor authentication | Information Age

Source: National Cyber Security – Produced By Gregory Evans A Chinese government-backed hacking group has found a new way to bypass two-factor authentication, according to a new report. The report by Dutch cybersecurity firm Fox-IT attributes a range of cyber attacks on government entities and managed service providers to APT20, a hacking group linked to […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | U.S. and China Strike Phase One Trade Agreement; Washington Steps up Efforts to Block Chinese Tech Amidst Mounting Opposition

Source: National Cyber Security – Produced By Gregory Evans

U.S. and China Announce Agreement on Phase One Trade Deal

On Dec. 13, President Trump announced that the U.S. and China had agreed to a “Phase One” trade deal. Under the agreement, the U.S. will roll back tariffs on Chinese goods in exchange for more U.S. goods purchases and structural reforms from the Chinese side. According to Trump, he will sign the deal on Jan. 15 with Chinese representatives at the White House. If the signing goes as planned, it will represent the U.S. and China’s first agreement to reduce import duties since the two countries began implementing bilateral tariffs in July 2018.

So far, most details of the agreement have not been made public. But as for U.S. commitments, Trump on Dec. 13 already canceled new 15 percent duties scheduled to hit $160 billion of Chinese exports on Dec. 15. Additionally, the Office of the U.S. Trade Representative (USTR) has confirmed that the U.S. will reduce tariffs on $120 billion of China’s exports from 15 percent to 7.5 percent. According to Chinese Vice Commerce Minister Wang Shouwen, the Trump administration will make these cuts in phases, though neither side has specified a timeline. Tariffs of 25 percent will remain, meanwhile, on $250 billion of Chinese goods.

As for China’s commitments, China has already cut tariffs on a slew of agricultural products and commodities. The USTR also reports that China will raise its imports of U.S. goods to $200 billion above 2017 levels—though China has yet to commit to import quantities for specific goods, like agricultural products. China has further pledged to heighten intellectual-property protections, end forced technology transfers and liberalize its financial services; however, the deal does not touch Chinese government subsidies to domestic firms. The deal also includes a process by which the U.S. may impose punitive tariffs if China does not adhere to its promises.

The Phase One deal has handed outsize benefits to U.S. and Chinese tech companies. Technology products (along with other consumer-retail goods) were disproportionately represented among the imports originally scheduled for new tariffs on Dec. 15. U.S. tech companies like Apple that produce in China will no longer see foreign-manufactured goods like phones and computers slapped with tariffs. And as analysts at Morgan Stanley have noted, following the deal, technology companies in China will likely experience the largest valuation increases among Chinese firms. Foreign financial firms may also be winners from the deal. Both sides have represented that, as part of the trade agreement, China will for the first time allow foreign companies to enter its financial sector without a joint venture. (China had already announced in July 2019 that it planned to abolish this joint-venture requirement.) This forthcoming change may also expand financing opportunities for firms raising funds in China.

Business groups in the U.S. have widely praised the deal as a positive step, and U.S. stocks rallied on news of the deal. Some commentators have argued that the Phase One agreement—which had remained in doubt for months—signifies a thaw in U.S.-China tensions and sanguine prospects for future agreements. Chinese negotiators are, reportedly, already attempting to work with the Trump administration in hammering out the next phase of the deal.

Still, reactions in the U.S. to the substance of Trump’s deal have been mixed. Although U.S. officials have touted the deal’s impact on the American economy, commentators have criticized it for resulting in few tangible concessions—particularly on structural reforms—that China had not previously been willing to make. And many remain skeptical that, even with this deal, the two sides will reach further trade agreements before November’s presidential election. Reports also suggest that Chinese leaders consider the deal a huge victory—and one that justifies a hardline approach to future U.S. trade talks.

State Department Steps up Efforts to Block Chinese Tech Imports, But Faces Mounting Opposition

Reporting broke in December that the State Department has, in recent months, attempted to stop American companies from purchasing Chinese technology components. The State Department’s Under Secretary for Economic Growth, Energy, and the Environment Keith Krach has led the initiative, which asks firms to sign a set of principles titled the Global Digital Trust Standard (GDTS). The GDTS would, in effect, commit firms not to buy products from Huawei and possibly other Chinese companies. Krach has reportedly approached thirteen business entities—including telecom carriers AT&T and Verizon, as well as chip manufacturers—about signing the GDTS. None appear to have signed.

The GDTS—by covering U.S. purchases, not sales—represents a more expansive attempt to influence U.S. supply chains than many past government actions against Huawei. But it also builds on recent steps in this direction by the Trump administration. On Nov. 26, the Commerce Department proposed a process for reviewing, and possibly prohibiting, information-technology acquisitions from “foreign adversar[ies].” These measures are widely considered to target Chinese companies like Huawei (although they have yet to take effect). Last month, the Federal Communications Commission (FCC) also labeled Huawei and ZTE national-security threats. This categorization bars purchases of their products through an FCC fund subsidizing rural telecom services.

