Security News
Speaker of the US House of Representatives Nancy Pelosi has tied her controversial visit to Taiwan to an alleged barrage of China-directed cyber-attacks against the territory. The column details many Chinese acts that Pelosi alleges Taiwan has had to defend - including some in cyberspace, where she accused China of "Launching scores of attacks on Taiwan government agencies each day."
Researchers have observed a new post-exploitation attack framework used in the wild, named Manjusaka, which can be deployed as an alternative to the widely abused Cobalt Strike toolset or parallel to it for redundancy. Its RAT implants support command execution, file access, network reconnaissance, and more, so hackers can use it for the same operational goals as Cobalt Strike.
The popularity of stolen data bazaar BreachForums surged after it was used to sell a giant database of stolen information describing Chinese citizens, threat intelligence firm Cybersixgill said on Thursday. The number of leaks posted on BreachForums increased - from an average of 14 a month to 52 per month - following the posting of the infamous billion-record Shanghai National Police database in early July, reported Cybersixgill.
An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated UEFI firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are related to designs using the H81 chipset," Kaspersky researchers said in a new report published today.
The government of Belgium has claimed it detected three Chinese Advanced Persistent Threat actors attacking its public service and defence forces. A government statement names Advanced Persistent Threat 27, 30, and 31 - aka UNSC 2814, GALLIUM, and SOFTCELL - as the groups responsible for the attacks.
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country's defense and interior ministries. "Belgium assesses these malicious cyber activities to have been undertaken by Chinese Advanced Persistent Threats."
The US Federal Communications Commission notified Congress on Friday that the cost to rip and replace equipment kit from Huawei and ZTE installed at US telcos is more than $3 billion higher than funding allocated for the program. FCC chair Jessica Rosenworcel wrote to explain the situation, which arose from the USA's desire to remove Chinese comms kit at local carriers in the name of national security.
Details have emerged on how more than a billion personal records were stolen in China and put up for sale on the dark web, and it all boils down to a unprotected online dashboard that left the data open to anyone who could find it. The data collection included names, addresses, birthplaces, national ID numbers, cellphone numbers, and details of any related police records.
A prominent Chinese tech CEO has cited human error as the likely reason hackers got their hands on the personal data of 1 billion people in China from a Shanghai police database and then put some of it up for sale on illicit online markets. An annual report on data breaches by Verizon-the 2022 Data Breach Investigations Report-cited the "Human element" as responsible for 82 percent of the breaches analyzed by researchers, with 13 percent directly attributed to human error.
A group of politicians and lawmakers in the UK have backed a campaign to ban the sale of CCTV systems made by companies alleged to introduce potential security issues as well as being linked to human rights abuses in China. Organized by campaign group Big Brother Watch, the letter said that partly Chinese state-owned CCTV manufacturers Hikvision and Dahua should be banned from sale or use in the UK. Both manufacturers are banned from trading in the US, owing both to security concerns and alleged evidence of their use in so-called "Re-education" camps in Xinjiang, where China is accused of detaining an estimated 1 million Uyghurs and subjecting them to abuse, torture, and forced sterilization, the campaigners said.