Security News

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. China's exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter.

Unit 42 researchers today have shared info on a new polymorphic and "Highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government. The malware has features and behavior that strongly resemble those of the WaterBear malware family, active since at least as early 2009.

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware - including a previously undocumented backdoor. Attributing the campaign to Winnti, Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A second attack detected on May 30 used a malicious RAR archive file consisting of shortcuts to two bait PDF documents that purported to be a curriculum vitae and an IELTS certificate.

The affected server, hosted by Tencent, was segmented into indices in order to store data obtained from each social-media source, which allowed researchers to look into the data further. "Our research team was able to determine that the entirety of the leaked data was 'scraped' from social-media platforms, which is both unethical and a violation of Facebook's, Instagram's and LinkedIn's terms of service," researchers said, in a Monday blog post.

United States president Donald Trump has signed an executive order banning the use of eight Chinese apps, namely Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office. The executive order says the apps "Threaten national security, foreign policy, and economy of the United States" because China can track users' devices.

President Donald Trump has signed an executive order banning transactions with eight Chinese apps including Alipay and WeChat Pay in an escalation of a trade war that has been unfolding through most of his term. The orders follow two others Trump signed in August banning dealings with the popular video app TikTok as well as the main WeChat messaging app.

China-linked cyber-espionage group APT27 is believed to have orchestrated recent ransomware attacks, including one where a legitimate Windows tool was used to encrypt the victim's files. More recently the cyberspies appear to have switched to financially-motivated attacks.

In an advisory this week, the Department of Homeland Security warned American organizations of the risks posed by using data services and equipment from firms that have ties to the People's Republic of China. "The PRC presents a grave threat to the data security of the U.S. government and U.S. businesses. It has both the intent and ability to covertly access data directly through entities under the influence or jurisdiction of PRC laws," the DHS says.

The US Department of Homeland Security warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the People's Republic of China. The DHS said that Chinese companies could be forced by newly enacted PRC laws to cooperate with Chinese security and intelligence services.

The United States Department of Homeland Security has published a guide to the terrifying risks that businesses will expose themselves to if they use tech created in the Peoples' Republic of China or engage in any business activity with the Middle Kingdom. The fifteen-page "Data Security Business Advisory" [PDF] opens by warning "Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located in the PRC, or use equipment and software developed by firms with an ownership nexus in the PRC.".