The State Department’s requests, however, have met significant resistance from U.S. companies. Corporate leaders worry that signing the GDTS will commit them to anticompetitive behavior, exposing them to antitrust lawsuits. Concerned about higher costs and supply-chain disruption, businesses are also increasingly rebuffing Washington’s broader efforts to regulate tech imports, with many pushing back against the Commerce Department’s Nov. 26 purchase-review proposal. Unease about that rule change—and the review process’s complexity—led many trade associations on Dec. 6 to request a two-month extension to the rule’s comment period.

Chinese opposition to U.S. restrictions on Huawei has likewise grown more forceful, which may portend rising tensions on tech issues between the two countries. On Dec. 18, the Chinese state-owned paper China Daily published an editorial condemning U.S. efforts “to put Huawei out of business” as “dangerous” and “nothing but protectionism.” Huawei, meanwhile, has lately tried to market itself to American allies as more faithful than the U.S. to shared western values. And Huawei announced plans in December to sue the FCC for deeming it a national-security threat without due process. This legal challenge may compound U.S. firms’ fears about antitrust lawsuits should they cease importing Huawei goods.

It is not yet clear how the pushback will affect the Trump administration’s import-regulation efforts. Trump has continually ramped up restrictions against Huawei since May 2019, when he placed Huawei on a blacklist—still just partially implemented—that precludes it from purchasing U.S. components. However, there are some signs that regulators are open to tweaking such policies in response to feedback. Throughout November and December, the Commerce Department has issued export licenses to certain companies applying for exceptions from the ban against selling to Huawei.

In Other News

Reports emerged on Dec. 15 that the U.S. expelled two Chinese diplomats last September for suspected espionage after the two officials drove onto a military base in Virginia. At least one of the diplomats, U.S. officials suspect, was an undercover Chinese intelligence officer. The decision represents the first espionage-related expulsion of Chinese diplomats in over thirty years. After reports of the event broke, China denied that the embassy officials engaged in any wrongdoing and urged the U.S. “to correct its mistake.” The expulsions come amidst growing concerns among intelligence agencies worldwide that China is conducting espionage on a “mass scale.” Shortly after reports of the expulsions emerged, separate reporting indicated that a Chinese student had stolen research materials from a lab in Boston as an act of suspected biotechnology espionage.

Beijing last month reprimanded tech giants Tencent and Xiaomi for violating users’ data privacy with certain applications—including Tencent’s instant-messaging app QQ. Specifically, the government alleged that these apps violated national laws against collecting and selling personal data, such as through the use of designs that make it hard for users to delete accounts. In response to the transgressions, China’s Ministry of Industry and Information Technology (MIIT) on Dec. 19 published the names of dozens of problematic apps; it also threatened “punishment” if their problems were not addressed by end-2019. The crackdown gives force to an MIIT campaign announced last November to rein in mobile-app privacy violations, particularly among apps with high user volumes. Still, this campaign contrasts with Beijing’s recent efforts to scale up the government’s own data collection, which includes a Dec. 2 law requiring anyone registering a mobile number to undergo facial-recognition scans. Following the government’s announcement, Tencent issued a public pledge to amend its privacy statements.

On Dec. 8, the Financial Times obtained information that the Chinese government has ordered that all foreign-made hardware and software be removed from state institutions within three years. The substitutions will occur steadily through 2022—30 percent in 2020, 50 percent the next year and 20 percent the final year—and they complement similar moves by the U.S. to restrict Chinese tech imports. Analysts suspect executing the replacement will be difficult, because Chinese substitutes for some foreign products fall well below those foreign products’ levels of sophistication and developer support. China has wanted to remove foreign tech from key government operations since at least 2014, and doing so fits in with its objective of technological self-reliance under its “Made in China 2025” program. Still, the announced three-year timeframe is faster than expected, and the shift may harm some U.S. tech companies, which generate an estimated $150 billion in annual revenue from total sales to China. Some analysts expect, however, that major tech firms have anticipated and prepared for a move such as this.

Commentary

Paul Krugman argues in the New York Times that the “Phase One” trade deal achieves few of Trump’s objectives, while Max Boot contends in the Washington Post the benefits it will bring the U.S. are speculative. Writing for Foreign Policy, Peter E. Harrell predicts that the next phase of U.S.-China trade disputes will center on export and investment controls rather than tariffs. Michael Ivanovitch argues in CNBC that a Phase One deal will do little to end the U.S.-China trade deficit and forestall future trade spats.

Henry Paulson writes in the Washington Post that the U.S. needs to catch up with China on developing 5G technologies. For Project Syndicate, Ngaire Woods questions whether Huawei really poses a greater security threat to the U.S. than companies like Facebook. Yukon Huang and Jeremy Smith discuss for the Carnegie Endowment for International Peace why the U.S. and China should resolve their technology disputes in multilateral forums.

