Search This Blog

Showing posts with label China. Show all posts

A Hacker Collective Based in Pakistan, Being Backed by China to Gather Intelligence Against India

 

In a rather coordinated attempt in order to steal strategic data and critical infrastructure by sending phishing mails a campaign was launched by a Pakistan-backed hacker, Transparent Tribe. 

The campaign, dubbed as 'Operation Sidecopy' utilizes a remote access malware that can heighten its privilege in undermined systems, and thus, easily steal data by infiltrating a computer. 

Cyber Security researchers at Seqrite, the cyber security solutions arm of Quick Heal, believe that the main tools utilized in Operation Sidecopy shows the association of Transparent Tribe which Seqrite believes is being backed by China to accumulate insight against India. 

One of the main characteristics that Seqrite believes can be associated with Pakistan's Transparent Tribe is the remote server facilitating that the 'collective uses'. 

As per researchers Kalpesh Mantri, Pawan Chaudhari and Goutam Tripathy at Seqrite, Operation Sidecopy utilizes Contabo GmbH to 'host' the remote server through which the malware is instructed and information inflow is controlled, which Transparent Tribe is accounted for to have done already.

Himanshu Dubey, director of Quick Heal Security Labs, affirmed that alongside the Operation Sidecopy cyber attacks are highly targeted towards India in nature and have been continuously observed since 2019.

'Till now, this attack has been only seen targeting India.The Tactics, Techniques and Procedures (TTPs), as well as Decoy documents that we analysed, were crafted specifically in Indian context,” he says. 

Clarifying the Pakistan and China connection in the series of cyber attacks taken note of, Quick Heal's Dubey says, “We have considered several factors such as infrastructure used for command servers, registered domain naming patterns and recently created domains, command and control server names are similar to the names used by APT36 in past, and APT36’s history of attacks targeting Indian defence organisations.Also, one domain that hosted HTML stager applications is registered to a user in Rawalpindi, Pakistan.” 

 Dubey avows that the entirety of Seqrite's discoveries under Operation Sidecopy have been shared with the authorities of the Indian government in order to assist them with taking proper digital protection steps and forestall loss of important data.

Iranian Threat Actors Have Modified Their Strategies, Attacks Now More Effective


Since the dawn of the digital age, Iranian hackers have been infamous for their attacks on critical infrastructures, targeting governments, and hacking large corporate networks. The main motive behind these attacks is getting espionage intelligence, steal confidential information, ransomware attacks, and target massive data networks. Since 2019, the hackers have been using developed strategies that are more effective in causing damage to the targets, resulting in better monetary benefits, says the Bloomsbury news.


Attack details

  • Earlier this year in April, hacking group APT34 (otherwise knowns as OilRig) launched a modified version of the backdoor named 'RDAT.' The backdoor uses the C2 channel, which can hide commands and data under images via attachments. 
  • Earlier this year in May, APT34 also added a new tool to its hacking inventory, known as DNSExfiltrator. The tool has allowed hackers to become the first hacking group that uses the DoH (DNS-over-HTTPS) protocol in its attacks. 

Keeping view of these new modifications in the hacking realm, organizations should know that the criminals are evolving and modifying their methods over time. It suggests that hackers have become more powerful and possess a more significant threat to the cybersecurity world.

Other developments 

  • In August 2020, the FBI issued a security alert about the hacking group going by the name of 'Fox Kitten' attacking potentially weak F5 networks. The hacker's purpose was to attack private and public U.S. government organizations. 
  • In July 2020, making its comeback, threat actor Charming Kitten launched a cyberespionage campaign, using WhatsApp and LinkedIn to imitate Persian speaking journalists. The targets included the U.S. government, Israeli scholars belonging to Tel Aviv and Haifa universities. 
  • In June 2020, an amateur hacking group from Iran attacked Asian companies using 'Dharma' ransomware. 

According to intelligence reports, the hackers used widely available hacking tools to target companies in China, Russia, Japan, and India. From July 2020, threat actor Fox Kitten is also infamous for giving small corporate networks access on hacking forums. According to experts, it is just trying to generate revenue using other income channels, using systems that lack any intelligence value but provide Iran money.

