Security News

The director of UK intelligence agency Government Communications Headquarters, Sir Jeremy Fleming, has warned that China is trying to introduce "Undemocratic values as the default for vast swathes of future tech and the standards that govern it." China believes Russia will support its digital markets and technology plans.

A China-based threat group is likely running a month-long campaign using a variant of the Korplug malware and targeting European diplomats, internet service providers and research institutions via phishing lures that refer to Russia's invasion of Ukraine and COVID-19 travel restrictions. The ongoing campaign was first seen in August 2021 and is being tied to Mustang Panda - a Chinese APT unit also known as TA416, RedDelta and PKPLUG - due to similar code and common tactics, techniques and procedures used by the group in the past, according to researchers with the cybersecurity firm ESET. Mustang Panda is known for targeting governmental entities and non-governmental organizations, with most of its victims being in East and Southeast Asia.

The United Stations Federal Communications Commission has labelled Kaspersky, China Mobile, and China Telecom as threats to national security. Kaspersky is the first non-Chinese company to be added to the FCC's list, but the agency did not tie its decision to Russia's illegal invasion of Ukraine.

China's internet regulator, the Cyberspace Administration of China, has taken unusually strong action against a social network that has long been considered a thorn in the side of the nation's elites. In the years since its 2005 founding, the site has become known for attracting users who express opinions that China's government may well find displeasing.

China claims it has obtained a sample of malware used by the NSA to steal files, monitor and redirect network traffic, and remotely control computers to spy on foreign targets. The NSA apparently used NOPEN to take over "a large number" of computers around the world, and the theft of data from this equipment has caused "Inestimable losses," the tabloid reported.

China's Cyberspace Administration has claimed that "Since late February" it has observed continuous attacks on the Chinese internet and local computers by actors who used the resources they co-opted to target Russia, Belarus, and Ukraine. The allegation, the title of which translates as "My country's internet suffers from overseas cyber attacks," was posted last Friday and include a list of IP addresses that the Administration claims as the source or target of the attacks.

The findings of the report take into account security events occurring across more than 120,000 user accounts during the period of January 1st to December 31st, 2021 and shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are originating from the countries of Russia and China. Over the last several weeks, there has been a sharp rise in activity from countries with consistently high levels of both attempted and successful attacks originating within their borders - Russia and China.

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant. Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used by agriculture officials to track the health and density of the nation's livestock, as well as the Log4j flaw, to break into American local government systems.

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant. Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used for tracking the health and density of the nation's livestock, as well as the Log4j flaw, to break into American public-sector systems.

Google says Russian, Belarusian, and Chinese threat actors targeted Ukrainian and European government and military organizations, as well as individuals, in sweeping phishing campaigns and DDoS attacks. The Computer Emergency Response Team of Ukraine and Facebook previously warned of other phishing campaigns against Ukrainian officials and military personnel, also attributed Ghostwriter hackers.