For the New York Times, Ian Johnson examines how the Chinese Communist Party is incorporating traditional Chinese values into its governing strategy, and Roger Cohen explores the origins of political unrest in Hong Kong. In the Diplomat, Remco Zwetsloot and Dahlia Peterson argue that China’s immigration practices hold it back from competing with the U.S. in tech.

For Lawfare, Christopher C. Krebs discusses how the Cybersecurity and Infrastructure Security Agency can tackle U.S. cybersecurity vulnerabilities. Richard Altieri and Benjamin Della Rocca explore potential U.S. executive and legislative responses to Xinjiang internment camps. Tom Wheeler explains how Trump administration policies have set the U.S. back in its competition with China on 5G technologies.

Source link

The post #nationalcybersecuritymonth | U.S. and China Strike Phase One Trade Agreement; Washington Steps up Efforts to Block Chinese Tech Amidst Mounting Opposition appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Chinese Hackers Have Reportedly Managed To Bypass Two-Factor Authentication

Source: National Cyber Security – Produced By Gregory Evans

Two-factor authentication is something that many companies are recommending that users use. This is because it is a lot more secure compared to the traditional username and login combo, where an additional one-time password/code is generated to authenticate the user, meaning that even if your password is compromised, hackers still can’t get into your account.

This is because usually the one-time generated password is sent to the owner’s phone or a special dongle. However, according to a report from ZDNet, it appears that a hacking group from China known as APT20 has apparently managed to bypass two-factor authentication where they have managed to hack various systems spanning as many as 10 countries.

According to security company, Fox-IT, “We have identified victims of this actor in 10 countries, in government entities, managed service providers and across a wide variety of industries, including Energy, Health Care and High-Tech.” The affected countries include Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, the United Kingdom, and the United States.

That being said, it is unclear how the hacking group managed to bypass 2FA. Bypassing 2FA is not completely unheard of, but it is a rather sophisticated attack, which Fox-IT believes could have been done through “legitimate” channels such as VPNs.

Filed in General. Read more about China, Hack and Security. Source: zdnet

Source link

The post #hacking | Chinese Hackers Have Reportedly Managed To Bypass Two-Factor Authentication appeared first on National Cyber Security.

View full post on National Cyber Security

Chinese #hacking group #returns with new #tactics for #espionage #campaign

Source: National Cyber Security – Produced By Gregory Evans

Chinese #hacking group #returns with new #tactics for #espionage #campaign

A Chinese hacking operation is back with new malware attack techniques and has switched its focus to conducting espionage on western corporations, having previously targeted organisations and individuals in Taiwan, Tibet, and the Philippines.

Dubbed KeyBoy, the advanced persistent threat actor has been operating out of China since at least 2013 and in that time has mainly focused its campaigns against targets in South East Asia region.

The last publicly known actively by KeyBoy saw it target the Tibetan Parliament between August and October 2016, according to researchers, but following that the group appeared to cease activity — or at least managed to get off the radar.

But now the group has reemerged and is targeting western organisations with malware which allows them to secretly perform malicious activities on infected computers. They include taking screenshots, key-logging, browsing and downloading files, gathering extended system information about the machine, and shutting down the infected machine.

KeyBoy’s latest activity has been uncovered by security analysts at PwC, who’ve analysed the new payload and found it includes new infection techniques replacing legitimate Windows binaries with a copy of the malware.

Like similar espionage campaigns by other hacking operations, the campaign begins with emails containing a malicious document – in the case analysed by PwC, the lure was a Microsoft Word document named ‘ Q4 Work Plan.docx’.

But rather than delivering macros or an exploit, the lure uses the Dynamic Data Exchange (DDE) protocol to fetch and download a remote payload. Microsoft has previously described DDE as a feature, not a flaw.

In this case, Word tells the user there’s been an error and the document needs updating – if this instruction is run, a remote fake DLL payload is run, which in turn serves up a dropper for the malware.

Once the process has been run and the malware is installed, the initial DLL is deleted, leaving no trace of the malicious fake. As the malware also disables Windows File Protection and related popups, it therefore isn’t immediately obvious to system administrators that a legitimate DLL was replaced.

Once inside the target system, the attackers are free to conduct espionage campaigns as they please – although PwC researchers have listed possible indicators of compromisewhich organisations can use to discover if there are traces of KeyBoy in the network.

Similar techniques and attack capabilities have been observed in past KeyBoy campaigns, leading researchers to conclude that this campaign is by the same group.

Researchers have yet to uncover which specific organisations or sectors KeyBoy is targeting with its latest campaign, but say that the group has now turned its attention to conducting corporate espionage on organisations in the west.

Aside from knowing that they’re based in China, it’s not yet been possible to uncover the KeyBoy hacker group or identify their ultimate motives. While it has some of the hallmarks of a state-backed operation, previous research into the group says any type of criminal gangcould operate this style of campaign.

 

The post Chinese #hacking group #returns with new #tactics for #espionage #campaign appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures