Chinese Hackers

[kyonides]

In this edition Canada became the latest target of those evil hackers!

Chinese Hackers Likely Got MPs’ Personal Emails From Volunteer Tortured in China, Committee Told

A Hong Kong pro-democracy activist reportedly tortured in China may have been the source through which China-backed hackers accessed personal emails of Canadian parliamentarians, a global legislative coalition director told a House of Commons committee.

Luke de Pulford, executive director of the global coalition Inter-Parliamentary Alliance on China (IPAC), made the comment on Sept. 26 in response to a question from Conservative MP Garnett Genuis during his testimony before the Standing Committee on Procedure and House Affairs.

The committee is investigating a 2021 cyberattack by the Chinese hacker group Advanced Persistent Threat Group 31 (APT31) that targeted legislative members of IPAC, including 18 Canadian parliamentarians. Genuis, who serves as the Canadian chair at IPAC, asked about how the hackers obtained his personal email and the IPAC email distribution list.

“I do not know how they obtained that, but I do have one possible theory: unfortunately, someone who used to volunteer for us, a man named Andy Li, was arrested in China under the National Security Law and imprisoned in Hong Kong. He awaits sentencing for National Security Law crimes, some of which are associated with IPAC,” de Pulford said in response.

“We know that they [Chinese authorities] breached his system, and they may have got our distribution list from him,” he added. “Very disturbingly, when he was apprehended, he was taken to Shenzhen prison in China and reportedly tortured.”

Li, a computer programmer, played a key role in a crowdfunding campaign to rally support for the 2019 pro-democracy protests in Hong Kong. He gained international attention after being one of 12 Hongkongers who attempted to flee to Taiwan by speedboat in August 2020. The group was intercepted by Chinese authorities at sea and detained at Shenzhen city.

In March, Li appeared as a prosecution witness during the trial of Hong Kong media mogul Jimmy Lai, alleging that Lai financed advertising campaigns to support the 2019 pro-democracy protests in the city. However, the United Nations Special Rapporteur on Torture, Alice Jill Edwards, expressed deep concerns about Li’s testimony, arguing that it should not be admitted as evidence since it “may have been obtained as a result of torture or other unlawful treatment.”

Cyberattack

The APT31 targeted 120 legislators from 18 countries who are members of the IPAC, de Pulford told the committee. However, they became aware of the cyberattack only recently, following the unsealing of an indictment by the U.S. Department of Justice in March, which charged seven hackers associated with the group.

According to the indictment, the hackers sent “thousands of malicious tracking email messages” with embedded hyperlinks to their targets. Once the recipients opened the emails and clicked the links, the hackers could steal their information, such as the victims’ locations, IP addresses, network details, and specific devices used to access their email accounts. These emails were sent to more than 400 unique accounts associated with IPAC members, the indictment stated.

Genuis had previously told the House of Commons that, following the 2021 cyberattack, the FBI alerted IPAC about the attempt and notified allied governments. However, he said the bureau did not directly inform non-U.S. legislators due to “rules regarding sovereignty.” Genius and other affected Canadian MPs have criticized Canadian authorities for not informing targeted parliamentarians for nearly a year after receiving U.S. intelligence about the threat.

In an April 30 statement to The Epoch Times, Mathieu Gravel, spokesperson for the House of Commons Speaker’s Office, said the administration had “determined that the risk-mitigation measures in place had successfully prevented any attack,” adding, “There were no cybersecurity impacts to any Members or their communications.” Genuis disputed this claim, noting that his personal email was targeted.

During the Sept. 26 committee meeting, de Pulford expressed concerns about parliamentarians being kept uninformed about the cyberattack, noting that it would prevent them from protecting themselves and sensitive information, such as “high-risk transnational repression cases” that many of them handle.

“Telling parliamentarians that this attack was not successful or not serious is questionable at best and misleading at worst,” he said.

China-Backed Group Hacked Over 9,000 Devices in Canada as Part of Global Operation, FBI Says

Over 9,000 consumer devices in Canada have been compromised by a Beijing-backed hacker group that installed malicious software on hundreds of thousands home and office internet-connected devices worldwide, an assessment done by U.S. authorities has found.

