The arrest of a top executive of tech giant Huawei at the request of US authorities signals a toughening stand in Washington on dealing with Chinese tech firms amid longstanding concerns over cyberespionage.
Meng Wanzhou, Huawei’s chief financial officer, was detained this week in Canada and faces an extradition request from US authorities over an investigation into suspected Iran sanctions violations by the Chinese technology giant. Meng is the daughter of company founder Ren Zhengfei, a former Chinese People’s Liberation Army engineer.
Valid arguments about a possible industrial espionage campaign are being raised surrounding a Google Chrome extension that was caught collecting browsing history, ZDNet has learned from ExtraHop, a real-time IT analytics firm. The company said it detected the malicious code hidden inside a Google Chrome extension aimed at web developers. The extension, named Postman, is still available in the Chrome Web Store, despite ExtraHop reporting it to Google more than a month ago.
In what appears to be a first on the cyber-espionage scene, a nation-state-backed hacking group has used a Google Chrome extension to infect victims and steal passwords and cookies from their browsers.
This is the first time an APT (Advanced Persistent Threat –an industry term for nation-state hacking groups) has been seen (ab)using a Chrome extension. A pending report by the ASERT team at Netscout reveals the details of a spear-phishing campaign that’s been pushing a malicious Chrome extension since at least May 2018. Researchers said they found evidence suggesting that the group may be based in North Korea.
Read more about the cyber-espionage campaign on ZDNet.
China allegedly directed an increase in cyber attacks on Australian companies this year that breached a bilateral agreement between the two countries pledging not to steal each other’s commercial secrets, the Sydney Morning Herald reported.
An investigation by Australian broadcaster Nine News and Fairfax Media — which owns the Sydney Morning Herald — found that China’s Ministry of State Security was responsible for the so-called “Operation Cloud Hopper.” It was a wave of attacks that were detected by Australia and its partners in the “Five Eyes” intelligence sharing alliance — which is made up of the U.S., U.K., New Zealand and Canada.
Read more about the increase in cyber attacks directed by China on CNBC.
Recent attacks on an engineering company in the United Kingdom were attributed to a China-related cyber-espionage group despite the use of techniques usually associated with Russian threat actors. The hacking group, which is referred to as TEMP.Periscope and is also known as Leviathan, has been active for half a decade and was observed targeting engineering and maritime entities earlier this year
In July 2018, the group targeted the employees of a U.K.-based engineering company in a spear-phishing campaign, Recorded Future reports. As part of this campaign, the group is believed to have reused publicly reported, sophisticated Tactics, Techniques and Procedures (TTPs) from Russian threat groups Dragonfly and APT28.
Read more about the TEMP.Periscope attack campaigns on SecurityWeek.
With less than two months left in the year, security researchers and businesses are already looking to the future to see which threats and trends will continue to make an impact in the world of cybersecurity in 2019.
Ian Kilpatrick, EVP of cybersecurity at the Nuvias Group has outlined his top ten cybersecurity predictions for the coming year from an increase in malware, ransomware and other cyberattacks to organisation’s continued difficulties complying with the EU’s GDPR.
Read more about Ian Kilpatrick’s top ten cybersecurity predictions for 2019 on TechRadar.
When a Belgian locksmith attacked the Pakistani Air Force, researchers at Cylance took notice. The locksmith probably never knew his website had been taken over by a nation-state hacking group as a command-and-control server, nor that exploit-laden Microsoft Word documents crafted to spear-phish Pakistani Air Force officers were hosted there for over six months.
The Belgian locksmith was just a pawn in a global game of cyberespionage fought by a new nation-state hacking group. The incredibly sophisticated layers of misdirection used by the malware to mislead and delay forensics analysis worries security researchers.
Read more about the new APT, dubbed White Company, which is likely Middle Eastern, but shows fingerprints of U.S.-trained personnel, on CSO.
Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications.
The researchers reverse engineered a Nvidia GPU to demonstrate three attacks on both graphics and computational stacks, as well as across them. All three attacks require the victim to first acquire a malicious program embedded in a downloaded app. The program is designed to spy on the victim’s computer.
Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor was two employees with legitimate access to the data.
A federal indictment unsealed this week in the US District Court for the Northern District of California described Micron as the victim of economic espionage involving a Taiwanese semiconductor company, a state-owned company in China, and three individuals who previously worked for Micron.
Read more about how Micron fell victim to espionage on DarkReading.
Chinese intelligence officers and hackers working for them have been charged with commercial espionage that included trying to steal information on commercial jet engines, federal prosecutors have said.
The indictments named two officers working for the Nanjing-based foreign intelligence arm of China’s Ministry of State Security and six other defendants who allegedly conspired from 2010 to 2015 to steal sensitive turbofan engine technology used in commercial aviation. The hackers allegedly used spear phishing to deploy malware and other means to intrude into a French aerospace company that was developing the engines with a U.S. company.
Read more about the indictments of Chinese hackers on Time.