Chinese Hackers

[kyonides]

'China-based' hack targets UK companies in 'critical national security threat', says analyst

A new wave of cyber attacks against British companies is a "critical national security threat", an analyst has told Sky News.

It follows the exposure of a previously unknown vulnerability in software used by hundreds of companies.

But unlike the recent attacks against M&S, Co-op and Harrods, the latest incident was not ransomware but rather remote code execution.

This is where hackers take control of devices and networks over the internet to run potentially malicious programmes or steal data and information.

The event - revealed by analyst Arda Buyukkaya at cybersecurity firm EclecticIQ - used a previously unknown backdoor in a piece of software called SAP Netweaver, with a patch since released.

Cody Barrow is the chief executive of EclecticIQ and previously worked at the Pentagon, the NSA and US Cyber Command.

He told Sky News: "Governments should treat this as a critical national security threat", adding that it is the kind of scenario that keeps people like him up at night.

Mr Barrow said the exploitation of networks is "extensive and ongoing", with more than 500 SAP customers affected and more potentially at risk. He urged users to update their software to the latest version.

Gas giant Cadent, publishers News UK, Euro Garages (EG) Group, Johnson Matthey and Ardagh Metal have been named as victims, with US and Saudi Arabian entities also targeted.

NHS England has posted a warning about the exploit on their website, although it is not clear if they are impacted.

The National Cyber Security Centre (NCSC), the UK government's authority on cyber threats and part of GCHQ, are monitoring the situation.

China poses biggest military, cyber threat to US, intel chiefs say

China remains the top military and cyber threat to the U.S., according to a report by U.S. intelligence agencies published on Tuesday that said Beijing was making "steady but uneven" progress on capabilities it could use to capture Taiwan.

China has the ability to hit the United States with conventional weapons; compromise U.S. infrastructure through cyber attacks; and target its assets in space, the Annual Threat Assessment by the intelligence community said, adding that Beijing also seeks to displace the United States as the top AI power by 2030.

Russia, along with Iran, North Korea and China, seeks to challenge the U.S. through deliberate campaigns to gain an advantage, with Moscow's war in Ukraineaffording a "wealth of lessons regarding combat against Western weapons and intelligence in a large-scale war," the report said.

Released ahead of testimony before the Senate Intelligence Committee by President Donald Trump's intelligence chiefs, the report said China's People's Liberation Army (PLA) most likely planned to use large language models to create fake news, imitate personas, and enable attack networks.

"China's military is fielding advanced capabilities, including hypersonic weapons, stealth aircraft, advanced submarines, stronger space and cyber warfare assets and a larger arsenal of nuclear weapons," Director of National Intelligence Tulsi Gabbard told the committee. She labeled Beijing as Washington's "most capable strategic competitor."

"China almost certainly has a multifaceted, national-level strategy designed to displace the United States as the world's most influential AI power by 2030," the report said.

CIA Director John Ratcliffe told the committee that China had made only "intermittent" efforts to curtail the flow of precursor chemicals fueling the U.S. fentanyl crisis because it was reluctant to crack down on lucrative Chinese businesses.

Trump has increased tariffs on all Chinese imports by 20% to punish Beijing for what Trump called its failure to halt shipments of fentanyl chemicals. China has denied playing a role in the crisis, the leading cause of U.S. drug overdose deaths. The issue has become a major point of friction between the Trump administration and Chinese officials.

"There is nothing to prevent China ... from cracking down on fentanyl precursors," Ratcliffe said.

The Chinese foreign ministry said it "advised the U.S. not to use its own hegemonic logic to mirror China, and not to use outdated Cold War thinking to view China-U.S. relations," when asked about the report on Wednesday.

The ministry urged Washington to stop "condoning and supporting Taiwan independence separatist activities," ministry spokesperson Guo Jiakun said.

The spokesperson for China's embassy in Washington, Liu Pengyu, said the United States has long "hyped up" the China threat as an excuse to maintain U.S. military hegemony.

"China is determined to be a force for peace, stability and progress in the world, and also determined to defend our national sovereignty, security and territorial integrity," Liu said, adding that "fentanyl abuse is a problem that the United States itself must confront and resolve."

China, Taiwan trade accusations over cyberattacks

Chinese public security authorities attributed a cyberattack on an unnamed technology company to the Taiwan government on Tuesday, prompting the latter to blame China for spreading disinformation over such breaches.

