Security News

China's Cyberspace Administration has claimed that "Since late February" it has observed continuous attacks on the Chinese internet and local computers by actors who used the resources they co-opted to target Russia, Belarus, and Ukraine. The allegation, the title of which translates as "My country's internet suffers from overseas cyber attacks," was posted last Friday and include a list of IP addresses that the Administration claims as the source or target of the attacks.

The findings of the report take into account security events occurring across more than 120,000 user accounts during the period of January 1st to December 31st, 2021 and shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are originating from the countries of Russia and China. Over the last several weeks, there has been a sharp rise in activity from countries with consistently high levels of both attempted and successful attacks originating within their borders - Russia and China.

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant. Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used by agriculture officials to track the health and density of the nation's livestock, as well as the Log4j flaw, to break into American local government systems.

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant. Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used for tracking the health and density of the nation's livestock, as well as the Log4j flaw, to break into American public-sector systems.

Google says Russian, Belarusian, and Chinese threat actors targeted Ukrainian and European government and military organizations, as well as individuals, in sweeping phishing campaigns and DDoS attacks. The Computer Emergency Response Team of Ukraine and Facebook previously warned of other phishing campaigns against Ukrainian officials and military personnel, also attributed Ghostwriter hackers.

China is this week staging its annual "Two Sessions" meetings, which see its pair of top decision-making bodies meet to set the agenda for the coming year. That's very specific language that China's president Xi Jinping uses to indicate the point at which China is again a pre-eminent player in world affairs.

The United States' Cybersecurity and Infrastructure Security Agency, working with security vendor Symantec, has found an extremely sophisticated network attack tool that can invisibly create backdoors, has been plausibly linked to Chinese actors, and may have been in use since 2013. Symantec's threat hunting team has named the malware "Daxin" and described it as "a stealthy backdoor designed for attacks on hardened networks".

A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a variety of communications and information-gathering operations aimed at entities in the telecom, transportation, and manufacturing sectors that are of strategic interest to China.

State-sponsored attackers from China conducted a two-month campaign against Taiwanese financial services firms, according to CyCraft, a security consultancy from the island nation. CyCraft's analysis of the incident alleges that the attack run started in November 2021, when the malicious actors - named as Chinese gang APT10 - used supply chain attacks to target software used by Taiwanese financial institutions.

Taiwan's Parliament, the Executive Yuan, yesterday revealed draft amendments to national security laws aimed at deterring and punishing Chinese economic espionage efforts directed at stealing tech industry secrets. Premier Su Tseng-chang said Taiwanese authorities have observed Chinese interests infiltrating local operations and "Utilizing various methods to lure high-tech talent from Taiwan and steal Taiwanese core technologies."