Chinese Hackers Spying On US Government Agencies

Uploaded on 2020-09-29 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a security advisory warning of a wave of attacks carried out by hacking groups affiliated with China's Ministry of State Security (MSS). Recently these hackers, who are apparently working for a Chinese intelligence agency, have spied on parts of the US government and commercial organisations by exploiting common IT vulnerabilities, the FBI and CISA has said.

The attackers have been using phishing emails with malicious links to infiltrate victim organisations and they have been doing it by including malicious software in those messages. 

Hackers exploit software flaws in commercial technologies and open-source tools, including services with known fixes says the FBI and CISA. ‘CISA has consistently observed Chinese MSS-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target US Government agencies. CISA has observed these, and other threat actors with varying degrees of skill, routinely using open-source information to plan and execute cyber operations,’ says the CISA.

Recently hackers working for the group known as Advanced Persistent Threat 41 (ATP41) compromised a major private provider of social care services in the UK and in the process disrupted its systems, a cyber security expert with knowledge of China’s actions says. 

Now the US government has filed charges against Chinese nationals with known connections to the notorious hacking group known as APT41. Five Chinese nationals will face charges relating to hacking more than 100 international companies on behalf of the Chinese government. 

These are state-sponsored actors working on behalf of the Chinese government and its security services have tried to “profit from the crisis” and steal information that could be beneficial to the country, a senior Western security source says.

Suspected Chinese hackers frequently conduct economic espionage against government and private sector entities in the US in order to steal intellectual property and bolster China’s technology and defense sectors. In some instances, the Chinese hackers have tried to use and manipulate a Microsoft tool, known as Remote Desktop Protocol, in the federal government, CISA and the FBI.

CISA warned U.S. government agencies and private sector alike to patch these and other known vulnerabilities.

Despite being publicly criticised for alleged hacking, by governments, law enforcement and private security firms, China has consistently denied the claims made against it. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.

It is now estimated that range for China's hacking personnel is between 50,000 to 100,000 individuals. CISA officials recommend that security teams in private companies and private sector and government agencies read its report, take notice of the common tactics, techniques, and procedures (TTPs) used by Chinese state actors, patch devices and deploy detection rules accordingly.

US-CERT:        Dept. of Justice:     Cyberwire:       Foreign Policy:     Wired:    CyberScoop:       ZDNet

You Might Also Read:
 

Has China Become The Greatest Cyber Power?:

 

« Artificial Intelligence Is The Future Of Security
BT Dumps Huawei For Nokia 5G »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

Thales

Thales

Thales provides solutions, services and products that help its customers in the defence, aeronautics, space, transportation and digital identity and security markets to fulfil their critical missions.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

Radically Open Security

Radically Open Security

Radically Open Security is the world's first not-for-profit computer security consultancy company.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

Dcode

Dcode

Dcode connects the tech industry and government to drive commercial innovation in the federal market.

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Appdetex

Appdetex

Appdetex is a global leader in securing your brand’s digital footprint. We are a full-service brand protection company in the online and mobile brand protection space.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Vertek

Vertek

Vertek is a leading provider of operations consulting, end-to-end business process outsourcing, business intelligence, software applications and managed cybersecurity solutions.