-
Busted! China's Cyber Spies Caught Red-Handed in US Hacking Scandal
- 2024/12/26
- 再生時間: 3 分
- ポッドキャスト
-
サマリー
あらすじ・解説
This is your Cyber Sentinel: Beijing Watch podcast.
Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Let's dive right into the latest Chinese cyber activities that have been making waves in the US security scene.
Just a few days ago, on December 19, China's National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) accused the US government of launching cyberattacks against two Chinese tech companies to steal trade secrets. Now, this is quite a bold claim, especially given the US government's long-standing accusations against China for cyber espionage. According to CNCERT, one of these attacks dates back to August and involved exploiting a vulnerability in a document management system to infiltrate a software upgrade management server and install Trojans in over 270 hosts[1].
But let's not forget, the US has been sounding the alarm about Chinese cyber threats for a while now. Back in July, the FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, and several international agencies issued a joint advisory warning about the threat of a state-sponsored cyber group in China known as APT40, or Kryptonite Panda. This group has been exploiting newly public vulnerabilities in software like Microsoft Exchange, Log4J, and Atlassian Confluence, and has a high priority on obtaining user credentials to enable a range of activities[2].
And it seems APT40 has been busy. Researchers at Symantec uncovered a four-month-long cyberattack on a large US organization earlier this year, which they attributed to a suspected Chinese threat actor. The attackers moved laterally across the organization's network, compromising multiple computers and gathering intelligence by harvesting emails[4].
But what's even more concerning is the scale of these operations. A report from the FBI, Cyber National Mission Force, and National Security Agency revealed that People's Republic of China-linked cyber actors have compromised thousands of internet-connected devices, including routers and IoT devices, to create a botnet for malicious activities. This botnet, managed by an application called "Sparrow," has over 1.2 million records of compromised devices, including over 385,000 unique US victim devices[5].
So, what does this mean for US security? It means we need to be on high alert for these new attack methodologies, especially those targeting industries with significant unpatched internet-facing vulnerabilities. It also means we need to take attribution evidence seriously and work with international partners to respond to these threats. And most importantly, it means we need to implement recommended security measures, like patching those vulnerabilities and enhancing network defenses.
That's all for today's Cyber Sentinel: Beijing Watch. Stay vigilant, and we'll catch you in the next update.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Let's dive right into the latest Chinese cyber activities that have been making waves in the US security scene.
Just a few days ago, on December 19, China's National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) accused the US government of launching cyberattacks against two Chinese tech companies to steal trade secrets. Now, this is quite a bold claim, especially given the US government's long-standing accusations against China for cyber espionage. According to CNCERT, one of these attacks dates back to August and involved exploiting a vulnerability in a document management system to infiltrate a software upgrade management server and install Trojans in over 270 hosts[1].
But let's not forget, the US has been sounding the alarm about Chinese cyber threats for a while now. Back in July, the FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, and several international agencies issued a joint advisory warning about the threat of a state-sponsored cyber group in China known as APT40, or Kryptonite Panda. This group has been exploiting newly public vulnerabilities in software like Microsoft Exchange, Log4J, and Atlassian Confluence, and has a high priority on obtaining user credentials to enable a range of activities[2].
And it seems APT40 has been busy. Researchers at Symantec uncovered a four-month-long cyberattack on a large US organization earlier this year, which they attributed to a suspected Chinese threat actor. The attackers moved laterally across the organization's network, compromising multiple computers and gathering intelligence by harvesting emails[4].
But what's even more concerning is the scale of these operations. A report from the FBI, Cyber National Mission Force, and National Security Agency revealed that People's Republic of China-linked cyber actors have compromised thousands of internet-connected devices, including routers and IoT devices, to create a botnet for malicious activities. This botnet, managed by an application called "Sparrow," has over 1.2 million records of compromised devices, including over 385,000 unique US victim devices[5].
So, what does this mean for US security? It means we need to be on high alert for these new attack methodologies, especially those targeting industries with significant unpatched internet-facing vulnerabilities. It also means we need to take attribution evidence seriously and work with international partners to respond to these threats. And most importantly, it means we need to implement recommended security measures, like patching those vulnerabilities and enhancing network defenses.
That's all for today's Cyber Sentinel: Beijing Watch. Stay vigilant, and we'll catch you in the next update.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta