Chinese Hackers

[kyonides]

Senator Marco Rubio Issues Warning on Chinese Cyberattack Targeting Critical Infrastructure

Sen. Marco Rubio (R-Fla.) warned on social media that the outage that affected AT&T on Feb. 22 could be significantly smaller than what a Chinese cyberattack could do.

For much of the morning on Feb. 22, tens of thousands of people on Downdetector and elsewhere complained their AT&T or Cricket service was out, while AT&T, which owns Cricket, confirmed the outage. By the afternoon, the company stated that about 75 percent of its service was restored.

The outage drew a response from Mr. Rubio, vice chairman of the Senate Intelligence Committee, who said that while he doesn’t know what caused the outage, he does know that “it will be 100 times worse when China launches a cyber attack on America on the eve of a Taiwan invasion.”

“And it won’t be just cell service they hit, it will be your power, your water, and your bank,” he said.

A number of federal officials over the years have increasingly issued warnings about the Chinese Communist Party’s (CCP’s) abilities to carry out cyberattacks targeting American infrastructure. According to a recent statement from FBI Director Christopher Wray, the CCP is currently carrying out cyberattacks against the United States and its allies.

“You might find your companies harassed and hacked, targeted by a web of corporate CCP proxies,” he said earlier this month in Germany.

CCP hackers and proxies may be “lurking in your power stations, your phone companies and other infrastructure, poised to take them down when they decide you stepped too far out of line, and that hurting your civilian population suits the CCP,” he said, according to an FBI transcript.

“China-sponsored hackers pre-positioned for potential cyberattacks against U.S. oil and natural gas companies way back in 2011, but these days, it’s reached something closer to a fever pitch,” he said. “What we’re seeing now is China’s increasing build-out of offensive weapons within our critical infrastructure, poised to attack whenever Beijing decides the time is right.”

Amid the AT&T outage, Florida Gov. Ron DeSantis commented that U.S. infrastructure is vulnerable.

“Imagine if we had an EMP [electromagnetic pulse] attack. What would end up happening to this country?” he asked. “You’re so naturally reliant on having cell service. It’s a little bit jarring to think about.

“If you’re in the car, you need to figure out where you’re going to go. All this other stuff. So it’s a little bit jarring to think about the implications of something like that [if that] happened on a much grander scale.”

Leaked Documents Expose China’s Hacking Capabilities, Targets

A massive cache of leaked documents from a Chinese hacking contractor further underscores the global cybersecurity threats posed by China’s communist regime, experts say.

The documents, which were posted on GitHub by unknown individuals on Feb. 16, include product manuals, marketing materials, employee lists, chat records, financial information, and details about foreign infiltration.

The Associated Press confirmed in a Feb. 21 report that the documents originated from China-based cybersecurity vendor I-Soon, known as Anxun in Mandarin, after speaking to two of the company’s employees.

Based on the documents, I-Soon boasts a product line that includes offensive cyber tools and spyware systems. Also included in the documents is a list of contracts that the company signed from July 2016 to June 2022, showing that most of its clients are China’s regional security bureaus. The revelation adds to what is known from the company’s website, which touts the CCP’s Ministry of Public Security as one of its partners.
“The I-Soon incident should once again remind everyone that network security is national security. There is a war without gunpowder, and it is happening in cyberspace,” tech expert Chiang Ya-chi told The Epoch Times on Feb. 21.

Ms. Chiang is the president of the Taiwan Law and Technology Association and a professor who specializes in internet technology and intellectual property law at National Taiwan Ocean University.

The leaked documents show that I-Soon is funded by the Chinese Communist Party (CCP), Ms. Chiang said, noting that Bejing uses tools developed by firms such as I-Soon to infiltrate foreign governments and entities.

A victim list is included in the leaked documents, showing that I-Soon has targeted telecommunications companies, hospitals, universities, organizations, and government entities from many countries. These nations include France, Egypt, India, Indonesia, Kazakhstan, Malaysia, Mongolia, Nepal, South Korea, Taiwan, Thailand, the Philippines, and Vietnam.

One document reveals that I-Soon charged more money for hacking into Vietnam’s Ministry of Economy than for hacking into two other Vietnamese government ministries.

Since the online dump last week, many researchers and experts have published their analysis of the documents written in simplified Chinese.

Malwarebytes, a California company that provides real-time cyber protection, published an analysis of the leaked data on Feb. 21, saying the documents “provide an inside look in the operations that go on in a leading spyware vendor and APT-for-hire.” APT refers to advanced persistent threat.

The analysis highlights some of the I-Soon products revealed by the documents, including what it calls a “Twitter stealer.”

“Features [of the Twitter stealer] include obtaining the user’s Twitter email and phone number, real-time monitoring, reading personal messages, and publishing tweets on the user’s behalf,” the analysis reads.

In one document page, I-Soon boasts that it had studied Twitter’s safety mechanism for years; thus, its product can allegedly bypass security features to target a Twitter user’s account.

The leaked documents also reveal the cost of the “Twitter stealer” product. A one-year usage of the product costs 700,000 yuan (about $97,000), and a three-year usage costs 1.5 million yuan (about $208,000).

The Malwarebytes analysis shows the following product description: “Custom Remote Access Trojans (RATs) for Windows x64/x86: Features include process/service/registry management, remote shell, keylogging, file access logging, obtaining system information, disconnecting remotely, and uninstallation.”

There are iOS and Android versions of the RATs. The iOS model claims to support all iOS device versions without jailbreaking, with features ranging from hardware information to GPS data, contacts, media files, and real-time audio records as an extension, according to the analysis.

I-Soon also has portable devices for “attacking networks from the inside,” it states.

According to the leaked documents, the portable devices come in two different sizes—a standard version that can be disguised as a cellphone battery, power strip, or power adapter and a mini version that can be disguised as a printed circuit board.

The user lookup databases, which include users’ phone numbers, names, and email addresses, can be correlated with social media accounts, according to the Malwarebytes analysis.

The CCP can potentially use the user lookup databases to track and locate dissidents in China. According to the leaked documents, databases have been built for different Chinese platforms, including Weibo, Baidu, and WeChat.

Later on, the article also mentions a dangerous and mind-breaking reality...

Last year, Mr. Wray warned that Chinese hackers outnumber U.S. cyber specialists by at least 50 to one.

Some researchers have suggested that I-Soon could have ties to APT41, a Chinese state-sponsored hacking group, based on their analysis of the leaked documents.

In 2020, five Chinese nationals from APT41 were indicted on charges relating to hacking campaigns to steal trade secrets and sensitive information from more than 100 companies and entities worldwide. The five individuals are currently on the FBI’s wanted list.

Cybersecurity firm Mandiant stated in a 2022 report that APT41 had exploited vulnerabilities in the online systems of at least six U.S. state governments to gain access to those networks.