Chinese Hackers Spying On US Government Agencies

Uploaded on 2020-09-29 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a security advisory warning of a wave of attacks carried out by hacking groups affiliated with China's Ministry of State Security (MSS). Recently these hackers, who are apparently working for a Chinese intelligence agency, have spied on parts of the US government and commercial organisations by exploiting common IT vulnerabilities, the FBI and CISA has said.

The attackers have been using phishing emails with malicious links to infiltrate victim organisations and they have been doing it by including malicious software in those messages. 

Hackers exploit software flaws in commercial technologies and open-source tools, including services with known fixes says the FBI and CISA. ‘CISA has consistently observed Chinese MSS-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target US Government agencies. CISA has observed these, and other threat actors with varying degrees of skill, routinely using open-source information to plan and execute cyber operations,’ says the CISA.

Recently hackers working for the group known as Advanced Persistent Threat 41 (ATP41) compromised a major private provider of social care services in the UK and in the process disrupted its systems, a cyber security expert with knowledge of China’s actions says. 

Now the US government has filed charges against Chinese nationals with known connections to the notorious hacking group known as APT41. Five Chinese nationals will face charges relating to hacking more than 100 international companies on behalf of the Chinese government. 

These are state-sponsored actors working on behalf of the Chinese government and its security services have tried to “profit from the crisis” and steal information that could be beneficial to the country, a senior Western security source says.

Suspected Chinese hackers frequently conduct economic espionage against government and private sector entities in the US in order to steal intellectual property and bolster China’s technology and defense sectors. In some instances, the Chinese hackers have tried to use and manipulate a Microsoft tool, known as Remote Desktop Protocol, in the federal government, CISA and the FBI.

CISA warned U.S. government agencies and private sector alike to patch these and other known vulnerabilities.

Despite being publicly criticised for alleged hacking, by governments, law enforcement and private security firms, China has consistently denied the claims made against it. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.

It is now estimated that range for China's hacking personnel is between 50,000 to 100,000 individuals. CISA officials recommend that security teams in private companies and private sector and government agencies read its report, take notice of the common tactics, techniques, and procedures (TTPs) used by Chinese state actors, patch devices and deploy detection rules accordingly.

US-CERT:        Dept. of Justice:     Cyberwire:       Foreign Policy:     Wired:    CyberScoop:       ZDNet

You Might Also Read:
 

Has China Become The Greatest Cyber Power?:

 

« Artificial Intelligence Is The Future Of Security
BT Dumps Huawei For Nokia 5G »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Lockton

Lockton

Lockton is the world’s largest privately owned insurance brokerage firm. Commercial services include Cyber Risk insurance.

Materna Virtual Solution

Materna Virtual Solution

Materna Virtual Solution security solutions enable user-friendly, secure mobile working environments.

Westminster eForum

Westminster eForum

Wesrtminster eForum runs a series of conferences on matters relating to the UKs Digital Strategy. Topics include Smart Cities and Cyber Security.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

Ziroh Labs

Ziroh Labs

Ziroh Labs leverages advanced cryptography to keep your highly sensitive, private data safe throughout the lifecycle of data.

Lightship Security

Lightship Security

Lightship Security is an accredited Common Criteria and FIPS 140-2 IT security testing laboratory that specializes in test conformance automation solutions and IT product security certifications.

GK8

GK8

GK8 is a cyber security company that offers a high security custodian technology for managing and safeguarding digital assets. Secure, Compliant and Practical.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

GrayMatter

GrayMatter

GrayMatter provides Advanced Industrial Analytics, OT Cybersecurity, Digital Transformation and Automation & Control services to clients across the U.S. and Canada.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.

PureSoftware

PureSoftware

PureSoftware is a global software products and digital services company that is driving transformation for the world’s top organizations across various industry verticals.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.

Open Cybersecurity Alliance (OCA)

Open Cybersecurity Alliance (OCA)

OCA is building an open ecosystems where cybersecurity products interoperate without the need for customized integrations. We're making standards-based interoperable cybersecurity a reality.