Security News

More details have emerged on the operations of the Chinese state-sponsored threat actor known as APT41 and the links between its members, following the indictment of several alleged members of the group earlier this week. In a report published on Thursday, cybersecurity firm Symantec revealed that it has tracked the activity of these hackers as belonging to two different groups, called Grayfly and Blackfly.

One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Security firm FireEye dubbed that hacking blitz "One of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years."

Hardware video encoders from multiple suppliers contain several critical security bugs that allow a remote unauthenticated miscreant to run arbitrary code on the equipment. Huawei insists the vulnerabilities were not introduced by its HiSilicon chips nor the SDK code it provides to manufacturers that use its components.

The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking more than 100 companies throughout the world. The later indicted three Chinese hackers are associated with a network security company Chengdu 404 Network Technology, operated as a front by the People's Republic of China.

Two people have been arrested in Malaysia as part of America's crackdown on the Chinese government's hackers. The two men, both Malaysian nationals, are not accused of breaking into computer networks.

The United States Department of Justice on Wednesday announced indictments against five Chinese nationals believed to be part of a state-sponsored hacking group known as APT41. Also known as Winnti, Barium, Wicked Panda and Wicked Spider, the hackers allegedly launched cyberattacks on more than 100 companies in the United States and abroad. Their targets, the DoJ says, include software and video game companies, computer hardware makers, telecom providers, and social media organizations, but also governments, non-profit entities, universities, and think tanks, not to mention pro-democracy politicians and activists in Hong Kong.

Published with contribution from the FBI, the alert presents some of the tactics, techniques, and procedures that the Chinese state-sponsored hackers are employing in attacks on the U.S., such as the heavy use of publicly available tools to hinder attribution. According to CISA, threat actors affiliated with the Chinese MSS use open-source information in the planning stage of their operations, and engage target networks leveraging readily available exploits and toolkits.

A US academic has revealed the existence of 2.4-million-person database he says was compiled by a Chinese company known to supply intelligence, military, and security agencies. The researcher alleges the purpose of the database is enabling influence operations to be conducted against prominent and influential people outside China.

The US Cybersecurity and Infrastructure Security Agency issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese -affiliated cyber threat actors operating from the People's Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks," the cybersecurity agency said.

The United States has revoked visas of more than 1,000 Chinese students and researchers under an order by President Donald Trump that accused some of them of espionage, the State Department said Wednesday. Trump, in a May 29 proclamation as tensions rose with Beijing on multiple fronts, declared that some Chinese nationals officially in the United States for study have stolen intellectual property and helped modernize China's military.