Chinese hackers targeted about five Russian developers of banking software

Chinese hacker group Winnti attacked at least five Russian developers of banking software, as well as a construction company. According to Positive Technologies, the names of banks and developers are not disclosed.

Positive Technologies noted that the implantation of special malicious code by hackers at the development stage potentially allows them to get access to Bank data. After the code is implemented onto the infected machine, a full-fledged backdoor is loaded to investigate the network and steal the necessary data.

Andrey Arsentiev, head of analytics and special projects at InfoWatch, explained that previously Winnti hacked industrial and high-tech companies from Taiwan and Europe through attacks on the software supply chain, but now, apparently, it has decided to switch to Russian companies.

According to him, there is a rather complex software supply chain in the financial sector, so Winnti may be interested not only in obtaining direct financial benefits but also in corporate espionage. As for the construction industry, Chinese hackers may be aimed at obtaining trade secrets, which in turn may be related to the plans of Chinese companies to expand into the Russian market. Mr. Arsentiev came to the conclusion that, in this way, hacker attacks would allow studying the strategy of potential competitors

Nikolay Murashov, deputy director of the National Coordination Center for Computer Incidents, said that organizations involved in software development and system integration accounted for about a third of all targeted attacks in the Russian Federation in recent years.

According to Mikhail Kondrashin, technical director of Trend Micro, attacks specifically on software developers for banks open up endless opportunities for subsequent attacks. The appearance of such attacks actually changes the rules of information security in the field of development: it is no longer just about developing secure code, but rather protecting the infrastructure itself.

TikTok Files Lawsuit Against the U.S. Government Over Ban of Its Application


Tiktok has confirmed that it is going to sue the U.S. government for banning the use of Tiktok application in the United States. However, the Lawsuit will not ensure the Chinese company's future in the U.S. market even if it wins. The company claims that it has been trying to agree with Donald Trump administration's concerns and has been trying to reach a consensus for one year. Instead of entering a general agreement, the U.S. government is not paying attention to this issue, says TikTok. According to the company, the administration is not willing to offer any opportunities to resolve the problems.


Reuter reports, "it was not immediately clear which court TikTok plans to file its lawsuit. The company had previously said it was exploring its legal options, and its employees were also preparing their own lawsuit. While TikTok is best known for its anodyne videos of people dancing and going viral among teenagers, U.S. officials have expressed concerns that information on users could be passed on to China's communist government."

Tiktok says that to safeguard fair treatment of its users' and justice, it has no other option than to challenge the Trump administration in the court. Earlier this month, Trump had banned financial dealings with Tiktok, owned by ByteDance and WeChat, owned by Tencent. According to him, these Chinese apps could be a threat to U.S. national security, economy, and trade affairs. According to the administration, TikTok stores a large amount of user data, including internet usage, browser history, network data, and location.

The Chinese Communist Party can exploit this data and use it for extortion purposes, blackmail, cyberattacks, and even espionage acts. "TikTok did not specify which court it planned to tap for its lawsuit, but this move would not stop the company from being compelled to relinquish its U.S. operations, which was laid out under Trump's second executive order issued on August 14 and was not subject to judicial review," reports ZDNet. In response, TikTok says that it modified its user policies to deal with the issue, bringing new measures to prevent misinformation and ensure user privacy.

Indian Prime Minister Announces a New Cyber Security Policy for the Country


On the celebration of India's 74th Independence Day, the Prime Minister of India Narendra Modi announced his plans about bring up a new cybersecurity policy for the country. 

While addressing the nation, in his speech he highlighted the threats radiating from cyberspace that could affect India's society, economy, and development. 

He emphasized the fact that dangers from cyberspace can jeopardize every one of these parts of Indian life and they shouldn't be taken for granted. The prime minister's comments come against the ever-increasing cyber threats and psychological warfare radiating from nations like Pakistan and China. 

As per news reports, during the border tensions at Ladakh, China and Pakistani social media activists had apparently joined hands to dispatch fake news and misinformation campaigns against India. 

At the point when the conflict happened along the Pangong Lake on 5-6 May, Weibo, the Chinese version of Twitter, had featured images of Indian fighters tied up and lying on the ground, with correlations made to Bollywood's 'muscular portrayal' of the Indian Armed forces.

