Category: China

Fewer Affected in Marriott Hack, but Passports a Red Flag

Fewer Marriott guest records that previously feared were compromised in the massive data breach, but the largest hotel chain in the world confirmed that approximately 5.25 million unencrypted passport numbers were accessed. The compromise of those passport numbers has raised alarms among security experts because of their value to state intelligence agencies.

The FBI is leading the investigation of the data theft and investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, the rough equivalent of the CIA. The hackers also accessed about 20.3 million encrypted passport numbers. There is no evidence that they were able to use the master encryption key required to gain access to that data.

Read more about the Marriott data breach investigation on SecurityWeek.

EU Looks to Reduce Exposure to Chinese 5G Risk: Report

The European Union is hoping to lead a more coordinated response to security concerns over Chinese 5G equipment makers, it has emerged. Brussels wants to ensure it doesn’t end up with a situation where member states have unwittingly allowed Chinese kit to dominate across the region, according to the FT.

One unnamed diplomat told the paper that although 5G auctions can raise billions for governments, the EU is “urging everyone to avoid making any hasty moves they might regret later.” The US, Australia, New Zealand, Taiwan and Japan have all banned Huawei products on security fears to a lesser or greater extent, despite the firm repeatedly protesting its innocence.

Read more about this story on Infosecurity Magazine.

Cyberwar predictions for 2019: The stakes have been raised

Before the internet era, geopolitical tensions drove traditional espionage, and periodically erupted into warfare. Nowadays, cyberspace not only houses a treasure-trove of commercially and politically sensitive information, but can also provide access to control systems for critical civil and military infrastructure.

It’s therefore no surprise to find nation-state cyber activity high on the agendas of governments. In 2019, nation-state cyber activity is expected to increase to unprecedented levels.

Read more about the predictions for nation-state cyber activity in 2019 on ZDNet.

The Most Dangerous People on the Internet in 2018

This year thankfully avoided any world-breaking ransomware attacks like NotPetya. It even had some small victories, like GitHub beating back the biggest DDoS attack in history. Still, online threats are manifold, lurking and evolving, making the internet a more hostile place than ever.

The biggest threats online continued to mirror the biggest threats in the real world, with nation states fighting proxy battles and civilians bearing the brunt of the assault. In many cases, the most dangerous people online are also the most dangerous in the real world. The distinction has never mattered less.

Read the list of most dangerous people on the Internet for 2018 on Wired.

How China Helped Make the Internet Less Free in 2018

As democracies around the world struggle to hold back the rising tide of authoritarianism, a similar crisis is unfolding online. Three factors converged this year to make 2018 the eighth straight year that global internet freedom declined, according to an annual report from the nonprofit Freedom House: increasing censorship in response to disinformation, the widespread collection of personal data, and a growing group of countries emulating China’s model of digital authoritarianism.

Not only does China once again rank as the worst abuser of internet freedom, it is actively exporting its techno-dystopian model to other countries according to the report.

Read more about the findings of the Freedom House report on Wired.

China Says Cyber Indictments ‘Seriously Damaged’ US Cooperation

China has responded strongly to the U.S. indictments of two nationals for alleged cyberattacks on more than 45 American companies and government departments, saying the charges “seriously damaged” cooperation between the two nations.

The strong rebuttal came in the face of charges claiming the individuals – Zhu Hua and Zhang Shilong – stole sensitive data from a vast number of organizations working as part of a hacking crew dubbed APT10, which is linked to the Chinese government. A spokesperson with the Chinese embassy in London said the charges were “egregious” and “gravely violated the basic norms governing international relations and seriously damaged China-US cooperation.”

Read more about this story on Forbes.

Five other countries formally accuse China of APT10 hacking spree

After the US Department of Justice charged two Chinese nationals for being members of a state-sponsored hacking group and accused the Chinese government of orchestrating a string of hacks around the world, five other governments have stepped in with similar accusations.

Australia, Canada, Japan, New Zealand, and the UK have published official statements today formally blaming China of hacking their government agencies and local companies. All statements are in regards to the supposed involvement of the Chinese Ministry of State Security (MSS) in supporting the activity of a hacking group known as APT10.

Read more about this story on ZDNet.

U.S. Indicts China-Backed Duo for Massive, Years-Long Spy Campaign

The Department of Justice charged two Chinese hackers with stealing “hundreds of gigabytes” of data from more than 45 other governmental organizations and U.S.-based companies. This has potentially significant national security ramifications: Targets included the NASA Goddard Space Center and Jet Propulsion Laboratory; U.S. Department of Energy’s Lawrence Berkeley National Laboratory; and the Navy.

The two hackers, Zhang Shilong and Zhang Jianguo, are alleged to be members of APT10, a well-known China-based threat actor, which is believed to be directly connected to the Chinese Ministry of State Security’s (MSS) Tianjin bureau.

Read more about the charges against the Chinese hackers on ThreatPost.

You Better Believe You Are A Target Of PRC Protected Attackers: Here is proof

The following is a joint announcement of the Department of State and Department of Homeland Security:

Since at least 2014, Chinese cyber actors associated with the Chinese Ministry of State Security have hacked multiple U.S. and global managed service and cloud providers. These Chinese actors used this access to compromise the networks of the providers’ clients, including global companies located in at least 12 countries.

The United States is concerned that this activity violates the 2015 U.S.-China cyber commitments made by President Xi Jinping to refrain from conducting or knowingly supporting “cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” China has also made this commitment with G20 and APEC members as well as in other bilateral statements.

Stability in cyberspace cannot be achieved if countries engage in irresponsible behavior that undermines the national security and economic prosperity of other countries. These actions by Chinese actors to target intellectual property and sensitive business information present a very real threat to the economic competitiveness of companies in the United States and around the globe. We will continue to hold malicious actors accountable for their behavior, and today the United States is taking several actions to demonstrate our resolve. We strongly urge China to abide by its commitment to act responsibly in cyberspace and reiterate that the United States will take appropriate measures to defend our interests.

From: State Website

Also see the ThreatBrief China Report

Chinese hackers tap into EU diplomatic communications network

The Chinese government has been covertly monitoring communication between European government organizations and think tanks potentially for years, researchers claim. In a report (.PDF), researchers from Area 1 Security said that the ongoing campaign has “gained access into the diplomatic correspondence network of the European Union.”

Area 1 Security has attributed the infiltration to the Strategic Support Force (SSF) of the People’s Liberation Army (PLA). An online cybersecurity team was established by the PLA in 2011, but it was not until 2015 before China explicitly admitted to the unit’s existence.

Read more about the state-sponsored Chinese hacking attack on ZDNet.