Chinese Hackers Spying On US Government Agencies

Uploaded on 2020-09-29 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a security advisory warning of a wave of attacks carried out by hacking groups affiliated with China's Ministry of State Security (MSS). Recently these hackers, who are apparently working for a Chinese intelligence agency, have spied on parts of the US government and commercial organisations by exploiting common IT vulnerabilities, the FBI and CISA has said.

The attackers have been using phishing emails with malicious links to infiltrate victim organisations and they have been doing it by including malicious software in those messages. 

Hackers exploit software flaws in commercial technologies and open-source tools, including services with known fixes says the FBI and CISA. ‘CISA has consistently observed Chinese MSS-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target US Government agencies. CISA has observed these, and other threat actors with varying degrees of skill, routinely using open-source information to plan and execute cyber operations,’ says the CISA.

Recently hackers working for the group known as Advanced Persistent Threat 41 (ATP41) compromised a major private provider of social care services in the UK and in the process disrupted its systems, a cyber security expert with knowledge of China’s actions says. 

Now the US government has filed charges against Chinese nationals with known connections to the notorious hacking group known as APT41. Five Chinese nationals will face charges relating to hacking more than 100 international companies on behalf of the Chinese government. 

These are state-sponsored actors working on behalf of the Chinese government and its security services have tried to “profit from the crisis” and steal information that could be beneficial to the country, a senior Western security source says.

Suspected Chinese hackers frequently conduct economic espionage against government and private sector entities in the US in order to steal intellectual property and bolster China’s technology and defense sectors. In some instances, the Chinese hackers have tried to use and manipulate a Microsoft tool, known as Remote Desktop Protocol, in the federal government, CISA and the FBI.

CISA warned U.S. government agencies and private sector alike to patch these and other known vulnerabilities.

Despite being publicly criticised for alleged hacking, by governments, law enforcement and private security firms, China has consistently denied the claims made against it. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.

It is now estimated that range for China's hacking personnel is between 50,000 to 100,000 individuals. CISA officials recommend that security teams in private companies and private sector and government agencies read its report, take notice of the common tactics, techniques, and procedures (TTPs) used by Chinese state actors, patch devices and deploy detection rules accordingly.

US-CERT:        Dept. of Justice:     Cyberwire:       Foreign Policy:     Wired:    CyberScoop:       ZDNet

You Might Also Read:
 

Has China Become The Greatest Cyber Power?:

 

« Artificial Intelligence Is The Future Of Security
BT Dumps Huawei For Nokia 5G »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TrustedSec

TrustedSec

TrustedSec is an information security consulting services, providing tailored solutions and services for small, mid, and large businesses.

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

Pradeo

Pradeo

Pradeo Security offers a complete, automatic and seamless protection to mobile devices and applications, aligned with your organization security policy while preserving business agility.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Iterasec

Iterasec

Iterasec provides a full range of security services to hacker-proof your products and make software engineering process secure by design.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.