Chinese Hackers Spying On US Government Agencies

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a security advisory warning of a wave of attacks carried out by hacking groups affiliated with China's Ministry of State Security (MSS). Recently these hackers, who are apparently working for a Chinese intelligence agency, have spied on parts of the US government and commercial organisations by exploiting common IT vulnerabilities, the FBI and CISA has said.

The attackers have been using phishing emails with malicious links to infiltrate victim organisations and they have been doing it by including malicious software in those messages. 

Hackers exploit software flaws in commercial technologies and open-source tools, including services with known fixes says the FBI and CISA. ‘CISA has consistently observed Chinese MSS-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target US Government agencies. CISA has observed these, and other threat actors with varying degrees of skill, routinely using open-source information to plan and execute cyber operations,’ says the CISA.

Recently hackers working for the group known as Advanced Persistent Threat 41 (ATP41) compromised a major private provider of social care services in the UK and in the process disrupted its systems, a cyber security expert with knowledge of China’s actions says. 

Now the US government has filed charges against Chinese nationals with known connections to the notorious hacking group known as APT41. Five Chinese nationals will face charges relating to hacking more than 100 international companies on behalf of the Chinese government. 

These are state-sponsored actors working on behalf of the Chinese government and its security services have tried to “profit from the crisis” and steal information that could be beneficial to the country, a senior Western security source says.

Suspected Chinese hackers frequently conduct economic espionage against government and private sector entities in the US in order to steal intellectual property and bolster China’s technology and defense sectors. In some instances, the Chinese hackers have tried to use and manipulate a Microsoft tool, known as Remote Desktop Protocol, in the federal government, CISA and the FBI.

CISA warned U.S. government agencies and private sector alike to patch these and other known vulnerabilities.

Despite being publicly criticised for alleged hacking, by governments, law enforcement and private security firms, China has consistently denied the claims made against it. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.

It is now estimated that range for China's hacking personnel is between 50,000 to 100,000 individuals. CISA officials recommend that security teams in private companies and private sector and government agencies read its report, take notice of the common tactics, techniques, and procedures (TTPs) used by Chinese state actors, patch devices and deploy detection rules accordingly.

US-CERT:        Dept. of Justice:     Cyberwire:       Foreign Policy:     Wired:    CyberScoop:       ZDNet

You Might Also Read:
 

Has China Become The Greatest Cyber Power?:

 

« Artificial Intelligence Is The Future Of Security
BT Dumps Huawei For Nokia 5G »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

FaceFirst

FaceFirst

FaceFirst provide face recognition technology solutions to detect and deter real time threats,

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

White & Black

White & Black

White & Black are specialist corporate & technology lawyers based in London & Oxford.

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

Finnish Security & Intelligence Service (SUPO)

Finnish Security & Intelligence Service (SUPO)

The Finnish Security and Intelligence Service is a government agency tasked with combating serious threats to national security in Finland.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.