The "overseas hacker organisation" behind the attack was "supported by" Taiwan's Democratic Progressive Party (DPP), authorities in the capital of southern Guangdong province said in a statement, based on an initial police investigation.

The DPP is the ruling party in Taiwan.

Taiwan's National Security Bureau in turn accused the Communist Party of China (CPC), which it called "a source of global information security threat", of peddling false information about cyber breaches.

It said in a statement to Reuters that the CPC was "manipulating inaccurate information to confuse the outside world, so as to cover up the related cyber hacking acts" and shift the focus of attention.

China claims Taiwan as its territory even as the democratic and separately governed island rejects that claim.

Taiwan President Lai Ching-te, who last week marked one year in office, has said only Taiwan's people can decide their future.

Chinese state news agency Xinhua reported that a police investigation found the hacker organisation targeted network systems in more than 10 provinces in China in recent years, including military, energy, hydropower, transportation and government networks.

Xinhua, citing technical experts, said the attacks were of "low technical level", their method "simple and crude."

Taiwan's security authority said: "The CPC has long carried out cyber hacking and theft of funds from Taiwan, disseminated false information, and carried out cognitive warfare in an attempt to destroy Taiwan's critical infrastructure and create social division and antagonism."

Prague accuses China of hacking Czech foreign ministry

The Czech government on Wednesday condemned China for carrying out a cyberattack against its foreign ministry exposing thousands of unclassified emails.

Czechia said that the Chinese state-sponsored group Advanced Persistent Threat 31 (APT31) targeted the foreign ministry from 2022 — the year the country held the rotating EU presidency — and was able to read unclassified emails sent between embassies and EU institutions.

The Czech foreign minister, Jan Lipavský, said he would summon the Chinese ambassador immediately to explain the findings and tell him this would damage the countries' bilateral relations.

"With today’s move, we have exposed China, which has long been working to undermine our resilience and democracy,” Lipavský said. “Through cyberattacks, information manipulation, and propaganda, it interferes in our society — and we must defend ourselves against that.”

It is the first time the Czech government has attributed a national cyberattack to a state-backed actor.

An investigation conducted by the Security Information Service, Military Intelligence, Office for Foreign Relations and Information, and National Cyber and Information Security Agency (NUKIB) provided Czech authorities with a high degree of certainty about who was behind the targeting of the ministry.

APT31 is run by China’s ministry of state security from the city of Wuhan, according to the U.S. justice department.

The group has been accused of high-profile attacks in the past, including targeting the personal emails of campaign staff working for U.S. presidential candidate Joe Biden in 2020. In 2024, the U.K. and U.S. imposed sanctions on individuals tied to APT31.

The alleged Chinese hack sparked outrage in Brussels, among the EU's top brass and at NATO headquarters.

Chinese espionage on Dutch semiconductors “intensifying”

China is increasingly spying on Dutch semiconductors and other high-tech areas, Dutch Defence Minister Ruben Brekelmans said on Saturday.

Key takeaways:

China is increasing its spying activity on Dutch semiconductors
Dutch intelligence agency says that "the biggest cyber threat is coming from China"
"The semiconductor industry, which we are technologically leading, or technology advanced, of course, to get that intellectual property - that's interesting to China," Brekelmans told Reuters on Saturday at the Shangri-La Dialogue security forum in Singapore.

In April last year, the Dutch intelligence services released an annual report noting China’s increased activity in spying on the Dutch semiconductor, aerospace, and maritime industries.

Commenting on the threat, Brekelmans said: "It's continuing. In our newest intelligence reports, our intelligence agency said that the biggest cyber threat is coming from China, and that we do see most cyber activity when it comes to us being as from China. That was the case last year, but that's still the case. So we only see this intensifying."

He added that the Netherlands is focusing more on security as China is "using their economic position for geopolitical purposes and also to pressure us.”

Despite significant catch-up in its race for semiconductors, China is still lagging behind global leaders overall.

“Ten years ago, [Chinese semiconductor companies] were two generations behind. Five years ago, they were two generations behind, and now they’re still two generations behind,” G. Dan Hutcheson, vice chair of research firm TechInsights, said.

And yet, China is making impressive progress. In 2021–2022, 55% of global semiconductor patent applications were Chinese, more than double that of American patents.

Despite semiconductor design firms in China increasing nearly sixfold between 2010-2022, Chinese design firms still accounted for only 8% of global design revenue in 2022, with no Chinese firms among the top 25 global design firms.