Tag: Cyber Espionage

EU Looks to Reduce Exposure to Chinese 5G Risk: Report

The European Union is hoping to lead a more coordinated response to security concerns over Chinese 5G equipment makers, it has emerged. Brussels wants to ensure it doesn’t end up with a situation where member states have unwittingly allowed Chinese kit to dominate across the region, according to the FT.

One unnamed diplomat told the paper that although 5G auctions can raise billions for governments, the EU is “urging everyone to avoid making any hasty moves they might regret later.” The US, Australia, New Zealand, Taiwan and Japan have all banned Huawei products on security fears to a lesser or greater extent, despite the firm repeatedly protesting its innocence.

Read more about this story on Infosecurity Magazine.

China Says Cyber Indictments ‘Seriously Damaged’ US Cooperation

China has responded strongly to the U.S. indictments of two nationals for alleged cyberattacks on more than 45 American companies and government departments, saying the charges “seriously damaged” cooperation between the two nations.

The strong rebuttal came in the face of charges claiming the individuals – Zhu Hua and Zhang Shilong – stole sensitive data from a vast number of organizations working as part of a hacking crew dubbed APT10, which is linked to the Chinese government. A spokesperson with the Chinese embassy in London said the charges were “egregious” and “gravely violated the basic norms governing international relations and seriously damaged China-US cooperation.”

Read more about this story on Forbes.

Five other countries formally accuse China of APT10 hacking spree

After the US Department of Justice charged two Chinese nationals for being members of a state-sponsored hacking group and accused the Chinese government of orchestrating a string of hacks around the world, five other governments have stepped in with similar accusations.

Australia, Canada, Japan, New Zealand, and the UK have published official statements today formally blaming China of hacking their government agencies and local companies. All statements are in regards to the supposed involvement of the Chinese Ministry of State Security (MSS) in supporting the activity of a hacking group known as APT10.

Read more about this story on ZDNet.

U.S. Indicts China-Backed Duo for Massive, Years-Long Spy Campaign

The Department of Justice charged two Chinese hackers with stealing “hundreds of gigabytes” of data from more than 45 other governmental organizations and U.S.-based companies. This has potentially significant national security ramifications: Targets included the NASA Goddard Space Center and Jet Propulsion Laboratory; U.S. Department of Energy’s Lawrence Berkeley National Laboratory; and the Navy.

The two hackers, Zhang Shilong and Zhang Jianguo, are alleged to be members of APT10, a well-known China-based threat actor, which is believed to be directly connected to the Chinese Ministry of State Security’s (MSS) Tianjin bureau.

Read more about the charges against the Chinese hackers on ThreatPost.

Chinese hackers tap into EU diplomatic communications network

The Chinese government has been covertly monitoring communication between European government organizations and think tanks potentially for years, researchers claim. In a report (.PDF), researchers from Area 1 Security said that the ongoing campaign has “gained access into the diplomatic correspondence network of the European Union.”

Area 1 Security has attributed the infiltration to the Strategic Support Force (SSF) of the People’s Liberation Army (PLA). An online cybersecurity team was established by the PLA in 2011, but it was not until 2015 before China explicitly admitted to the unit’s existence.

Read more about the state-sponsored Chinese hacking attack on ZDNet.

Russian Cyberspies Build ‘Go’ Version of Their Trojan

The Russian-linked cyber-espionage group Sofacy has developed a new version of their Zebrocy tool using the Go programming language, Palo Alto Networks security researchers warn. The first-stage malware was initially analyzed in April this year, and has been observed in numerous attacks in October and November. Last month, however, the researchers also observed a new Trojan being used in the group’s attacks.

Also known as APT28, Fancy Bear, Pawn Storm, Sednit and Strontium, the state-sponsored actor has been active for several years, focusing on cyber-espionage and believed to have orchestrated the attacks targeting the 2016 presidential election in the United States.

Read more about the new malware used by Sofacy on SecurityWeek.

Huawei calls for evidence against company to be shown: Report

Huawei has told reporters that any evidence against the company should be revealed. “Maybe not to Huawei and maybe not to the public, but to telecom operators, because they are the ones that buy Huawei,” Chairman Ken Hu said. The Associated Press reported Hu said there has never been evidence of Huawei equipment being a risk, and the company has never “accepted requests to damage the networks or business of any of our customers”.

The call follows the Czech Republic’s national cybersecurity agency issuing a warning over the use of Huawei and ZTE earlier this week. The National Cyber and Information Security Agency (NCISA) said the security threat from the two firms’ products mainly comes down to China’s legal and political system for companies headquartered there.

Read more about this story on ZDNet.

China On The March: Cybersecurity And Hidden Risks

The recent arrest of Huawei’s chief financial officer Wanzhou in Canada at the request of U.S. officials over unspecified accusations is just the latest example of countries attempting to contain Chinese ambitions, often expressed through that country’s state-owned companies. It was widely reported that Huawei may have broken U.S. sanctions by doing business with Iran.

Trouble for the company worsened over the last week when the Wall Street Journal reported that spy chiefs from Australia, Canada, New Zealand, the U.K., and the United States agreed during a July meeting that the company’s influence needed to be limited.

Read more about the growing concerns about China’s ambitions, including its attempts to infiltrate the U.S. transportation industry, on Forbes.

Chinese Hackers Breach U.S. Navy Contractors

Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities. A series of incidents in the past 18 months has pointed out the service’s weaknesses, highlighting what some officials have described as some of the most debilitating cyber campaigns linked to Beijing.

Cyberattacks affect all branches of the armed forces but contractors for the Navy and the Air Force are viewed as choice targets for hackers seeking advanced military technology, officials said. Navy contractors have suffered especially troubling breaches over the past year, one U.S. official said.

Read more about the series of cyberattacks on The Wall Street Journal.

Iran Hackers Hunt Nuke Workers, US Officials

As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of U.S.-Iranian relations.

The AP drew on data gathered by the London-based cybersecurity group Certfa to track how a hacking group often nicknamed Charming Kitten spent the past month trying to break into the private emails of more than a dozen U.S. Treasury officials. Also on the hackers’ hit list: high-profile defenders, detractors and enforcers of the nuclear deal struck between Washington and Tehran, as well as Arab atomic scientists, Iranian civil society figures and D.C. think tank employees.

Read more about the recent Iranian hacking campaign on SecurityWeek.