 "The government is alert on this," Modi reassured the nation, later adding that the government will soon come out with a strong policy on this.

Apart from this, phishing attacks offering info on Covid-19 and equipment, or free testing with the aim to steal personal information have additionally been on a steady rise in India over the last few months. 

As indicated by a Kaspersky report, there is a 37% increase in cyber-attacks against Indian companies in April-June quarter, when compared with January-March quarter, with the reason being the implementation of a nationwide lockdown from March which made organizations and companies permit their employees to work from home.

The Council of the EU and Its First-Ever Sanctions against Persons or Entities Involved in Various Cyber-Attacks



The Council of the European Union imposed its first-ever sanction against persons or entities engaged with different cyber-attacks focusing on European citizens and its member states. 

The sanctions imposed include a ban for people traveling to any EU nations and a freeze of assets on persons and entities. 

The order has been issued against six individuals and three entities liable for or associated with different cyber-attacks. Out of the six individuals sanctioned they include two Chinese citizens and four Russian nationals. 

The companies associated with carrying out these cyber-attacks incorporate an export firm situated in North Korea, and technology companies from China and Russia.

The entities responsible for or engaged with different cyber-attacks incorporate some publicly referred to ones as 'WannaCry', 'NotPetya', and 'Operation Cloud Hopper,' just as an endeavored cyber-attack against the organization for the prohibition of chemical weapons.




As per the European Council, the detailed of these persons or entities are: 

 1. Two Chinese Individuals—Gao Qiang and Zhang Shilong—and a technology firm, named Tianjin Huaying Haitai Science and Technology Development Co. Ltd, for the Operation Cloud Hopper. 

 2. Four Russian nationals (also wanted by the FBI) — Alexey Valeryevich, Aleksei Sergeyvich, Evgenii Mikhaylovich, and Oleg Mikhaylovich—for attempting to target the Organisation for the Prohibition of Chemical Weapons (OPCW), in the Netherlands. 

 3. A Russian technology firm (exposed by the NSA) — Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation—for the NotPetya ransomware attack in 2017 and the cyber-attacks directed at a Ukrainian power grid in the winter of 2015 and 2016. 

 4. A North Korean export firm — Chosun Expo, for the WannaCry ransomware attack that made havoc by disrupting information systems worldwide in 2017 and linked to the well-known Lazarus group. 

The Council says, “Sanctions are one of the options available in the EU's cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool." 

As indicated by the European Union, the two Chinese nationals who carried out Operation Cloud Hopper are members from the APT10 threat actor group, otherwise called 'Red Apollo,' 'Stone Panda,' 'MenuPass' and 'Potassium.' 

On the other hand, the four Russian nationals were agents of the Russian Intelligence agency GRU who once expected to hack into the Wi-Fi network of the OPCW, which, if effective, would have permitted them to compromise the OPCW's on-going investigatory work.

Gothic Panda and Stone Panda: Chinese Hackers that Launched Mass Cyber Attacks on Indian Companies


Two Hacking groups from China named Gothic Panda and Stone Panda have been identified for organizing the majority of the cyber attacks on Indian companies in June 2020. Mumbai Mirror reported was the first to know about the incident. On 20th June, it published a report on its website regarding the issue. As per the cybersecurity experts, the word is that both the hacking groups are likely to work independently and not state-sponsored; however, they work in the interests of the Chinese government. According to experts, an anonymous source said that the attacks were launched under the disguise of VPN and Proxy Servers. After investigation, the attacks led us to Gothic Panda and State Panda, say the officials.

Chinese hackers launched more than 40,000 attacks. The hackers had used some unique malware to gain confidential data of the companies and later used the information for extortion. According to the reports, the hackers broke into at least six private/public companies' safety procedures. These include a government-regulated organization in Jammu and Kashmir and companies operating in New Delhi and Mumbai. The attacks were traced back to Souther Western Chinese province named Sichuan. These players also attempted to take down websites linked to companies that were involved in banking and finance.

The hackers used DDoS attacks (Distributed Denial of Service) and Internet Protocol Hijack. Experts say that these attacks, also called 'Probes,' look for vulnerabilities in a website's security features. In an incident where the hackers were able to crash the website, the home page was modified, and the content was changed with a foreign language. Experts say that there were no other successful probes except this incident.

