Chinese Hackers Spying On US Government Agencies

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a security advisory warning of a wave of attacks carried out by hacking groups affiliated with China's Ministry of State Security (MSS). Recently these hackers, who are apparently working for a Chinese intelligence agency, have spied on parts of the US government and commercial organisations by exploiting common IT vulnerabilities, the FBI and CISA has said.

The attackers have been using phishing emails with malicious links to infiltrate victim organisations and they have been doing it by including malicious software in those messages. 

Hackers exploit software flaws in commercial technologies and open-source tools, including services with known fixes says the FBI and CISA. ‘CISA has consistently observed Chinese MSS-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target US Government agencies. CISA has observed these, and other threat actors with varying degrees of skill, routinely using open-source information to plan and execute cyber operations,’ says the CISA.

Recently hackers working for the group known as Advanced Persistent Threat 41 (ATP41) compromised a major private provider of social care services in the UK and in the process disrupted its systems, a cyber security expert with knowledge of China’s actions says. 

Now the US government has filed charges against Chinese nationals with known connections to the notorious hacking group known as APT41. Five Chinese nationals will face charges relating to hacking more than 100 international companies on behalf of the Chinese government. 

These are state-sponsored actors working on behalf of the Chinese government and its security services have tried to “profit from the crisis” and steal information that could be beneficial to the country, a senior Western security source says.

Suspected Chinese hackers frequently conduct economic espionage against government and private sector entities in the US in order to steal intellectual property and bolster China’s technology and defense sectors. In some instances, the Chinese hackers have tried to use and manipulate a Microsoft tool, known as Remote Desktop Protocol, in the federal government, CISA and the FBI.

CISA warned U.S. government agencies and private sector alike to patch these and other known vulnerabilities.

Despite being publicly criticised for alleged hacking, by governments, law enforcement and private security firms, China has consistently denied the claims made against it. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.

It is now estimated that range for China's hacking personnel is between 50,000 to 100,000 individuals. CISA officials recommend that security teams in private companies and private sector and government agencies read its report, take notice of the common tactics, techniques, and procedures (TTPs) used by Chinese state actors, patch devices and deploy detection rules accordingly.

US-CERT:        Dept. of Justice:     Cyberwire:       Foreign Policy:     Wired:    CyberScoop:       ZDNet

You Might Also Read:
 

Has China Become The Greatest Cyber Power?:

 

« Artificial Intelligence Is The Future Of Security
BT Dumps Huawei For Nokia 5G »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cast Software

Cast Software

CAST is a pioneer in Software Analysis and Measurement (SAM) to capture and quantify the reliability and security of business applications.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

BlueKrypt

BlueKrypt

BlueKrypt is a consulting firm for the security of IT systems and their management.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

IXDen

IXDen

IXDen provides a novel software-based approach to OT systems protection, covering Industrial IoT cybersecurity and sensor data integrity.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

Liberty Mutual

Liberty Mutual

Liberty Specialty Markets offers specialty and commercial insurance and reinsurance products, including Cyber, across the USA, Europe, Middle East and other international locations.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

Swissbit

Swissbit

Swissbit AG is the leading European manufacturer of storage, security and embedded IoT solutions for demanding applications.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.

Token

Token

Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication.

Q-Bird

Q-Bird

Q*Bird's mission is to provide equipment for the current, and future European quantum internet.