Taiwan Investigation Bureau’s Cyber Security Investigation Officer Liu Chia-zung Wrote:Over the course of two years, Chinese hackers have infiltrated a variety of Taiwanese government offices in an effort to steal sensitive documents

CyberScoop Wrote:The Taiwanese semiconductor industry, a centerpiece of the global supply chain for smartphones, has also come under sustained assault from hackers that appear to be based in China, private researchers said earlier this month.

Reuters Wrote:The indictment said the Chinese hackers “conducted reconnaissance” against the computer network of a Massachusetts biotech firm known to be working on a coronavirus vaccine in January.
Moderna, which is based in Massachusetts and announced its COVID-19 vaccine candidate in January, confirmed to Reuters that the company had been in contact with the FBI and was made aware of the suspected “information reconnaissance activities” by the hacking group mentioned in last week’s indictment.
The July 7 indictment alleges that the two Chinese hackers, identified as Li Xiaoyu and Dong Jiazhi, conducted a decade-long hacking spree that most recently included the targeting of COVID-19 medical research groups.

Reuters Wrote:The court filing describes the California firm as working on antiviral drug research and suggested the Maryland company had publicly announced efforts to develop a vaccine in January. Two companies that could match those descriptions: Gilead Sciences Inc and Novavax Inc.

AP News Wrote:The Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and abroad, including social media and video game companies as well as universities and telecommunications providers, officials said Wednesday.

The five defendants remain fugitives, but prosecutors say two Malaysian businessmen charged with conspiring with the alleged hackers to profit off the attacks on the billion-dollar video game industry were arrested in Malaysia this week and now face extradition proceedings.

In unsealing three related indictments, officials laid out a wide-ranging hacking scheme targeting a variety of business sectors and academia and carried out by a China-based group known as APT41. That group has been tracked over the last year by the cybersecurity firm Mandiant Threat Intelligence, which described the hackers as prolific and successful at blending criminal and espionage operations.
The hackers relied on a series of tactics, including attacks in which they managed to compromise the networks of software providers, modify the code and conduct further attacks on the companies’ customers.

The Justice Department did not directly link the hackers to the Chinese government. But officials said the hackers were probably serving as proxies for Beijing because some of the targets, including pro-democracy activists and students at a Taiwan university, were in line with government interests and didn’t appear to be about scoring a profit.

CyberScoop Wrote:The hacking group — labeled Gadolinium by Microsoft and also known as APT40 — was hosting apps on the Azure Active Directory and using open source tools “to enhance weaponization of their malware payload, attempt to gain command and control all the way to the server, and to obfuscate detection,” the researchers said in a report published Thursday.

APT40 has been linked to China’s government, and recent targets have reportedly included organizations in Taiwan and Malaysia. The typical goal is data exfiltration for espionage, according to researchers at FireEye, Kaspersky and other security companies. Microsoft’s report does not mention China by name, but notes that the hacking group has previously focused on the maritime and health industries.

“Because cloud services frequently offer a free trial or one-time payment (PayGo) account offerings, malicious actors have found ways to take advantage of these legitimate business offerings,” according to researchers Ben Koehl and Joe Hannon. “By establishing free or PayGo accounts, they can use cloud-based technology to create a malicious infrastructure that can be established quickly then taken down before detection or given up at little cost.”

CyberScoop Wrote:Hackers defrauded Facebook users out of more than $4 million in a scheme that security staffers have connected to a cybercrime network in China.
The alleged China-based scammers, who first surfaced in 2016, have also abused the Twitter and Amazon platforms. They have repeatedly updated their code, explored new hacking tools and used geolocation to try to make their Facebook logins appear legitimate.

CyberScoop Wrote:Attackers breached hundreds of thousands of Facebook accounts, scouring for users with payment methods attached to their profile, such as PayPal. The attackers would disable users’ notifications, and abuse their access to the victim account to place advertisements for diet pills and counterfeit products.

CyberScoop Wrote:The crucial computing code that manages that booting process, known as UEFI firmware, represents a valuable target for hackers, though also one that remains difficult to infiltrate.
Researchers from security company Kaspersky on Monday revealed what they described as the second case of malicious UEFI firmware found in use in the wild. Security specialists found UEFI implants that appeared to be part of a larger hacking operation carried out by Chinese-speaking operatives against diplomatic organizations and non-governmental organizations in Africa, Asia and Europe.