In a DDoS attack, the hacker tries to rupture a cyber network, such as a website. For example, if a website page's utility provider's limit is 5000 requests/second, the hackers will pile it up with 5,00,000 requests/second and crash the website. Whereas in an Internet Protocol Hijack, the hacker tries to divert the course of traffic. In this case, the internet traffic was diverted through China for surveillance purposes.

Experts Discover Backdoor Malware in Chinese Tax Softwares named "GoldenHelper"


Trustwave has found a new malware (backdoor) named GoldenHelper. The malware is encoded in Golden Tax Invoice Software. It's under the Golden Tax Project of China's government, and its function is issue invoice and adds VAT (Value Added Tax). In June, experts had also discovered another malware named GoldenSpy. The backdoor malware was embedded within tax softwares that the Chinese companies had to install, to work in the financial sector. The backdoor malware GoldenHelper is entirely distinct from GoldenSpy.


However, both the malware function in a similar way. The backdoor malware gains entry into the international company's network operating in China to steal information. The GoldenHelper campaign distribution was active between January 2018 to July 2019 (the operations ceased to exist after January 2020). It should be noted that the GoldenSpy campaign also became active in April 2020.

The malware uses intelligent techniques to cover its usage activity when it's in function. Popular methods include using arbitrary files pattern, systems locations, and names while in transition. "The Golden Tax Project is a national program in China, impacting every business operating in China. We are currently aware of only two organizations authorized to produce Golden Tax software, Aisino, and Baiwang. This is now the second Golden Tax software package that Trustwave SpiderLabs has found to contain a hidden backdoor capable of remotely executing arbitrary code with SYSTEM level privileges," says Trustwave in its report. 

About GoldenHelper's Activity 

  • It doesn't ask user permission to gain access (UAC Bypass) 
  • Obfuscation- Randomization of file names 
  • Timestomping- Randomization while generating timestamps of "creation" and "last write." 
  • Arbitrarily downloads executable using fake file names. 

"During our investigation, we have been informed that the Golden Tax software may be deployed in your environment as a stand-alone system provided by the bank. Several individuals report receiving an actual Windows 7 computer (Home edition) with this Golden Tax software (and GoldenHelper) preinstalled and ready to use. This deployment mechanism is an interesting physical manifestation of a trojan horse," says Trustwave in a report published on its website.

Golang: A Cryptomining Malware that Maybe Targetting Your PC


Cybersecurity experts at Barracuda Networks have discovered a unique kind of crypto mining malware called "Golang." The malware can attack Windows as well as Linux systems, according to the experts. This latest malware is targeting Monero cryptocurrency with the help of Xmrig, a popular miner. The number of attacks related to the malware may be relatively low, but the cybersecurity experts have discovered 7 IP addresses associated with this malware, all originating from China.


The experts also observed that the Golang malware's primary targets are non-HTTP features like MSSQL and Redis, app servers, web apps frameworks, whereas easy to attack targets like end-users are safe. If we look back into the issue, we will find that the earlier versions of Golang only affected the Linux systems; however, the present version targets Windows and the former. The attacks are carried out using various exploits such as IoT devices, Hadoop, Drupal, ElasticSearch, and Oracle Weblogic. For instance, in a recent malware attack in China, the malware used exploits that targeted ThinkPHP app frameworks widely used in the country.

According to the experts, the Golang malware is capable of evolving every day and using more exploits as each day passes by. Golang malware works by infiltrating the system, and once it does, it uses required files to complete the task. These may include downloaded update scripts, configuration files, scanner, and a miner. It all depends on the type of platform. Whereas, when attacking Windows, the hackers can use backdoors too. In recent times, more and more hackers have shifted towards using Golang as it can't be identified by anti-virus software.

The malware is infamous for targeting vulnerable servers, making it accessible among cybercriminals looking for vulnerabilities to exploit. The only way to be safe from this malware is to keep track of the CPU usage activity (when it goes unusually high) and observe any suspicious activity at the endpoints. Any threat, similar to the likes of Golang, can be avoided by vigilante inspections and immediate responses. Awareness about crypto mining threats is also a must.

China and Digital Currency : multifaceted advantages or a surveillance and tracking juncture?