The hacker group called “Flax Typhoon” has controlled and managed a large network of compromised devices—a botnet—that’s been active since mid-2021, says a Sept. 18 “Joint Cybersecurity Advisory“ issued by the FBI and two other U.S. national security agencies along with partner agencies in Canada, Australia, New Zealand, and the UK.

The devices, such as routers, digital video recorders, internet protocol cameras, and network-attached storage devices, are infected with a type of malware that allows the hackers to have unauthorized remote access and to carry out cyber crimes. Using the botnet as a proxy, they are able to conceal their identities during cyberattacks and other malicious activities.

“As of June 2024, the botnet consisted of over 260,000 devices. Victim devices which are part of the botnet have been observed in North America, South America, Europe, Africa, Southeast Asia and Australia,” the advisory stated.

The advisory said approximately 9,200 of those devices are based in Canada, accounting for just 3.5 percent of the total. The United States was hit hardest, with 126,000 affected devices, representing 47.9 percent of the total, far surpassing the next most impacted country, Vietnam, with 21,100 compromised devices.

The Epoch Times reached out to the Canadian Security Intelligence Service and Communications Security Establishment Canada for comment but did not hear back immediately.

The hackers of Flax Typhoon, backed by the People’s Republic of China (PRC), work for a Beijing-based publicly traded company called Integrity Technology Group that has several Chinese state-owned enterprises as key stakeholders.

The company has developed an online application that allows its customers to “log in and control specified infected victim devices,” according to court documents unsealed in the Western District of Pennsylvania, which detail the investigation of the botnet by an unnamed FBI special agent.

Botnets Disrupted

Citing the unsealed court documents, the U.S. Justice Department on Sept. 18 announced that a court-authorized law enforcement operation had disrupted the worldwide botnet.

The department said the Flax Typhoon hackers tried to interfere with the FBI-led international operation via a distributed denial-of-service attack, a cyberattack that floods a website or server with excessive traffic to make it function poorly or be knocked offline completely.

The attack targeted infrastructure the FBI was using to carry out the court’s orders but ultimately failed to stop the FBI from disrupting the botnet.

“The Justice Department is zeroing in on the Chinese government backed hacking groups that target the devices of innocent Americans and pose a serious threat to our national security,” U.S. Attorney General Merrick B. Garland said in a Sept. 18 press release.

“As we did earlier this year, the Justice Department has again destroyed a botnet used by PRC-backed hackers to infiltrate consumer devices here in the United States and around the world. We will continue to aggressively counter the threat that China’s state- sponsored hacking groups pose to the American people.”

In late January, U.S. authorities had announced an earlier court-authorized operation that disrupted another Chinese state-backed botnet run by a hacker group known as “Volt Typhoon,” which infected hundreds of U.S.-based routers in small offices and home offices.

FBI Director Christopher Wray condemned Beijing for “targeting American civilian critical infrastructure and pre-positioning to cause real-world harm to American citizens and communities in the event of conflict.”

“Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate. We are going to continue to work with our partners to hit the PRC hard and early whenever we see them threaten Americans,” he said in the Jan. 31 press release.

Chinese cyberattacks against Canada are a key focus of ongoing investigations by a parliamentary committee as well as the current public inquiry into foreign interference. These investigations are examining a 2021 incident involving another Chinese hacker group, known as Advanced Persistent Threat Group 31 (APT31), which targeted members of an international legislative coalition including 18 Canadian parliamentarians.

Luke de Pulford, executive director of the global coalition Inter-Parliamentary Alliance on China (IPAC), testified before the House of Commons Standing Committee on Procedure and House Affairs on the matter on Sept. 26.

He told the committee of the possibility that APT31 hackers obtained the IPAC email distribution list through IPAC volunteer Andy Li. Li, a computer programmer, played a key role in a crowdfunding campaign to rally support for the 2019 pro-democracy movement in Hong Kong. He was later arrested while attempting to flee to Taiwan by speedboat, and reportedly faced torture while imprisoned in China.