Tag: China

Nearly 5 million passengers’ data leaked from online train ticketing platforms

Data thieves stole the personal information of nearly 5 million people from an unconfirmed number of Chinese online ticket reservation platforms, according to Beijing police, who arrested a suspect in the case.

According to media reports, China Railway’s (CR) official online booking platform 12306 suffered a massive data breach, with information later being sold on the dark web. Compromised data reportedly included names, ID numbers, and passwords. CR later denied the claims in a Weibo post, saying no users’ information was hacked. However, it warned passengers to avoid booking their tickets on unauthorized third-party platforms.

Read more about the alleged China Railway data breach on TechNode.

Ransomware Infects 100K PCs in China, Demands WeChat Payment

Over 100,000 thousand computers in China have been infected in just a few days with poorly-written ransomware that encrypts local files and steals credentials for multiple Chinese online services. The crooks demand the victim a ransom of 110 yuan ($16) in exchange for decrypting the files, payable via Tencent’s WeChat payment service by scanning a QR code.

A report from Chinese security firm Huorong, the malware, dubbed ‘WeChat Ransom’ in some reports, emerged on December 1 and the number of infected systems has grown to over 100,000 as of December 4. The infection rate seems to have accelerated in one day, rising to the above number from just 20,000 a day before.

Read more about the massive ransomware campaign on BleepingComputer.

DHS and GCHQ join Amazon and Apple in denying Bloomberg chip hack story

Both US and UK intelligence officials have put out statements over the weekend in support of Amazon, Apple, and Supermicro in regards to recent allegations made by Bloomberg in an article published last week.

On Thursday, Bloomberg reporters claimed that Chinese intelligence had secretly implanted spy chips inside motherboards used for Supermicro servers that eventually made their way inside the IT infrastructure of Apple, Amazon, and 30 other companies, but also inside the networks of US and UK governments. All three major companies have denied the report‘s claims.

Read more about this developing story on ZDNet.

Data of 130 Million Chinese Hotel Chain Guests Sold on Dark Web Forum

A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum. The breach was reported today by Chinese media after several cyber-security firms spotted the forum ad [1234].

The seller said he obtained the data from Huazhu Hotels Group Ltd, one of China’s largest hotel chains, which operates 13 hotel brands across 5,162 hotels in 1,119 Chinese cities. According to a description posted by the hacker online, the stolen data is 141.5GB in size and contains 240 million records, with information on roughly 130 million Huazhu hotel guests.

Read more about the massive data breach on BleepingComputer.

Cyberattacks in Finland Surge During Trump-Putin Summit

President Donald Trump’s recent meeting with Russian counterpart Vladmir Putin in Helsinki proved to be as much a magnet for cyberattackers as his Singapore meeting with Korean leader Kim Jong-un in June.

As with the previous attacks, the ones in Finland appear to be mostly attempts to break into weakly protected Internet of things (IoT) devices to be used to spy on targets of interest in Finland. The main difference was that instead of the attacks mostly emanating from Russia, this time a majority of attacks came from networks in China.

Read more about the surge in cyberattacks in Finland that coincided with the Trump-Putin summit on DarkReading.

China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms

An advanced persistent threat group that is believed to be operating out of China is conducting a wide-ranging cyber espionage campaign targeting satellite, telecommunications, and defense organizations mostly in Southeast Asia and the United States.

Security vendor Symantec, which uncovered the campaign, says what’s most worrying about the activity of the so-called Thrip group is its apparent interest in the operational networks of some of its victims. That suggests the attack group’s motives may extend beyond spying to actual service disruption as well, the security vendor says.

Read more about the Thrip threat group that is using three computers based in China to steal data from targeted companies in Southeast Asia and the US according to Symantec, on DarkReading.

LuckyMouse threat group strikes national data center to exploit government websites

Chinese-speaking threat actors have launched a campaign against a national data center in a bid to compromise government resources. Researchers from Kaspersky Labs said that the campaign was detected back in March, but is believed to have been active since fall 2017.

In a blog post, the team said the ongoing attack is the work of a Chinese-speaking threat group dubbed LuckyMouse, otherwise known as EmissaryPanda and APT27. The hackers chose a significant target for the campaign — a national data center in central Asia. It is believed that the data center was chosen for one specific reason; access to a “wide range of government resources at one fell swoop.”

Read more about the campaign by Chinese threat actors that aimed to compromise government resources on ZDNet.

Chinese hackers stole 614GB of undersea warfare data from US Navy contractor

Hackers linked to the Chinese government reportedly stole 614 gigabytes of highly sensitive data from a U.S. Navy contractor, including plans related to a supersonic anti-ship missile meant to be usable by 2020 and other details about undersea warfare.

The hundreds of gigabytes of pilfered data came from an unnamed contractor working for the Navy’s underwater weapons R&D center; this Naval Undersea Warfare Center is based in Newport, Rhode Island. According to the Washington Post, the stolen data included material related to a “project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.” There was more taken, but the Post held off on reporting about it as to avoid harming national security.

Read more about how Chinese hackers reportedly stole hundreds of gigabytes from a US Navy contractor on CSO.

New China Cybersecurity law comes with data protection fangs

On June 1, 2017, Chinese consumers and businesses, including financial institutions, will wake up to a more stringent set of rules regarding the creation and use of personal data. The new PRC Cybersecurity Law was passed after a third deliberation suggesting the extent to which the government sees the important of the Internet while recognizing the real threat posed it.

Read why Scott Thiel, a partner at DLA Piper and Carolyn Bigg says that the new China cyber security law is very severe with data protection on Enterprise Innovation.

China businesses report more information security incidents: survey

Chinese companies reported more information security breaches over the 12 months ending June as a result of challenges brought about by fast-growing Internet technology, a PWC survey said Tuesday. There were, on average, 2,577 security incidents detected by respondents on the Chinese mainland and Hong Kong over the 12 months ending June, up from 1,254 a year ago and 241 in 2014, the global consulting firm said.

Read more about the PwC survey which reveals that data breaches are up 10% year on year in China on ECN.