People’s Bank of China (PBoC), China's central bank issued a public notice on April 29, 2020, “In order to implement the FinTech Development Plan (2019-2021), the People’s Bank of China has explored approaches to designing an inclusive, prudent and flexible trial-and-error mechanism. In December 2019, a pilot programme was launched in Beijing. To intensively advance the trial work of fintech innovation regulation, the PBoC supports the expansion of the pilot program to cover the cities of Shanghai, Chongqing, Shenzhen, Hangzhou, Suzhou, as well as Xiong’an New Area of Hebei, by guiding licensed financial institutions and tech companies to apply for an innovation test.”

After five years in making China's digital yuan is ready to be made public. While the world is battling Corona and settling the blame over China, the republic pushes out China’s central bank digital currency (CBDC), Christened Digital Currency Electronic Payment (DCEP) will be made available via mobile wallets. This new digital cash values the  same as yuan and if this experiment succeeds than China will be the first sovereign that uses crypto.

Cryptocurrency has been received skeptically by the whole world but the case is quite the opposite in China. After 2015-16, Chinese investors became intrigued by ether,and Bitcoin became a popular alternative asset.

"China has emerged as the capital of the crypto ecosystem, accounting for nearly 90% of trading volumes and hosting" The Hindu reports.

Outside China, people are dwelling if the digital yuan will takeover the dollar, as this stroke by the  People’s Republic will forever change the trading way.

Advantage or Surveillance? 

Beijing gives a mundane explanation for circulating digital yuan as a way to control shadow banking and other risks.
Digital Currency will pave multifaceted advantages like combating tax evasions and money laundering. Also, paper currency consumes around 2% of the GDP. It will also help in financial inclusions and direct benefit transfer especially in emergencies. Overall, the digital currency will speed up transactions and also ease international trade.

But, this crypto retail system would not be cryptic and the anonymity of cash will disappear. Authorities can very well look into transactions for illegal and unwanted activities. The rising state of surveillance has questioned citizen privacy as physical contact tracing and now financial tracing becomes the new normal.

Hackers Use Backdoor to Infiltrate Governments and Companies, Motive, not Money.


According to findings by cybersecurity firms Avast and ESET, an APT (Advanced Persistent Threat) cyberattack targeted companies and government authorities in Central Asia, using backdoors to gain entry into company networks for a long period. The targets involved telecom companies, gas agencies, and one government body in Central Asia. APT attacks, unlike other cyberattacks, don't work for money profits but have different motives.


According to cybersecurity experts, APT attacks are state-sponsored, and their purpose is to get intel on politics and inside information, not money. According to research findings, the hackers responsible for the APT attack in Central Asia is a group from China that uses RAT (Remote Access Tools). The attack was not their first, as experts believe that the same group was responsible for the 2017 cyberattacks against the Russian military and the Belarusian government.

APT attacks remain lowkey 

Unlike ransomware attacks that are famous for infiltrating the company networks, involving some top IT companies, the APT actors like to stay out of the radar and remain unnoticed. The motive of these attacks is not blackmail by having sensitive information. These attacks aim to remain unnoticed for as long as possible, as it allows hackers to have access to the company's network and data. Experts say that they currently don't have substantial evidence about the data that was deleted or manipulated. After the attack, the hackers part away as to avoid any suspicion or identification. Confidential info like Espionage, government policies, and trade, is what these hackers are after.

The cyberattacks are on the rise due to people working from home, giving opportunities to hackers. It has been very tough to protect users from malware attacks in the current times, due to millions of malware. The reason is the COVID-19 pandemic, and the best chance to stay safe from hackers is to be on alert after the pandemic ends. Users should check every link they get, before opening it or passing it to someone else. People working from home should keep their systems and device updated, along with the applications.

Residents in China under Surveillance amid the Coronavirus Pandemic


According to recent reports, China is alleged for surveilling its residents' homes among the coronavirus epidemic. However, there is no official rule that says China can keep quarantined residents under watch. The incident has been happening since February in China, where few residents have reported cases of security camera equipped right in front of their homes. Three people have already informed of this incident, whereas other similar cases have appeared on social media.