CyberScoop Wrote:The Justice Department on Sept. 16 unsealed an indictment against five Chinese men and two Malaysian nationals for their alleged role in a years-long spying scheme that infected software including Asus, CCleaner and Netsarang with malware.
Some suspects working as part of the larger operation functioned as part of Chengdu 404, which marketed itself as a penetration testing company with a “patriotic spirit.”

CyberScoop Wrote:Intelligence analysts contend the Chinese government began outsourcing cyber-espionage work to nondescript companies after a 2014 agreement in which the U.S. and China agreed to not sponsor any malicious cyber activity for economic gain.
“The APT landscape in China is run in a ‘whole country’ approach, leveraging skills from universities, individual, and private and public sectors,” researcher Timo Steffens said. “So some of the smaller companies might just be a way for individual hackers to band together and be eligible for government contracts.”

BBC Wrote:There is "clear evidence of collusion" between Huawei and the "Chinese Communist Party apparatus", a parliamentary inquiry has concluded.
And the MPs say the government may need to bring forward a deadline set for the Chinese firm's 5G kit to be removed from the UK's mobile networks.
The House of Commons defence committee based its findings on the testimony of academics, cyber-security experts and telecom industry insiders, among others. These included executives from Huawei itself, as well as some long-term critics of the company.
Its report cites a venture capitalist who claimed the Chinese government "had financed the growth of Huawei with some $75bn [£57bn] over the past three years", which he said had allowed it to sell its hardware at a "ridiculously low price point".
And it highlights a claim made by a researcher who specialises in corporate irregularities within China, who alleged that Huawei had "engaged in a variety of intelligence, security, and intellectual property activities" despite its repeated denials.

BBC Wrote:But the committee says ministers should consider bringing the latter deadline forward to 2025 if relations with China deteriorate or pressure from the US and other allies makes it necessary.

BBC Wrote:They also back proposals to form a D10 group of democracies to provide alternatives to Chinese technology.

CyberScoop Wrote:Malicious software used in the campaign, which the departments of Defense and Homeland Security have dubbed “SlothfulMedia,” is linked with “high confidence” to the Chinese government, according to one U.S. government official. Another U.S. government source said the hackers are suspected of having ties to Beijing, while a third government official described the group as operating a concerted hacking campaign based in China.
A Pentagon spokesperson told CyberScoop the hacking effort is ongoing, and that it has targeted entities in Russia, Ukraine, India, Kazakhstan, Kyrgyzstan and Malaysia.

CyberScoop Wrote:The Oct. 1 disclosure coincided with a period of celebration in China known as the Moon Festival.
The Pentagon also published a graphic, which includes a moon, as part of its public release on the espionage effort.

CyberScoop Wrote:The hackers are specifically going after 25 known vulnerabilities that primarily affect products used for remote access or for external web services, which the NSA lays out in detail in the advisory. Vulnerabilities the Chinese hackers are exploiting include those of Pulse Secure VPNs, which could allow attackers to steal victim passwords, as well as F5 Networks’ Big-IP Traffic Management User Interface, Windows Domain Name System servers, a series of flaws in Citrix ADC and Gateway devices, and several others.
System administrators in the defense industrial base should immediately patch the vulnerabilities the Chinese hackers are exploiting, the NSA warned.

CyberScoop Wrote:A Chinese government-linked hacking group whose operatives have been indicted by the U.S. and sanctioned by the European Union is suspected in a year-long effort to steal sensitive data from numerous Japanese companies and their subsidiaries, security researchers said Tuesday.
The attackers, known as APT10 or Cicada, have been burrowing into the networks of companies in the automotive, pharmaceutical and engineering sectors, according to researchers from antivirus provider Symantec. They have sometimes lingered for months before trying to extract data and have targeted domain controllers, the servers that act as gatekeepers for organizations’ network traffic.
APT10, which U.S. officials have alleged operates on behalf of China’s civilian intelligence service, has for over a decade been a key prong in alleged Chinese espionage activity. The group has a well-documented history of targeting Japanese companies, including an alleged attempt to infiltrate Japanese media organizations in 2018.