Chinese Hackers

[kyonides]

The following article talks about what happened about 2 weeks ago.

Chinese Hackers Hit Russia in Cyberattack

Dozens of systems used by government bodies and IT companies in Russia have reportedly become the targets of Chinese hackers.

Moscow-based cybersecurity provider Kaspersky Lab, revealed that the backdoor malware used to gain access to the systems was "GrewApacha," a Trojan used since at least 2021 by the Chinese cyber-espionage group known as APT31 (Advanced Peristent Threat 31).

APT31 is believed to have ties to China's civilian spy agency, the Ministry of State Security (MSS). Earlier this year, the United States Justice department indicted several Chinese nationals and one company for allegedly carrying out APT31 operations.

"During these attacks, attackers infected devices using phishing emails with attachments containing malicious shortcut files," read an August 8 report by Kaspersky Lab-managed website SecureList. Kaspersky has dubbed the Russia-centered hacking campaign "EastWind."

Clicking on these files prompts the installation of the malware, which receives commands from the Dropbox cloud storage.

"With the help of this software, the attackers downloaded additional Trojans to the infected computers, in particular, tools used by the APT31 cybergroup, as well as the updated CloudSorcerer backdoor," the report said.

A Trojan is a type of malware disguised as legitimate software to trick users into installing it. Once installed, Trojans can perform malicious actions on the infected system, such as spying on users, stealing data and providing cybercriminals with unauthorized access.

The SecureList report said the method observed in the recent cyberattacks was similar to the one previously used to target a U.S. organization.

A SecureList report released last month called the updated CloudSorcerer malware "a sophisticated toolset targeting Russian government entities."

Its "ability to dynamically adapt its behavior based on the process it is running in, coupled with its use of complex inter-process communication through Windows pipes, further highlights its sophistication."

The Russian and Chinese foreign ministries didn't immediately respond to a written request for comment.

Last year, the intelligence chiefs of the Five Eyes intelligence alliance—the U.S., the U.K., Canada, Australia and New Zealand—warned of the threat posed by China's use of cutting-edge technology to carry out hacking and intellectual property theft on a large scale.

An anonymous source earlier this year leaked evidence of a massive surveillance campaign by I-Soon, an MSS-affiliated Chinese contractor, whose targets ranged from foreign governments, politicians and think tanks to private Chinese citizens.

The Chinese foreign ministry responded to the leak by saying it "firmly opposes and cracks down on all forms of cyber attack in accordance with the law."

But this one is very recent!

China seen using 'white hat' hackers to boost cyberattack capability

China is increasingly suspected of involving "white hat" hackers--who typically identify cybersecurity weaknesses--in cyberattacks. This development is believed to be boosting China's offensive capabilities by utilising its top private hackers, according to a report by Nikkei Asia. The investigation conducted by Nikkei Asia and other organisations, reveals that since the introduction of mandatory vulnerability reporting to the Chinese government in 2021, the number of attacks with suspected Chinese involvement has witnessed a sharp rise.

White hats, who work for security companies or as freelancers, are responsible for bug hunting. They identify vulnerabilities, report them to developers, and receive compensation. Nikkei Asia further reported that developers issue patches and request users to install them to enhance security. In September 2021, concerns emerged in Europe and the US about the exploitation of vulnerabilities before patches could be deployed.

Later that year, Chinese media reported that the Ministry of Information and Technology had suspended Alibaba Group Holding's cloud computing operations from participating in a cybersecurity partnership for six months due to a failure to report issues. In collaboration with cybersecurity firm Trend Micro, Nikkei Asia collected data on 222 software vulnerabilities identified by the US government and others as being exploited by hacker groups believed to be linked to the Chinese government. These groups are suspected of using these vulnerabilities to infiltrate networks.

Katsuyuki Okamoto, a cybersecurity expert at Trend Micro, told Nikkei Asia, "In the past, the main method of cyberattack was phishing, involving tricking victims into downloading malware via email. Now, vulnerability attacks are mainstream." A search on OTX (Open Threat Exchange), a collaborative platform developed by AlienVault (now part of AT&T Cybersecurity) for sharing and accessing threat intelligence, found a total of 1,047 attacks exploiting these vulnerabilities.

Chinese white hats, known for their bug-hunting skills, are highly regarded worldwide. In 2021, when the vulnerability reporting obligation was introduced, there were 16 reported cases. This number surged to 267 in 2022 and nearly doubled again to 502 in 2023. The current year is following a similar trend, with 242 cases reported in the first half.

Taiwan-based cybersecurity firm TeamT5, which examined the leaked files, reports that i-Soon has employed numerous self-identified white hat hackers. However, a significant portion of their work has been commissioned by Chinese state security.

Here's the original article but you'd need to subscribe to Nikkei website in order to read the full text.