Currently, China doesn't have any national law that allows it to watch its people through surveillance cameras, but still, the cameras are equipped in various public areas in China. According to sources, the authorities are continually keeping a watch on people, whether they are in malls, eating in a restaurant, boarding transport, or even in schools and colleges. According to data by CNN, around 20 Million cameras were installed across china in the year 2020, and this is only a rough estimate. According to some other sources, the numbers can go even higher. As per the reports of IHS Markit Technology, which currently works under Informa Tech, China had around 350 Million surveillance cameras installed in the year 2018, which is five times than of the USA.

What will happen by 2021? 

According to the data, the projection suggests that by the year 2021, China will have equipped six times more surveillance cameras than the US. According to Comparitech, a UK based research organization, "Estimates vary on the number of CCTV cameras in China, but reports range from 200 million up to 626 million in use by 2020. Based on the country's current population of 1.4 billion people, that would mean nearly one camera for every two people. Although this projection might seem vast, it may be a fraction of the actual number."

In the present times, however, the COVID-19 pandemic has triggered the Chinese authorities to keep a watch on its residents' private life. According to these residents, it is a complete breach of privacy. Knowing that this issue might appear, the Joint Civil Society issued a statement earlier this month that said, "the COVID-19 pandemic is a global public health emergency that requires a coordinated and large-scale response by governments worldwide. However, States' efforts to contain the virus must not be used as a cover to usher in a new era of greatly expanded systems of invasive digital surveillance."

BGP Hijacking Attacks Google, Amazon and Other Famous Networks' Traffic!


As per reports, a telecommunication provider that is owned by Russia rerouted traffic which was intended for the most imminent Content Delivery Networks (CDNs) and cloud host providers of the globe.

The entire re-direction kept on for around an hour during which it affected over 8,500 traffic routes of the internet. The concerned organizations happen to be few of the most celebrated ones.

Per sources, the brands range across well-known names like Cloudflare, Digital Ocean, Linode, Google, Joyent, Facebook, LeaseWeb, Amazon, GoDaddy, and Hetzner.

Reportedly, all the signs of this attack indicate towards its being a case of hijacking the Border Gateway Protocol, also known as, BGP hijacking. It is the illegitimate takeover of IP prefixes by a hijacker to redirect traffic.

This gives a lot of power in the hands of the hijacker because they could at any time “publish an announcement” stating that the servers of a particular company are on their network. As a result of which all of e.g. Amazon’s traffic would end up on the hijacker’s servers.

In earlier times when Hypertext Transfer Protocol wasn’t as widely used to encrypt traffic, BGP hijacking was a lucrative way to carry Man-in-the-Middle (MitM) attacks and catch and modify traffic.

But in recent times, analysis and decryption of traffic later in time has become easier because of BGP hijacking, as the encryption gets weaker with time.

This predicament isn’t of a new kind. It has been troubling the cyber-world for a couple of decades, mainly because they aim at boosting the BGP’s security. Despite working on several projects there hasn’t been much advancement in improving the protocol to face them.

Google’s network has been a victim of BGP hijacking by a Nigerian entity before. Researchers mention that it is not necessary for a BGP hijacking to be malicious.

Reportedly, “mistyping the ASN” (Autonomous System Number) is one of the other main reasons behind a BGP hijacking, as it is the code via which internet units are recognized and ends up accidentally redirecting traffic.

Per sources, China Telecom stands among the top entities that have committed BGP hijacking, not so “accidentally”. Another famous one on a similar front is “Rostelecom”.

The last time Rostelecom seized a lot of attention was when the most gigantic of financial players were victimized by BGP hijacking including HSBC, Visa, and MasterCard to name a few.

The last time, BGPMon didn’t have much to say however this time, Russian Telecom is in a questionable state, per sources. They also mention that it is possible for the hijack to have occurred following the accidental exposure of the wrong BGP network by an internal Rostelecom traffic shaping system.

Things took a steep turn when reportedly, Rostelecom’s upstream providers re-publicized the freshly declared BGP routes all across the web aggravating the hijack massively.

Per researchers, it is quite a difficult task to say for sure if a BGP hijacking was intentional of accidental. All that could be said is that the parties involved in the hijack make the situation suspicious.

