Over 100,000 thousand computers in China have been infected in just a few days with poorly-written ransomware that encrypts local files and steals credentials for multiple Chinese online services. The crooks demand the victim a ransom of 110 yuan ($16) in exchange for decrypting the files, payable via Tencent’s WeChat payment service by scanning a QR code.
A report from Chinese security firm Huorong, the malware, dubbed ‘WeChat Ransom’ in some reports, emerged on December 1 and the number of infected systems has grown to over 100,000 as of December 4. The infection rate seems to have accelerated in one day, rising to the above number from just 20,000 a day before.
Both US and UK intelligence officials have put out statements over the weekend in support of Amazon, Apple, and Supermicro in regards to recent allegations made by Bloomberg in an article published last week.
On Thursday, Bloomberg reporters claimed that Chinese intelligence had secretly implanted spy chips inside motherboards used for Supermicro servers that eventually made their way inside the IT infrastructure of Apple, Amazon, and 30 other companies, but also inside the networks of US and UK governments. All three major companies have denied the report‘s claims.
A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum. The breach was reported today by Chinese media after several cyber-security firms spotted the forum ad [1, 2, 3, 4].
The seller said he obtained the data from Huazhu Hotels Group Ltd, one of China’s largest hotel chains, which operates 13 hotel brands across 5,162 hotels in 1,119 Chinese cities. According to a description posted by the hacker online, the stolen data is 141.5GB in size and contains 240 million records, with information on roughly 130 million Huazhu hotel guests.
President Donald Trump’s recent meeting with Russian counterpart Vladmir Putin in Helsinki proved to be as much a magnet for cyberattackers as his Singapore meeting with Korean leader Kim Jong-un in June.
As with the previous attacks, the ones in Finland appear to be mostly attempts to break into weakly protected Internet of things (IoT) devices to be used to spy on targets of interest in Finland. The main difference was that instead of the attacks mostly emanating from Russia, this time a majority of attacks came from networks in China.
Read more about the surge in cyberattacks in Finland that coincided with the Trump-Putin summit on DarkReading.
An advanced persistent threat group that is believed to be operating out of China is conducting a wide-ranging cyber espionage campaign targeting satellite, telecommunications, and defense organizations mostly in Southeast Asia and the United States.
Security vendor Symantec, which uncovered the campaign, says what’s most worrying about the activity of the so-called Thrip group is its apparent interest in the operational networks of some of its victims. That suggests the attack group’s motives may extend beyond spying to actual service disruption as well, the security vendor says.
Read more about the Thrip threat group that is using three computers based in China to steal data from targeted companies in Southeast Asia and the US according to Symantec, on DarkReading.
Chinese-speaking threat actors have launched a campaign against a national data center in a bid to compromise government resources. Researchers from Kaspersky Labs said that the campaign was detected back in March, but is believed to have been active since fall 2017.
In a blog post, the team said the ongoing attack is the work of a Chinese-speaking threat group dubbed LuckyMouse, otherwise known as EmissaryPanda and APT27. The hackers chose a significant target for the campaign — a national data center in central Asia. It is believed that the data center was chosen for one specific reason; access to a “wide range of government resources at one fell swoop.”
Read more about the campaign by Chinese threat actors that aimed to compromise government resources on ZDNet.
Hackers linked to the Chinese government reportedly stole 614 gigabytes of highly sensitive data from a U.S. Navy contractor, including plans related to a supersonic anti-ship missile meant to be usable by 2020 and other details about undersea warfare.
The hundreds of gigabytes of pilfered data came from an unnamed contractor working for the Navy’s underwater weapons R&D center; this Naval Undersea Warfare Center is based in Newport, Rhode Island. According to the Washington Post, the stolen data included material related to a “project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.” There was more taken, but the Post held off on reporting about it as to avoid harming national security.
Read more about how Chinese hackers reportedly stole hundreds of gigabytes from a US Navy contractor on CSO.
On June 1, 2017, Chinese consumers and businesses, including financial institutions, will wake up to a more stringent set of rules regarding the creation and use of personal data. The new PRC Cybersecurity Law was passed after a third deliberation suggesting the extent to which the government sees the important of the Internet while recognizing the real threat posed it.
Read why Scott Thiel, a partner at DLA Piper and Carolyn Bigg says that the new China cyber security law is very severe with data protection on Enterprise Innovation.
Chinese companies reported more information security breaches over the 12 months ending June as a result of challenges brought about by fast-growing Internet technology, a PWC survey said Tuesday. There were, on average, 2,577 security incidents detected by respondents on the Chinese mainland and Hong Kong over the 12 months ending June, up from 1,254 a year ago and 241 in 2014, the global consulting firm said.
Read more about the PwC survey which reveals that data breaches are up 10% year on year in China on ECN.
Chinese authorities could freeze assets and take other actions against foreign hackers threatening the country’s infrastructure under a revised draft of a new cybersecurity law. The law has been submitted for its third and final reading by the Standing Committee of the National People’s Congress, China’s legislature, the official Xinhua News Agency reported.
Read more about China’s new cyber security draft law which targets foreign hacker on ABC News.