Betting and Gambling Websites under Cyberattack from Chinese Hackers


Since last year's summers, Chinese hackers have been targeting South Asian companies that own online gambling and betting websites. The gambling companies in South Asia have confirmed the hacks, whereas rumors of cyberattacks on betting websites have also emerged from Europe, and the Middle East, however, the rumors are yet to confirm, says the reports of cybersecurity group Trend Micro and Talent-Jump. Cybersecurity experts claim that no money was stolen in these hacks against the gambling websites. However, hackers have stolen source codes and databases. The motive of the attack was not a cybercrime, but rather espionage intended attack to gain intelligence.


According to the experts, a group named 'DRBControl' is responsible for the cyberattack. According to the reports of Trend Micro, the hacking techniques used in this particular cyberattack incident is similar to methods done by Emissary Panda and Winnti. All of these hacking groups are from China that has launched cyberattack campaigns in the benefits of the Chinese state. As of now, it is not confirmed whether DRBControl is launching these cyberattacks in the interests of the Chinese government. According to the cybersecurity group FireEye, not all the attacks have been state-sponsored, as a side business, hackers have been launching these attacks for profits and money.

How did the attacks happen?

The techniques used by DRBControl is not very uncommon or unique. Rather, the attacking techniques used to target victims and steal their data were pretty simple. The hackers send phishing emails that contain backdoor entries malware, and if the user is lured into opening these mails, the system gets infected with backdoor Trojans. However, these backdoor Trojans are not the same as the others.

This kind of Trojan relies on Dropbox file service for hosting and sharing to be used as C&C (control-and-command), to store stolen data and 2nd level payloads. Hence the name, DropBox Control. The Chinese hackers usually use the backdoor Trojans to install other hacking malware and tools so that they can roam through the network and trace the path to the source codes and databases to steal the user data.

Apple Becomes the First Major US Company to Say that the ‘Corona’ Epidemic Will Hit Its Finances



The iPhone maker cautions that disturbance in China from the coronavirus will result in revenues falling short of forecasts'. Underscoring the fact that production and sales were influenced, Apple says that "worldwide iPhone supply would be temporarily constrained". 

Sales of Apple products would be lower, bearing in mind that most stores in China are either closed or operating at reduced hours, the company says, "while our iPhone manufacturing partner sites are located outside the Hubei province - and while all of these facilities have reopened - they are ramping up more slowly than we had anticipated.” 

 "All of our stores in China and many of our partner stores have been closed," it added. "Additionally, stores that are open have been operating at reduced hours and with very low customer traffic. We are gradually reopening our retail stores and will continue to do so as steadily and safely as we can."

Experts have assessed that the virus may contribute towards the reduction in the demand for smartphones significantly in the first quarter in China, the world's biggest market for gadgets. 
The car industry is yet another sector that has been influenced by disturbance to its supply chain. 

A week ago, the heavy equipment manufacturer JCB said it was cutting production in the UK because of a shortage of components from China. Wedbush analyst Daniel Ives wrote in a note to customers, "While we have discussed a negative iPhone impact from the coronavirus over the past few weeks, the magnitude of this impact to miss its revenue guidance midway through February is clearly worse than feared," 

New virus cases outside the 'epicenter area’ has been declining throughout the previous 13 days. There were 115 new cases outside Hubei reported on Monday, sharply down from about 450 a week back. In any case, regardless of expectations that factories and shops are slowly easing back to normal, Apple's warning, however, will underline that China's economy will be greatly influenced by the coronavirus.

America Vs China! The USA Alleges Huawei to be a Technology Thief and Spy for China?


In view of recent reports, China and the US have taken their technology war to court. Now, the US firms allege that the telecom colossus, Huawei has been planning to rip them off of their technology for “decades”.

Hence, the American organizations decided to expand the premises of their lawsuit against the Chinese mega-company.

The prosecuting attorney mentioned that Huawei did indeed violate the terms of the contract with the companies of the US by stealing robot technology, trade secrets and such.

Per sources, Huawei has straightaway denied all the allegations and has cited that the US is merely threatened by the competition and hence are trying to run down the name of Huawei.

Per newspaper reports, the mega smartphone maker’s chief financial officer and the founder’s daughter are held captive in Canada, struggling against extradition.

According to sources, there are charges of fraud and “sanctions violations” on the founder’s daughter, which she has waved off and denied.

Huawei pretty strong-headedly is maintaining that this lawsuit and the charges on the company are trivial attempts at tarnishing the reputation of their company and attempts at depleting stakes of competition.

Per reports, the fresh accusations of the US against Huawei include trade secret embezzlement, racketeering and even sending spies to obtain confidential information.

Sources reveal, that the persecution attorney also said that Huawei with its stolen data cut both times and cost in the research and development for the company which helped it climb the steps faster than the others.

Per Huawei, the newer charges are just another way of bringing up older claims. Nevertheless, it doesn’t look like the US plan to withdraw their claims or the lawsuit in the near future or at all.

This technological rift has a strong possibility of transforming into a political dispute between America and China. The US is forcing countries like the UK to pull back their support from Huawei, continuing to say that the equipment could be used by China for spying.

Relations between China and the US are down a very flimsy and unpredictable road. All the same, the UK still continues its business ties with Huawei but with possible limits.

China Alleges India for Cyber-attacks Amid the Coronavirus Outbreak. Demands International Cooperation.


China, who is currently battling against the deadly coronavirus epidemic said last Friday that it needs international support from countries across as it is in the midst of an 'exceptional' and 'full-on war' against the deadly virus. The statement arrived after reports of local media claimed that cybercriminals from India had attacked the Chinese hospitals during the coronavirus epidemic. "It appears that Indian hackers had attacked regional health institutes and Chinese hospitals while China was busy fighting the coronavirus epidemic," said a Chinese cybersecurity firm in a statement.


"We have proof that hackers from India attacked Chinese health institutes using 'phishing' e-mails technique," said 360 Technology, a Chinese tech company, in a conversation with a national newspaper, Global Times. In acknowledgment of the comments made, the foreign ministry of China said: "We have to come to this conclusion after considering various reports of local media." "A country which is strictly opposed to cyber hacking of any kind, China, a significant cybersecurity nation, has currently become a victim of hacking," said Hua Chunying, spokesperson, Foreign Ministry of China, last Friday, without mentioning India in the statement.

"It is in these times of misery, that we believe all the countries across the globe should come together as one to fight against this major problem of cyber attacks and hacking. It is only after this would we be able to maintain a safe, secure and helpful cyber world," said Chunying via an e-press conference. She further says: "It is a matter of great concern for China as we are currently amid a crisis of battling a deadly epidemic. Witnessing the current public health emergency, the nations should cooperate to battle this issue."

"Indian hackers have been launching APTs (Advanced Persistent Threat) and attacking Chinese health institutes by sending phishing e-mail schemes," said the company to Global Times. "A suspected group of hackers from India named 'Bitter' have launched APT cyberattacks since March 2019, targeting the Chinese health institutes and research centers, and also the Ministry of Foreign Affairs," said an opinion column from Global Times.

Chinese Origin Threat Group Targets Hong Kong Universities with New Backdoor Variant




The Winnti, a China-linked threat group that has been active in the cyberspace since 2009 was found to be employing a new variant of the ShadowPad backdoor (group's new flagship tool) in the recent attacks where it compromised computer systems at two Hong Kong universities during the protests that began around March 2019 in Hong Kong.

The threat group of Chinese origins has largely targeted the gaming industry, while constantly expanding the scope of its targets. Various reports suggest Winnti being operated in link with some other groups including APT17, Ke3chang Axiom, Wicked Panda, BARIUM, LEAD, DeputyDog, Gref, and PlayfullDragon.

According to other sources available, Kaspersky was the first to identify the Winnti group but some researchers attribute its existence to the year 2007.

In October 2019, security researchers at ESET spotted two new backdoors used by the group – Microsoft SQL-targeting skip-2.0 and PortReuse. Later, the same year in November, ESET researchers discovered samples of ShadowPad Launcher Malware on various devices in the two universities. The Winnti was found to be present on these universities' systems a few weeks before the backdoor was confirmed.

“In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities. We found a new variant of the ShadowPad backdoor, the group’s flagship backdoor, deployed using a new launcher and embedding numerous modules.” as per the analysis done by ESET.

“One can observe that the C&C URL used by both Winnti and ShadowPad complies to the scheme [backdoor_type][target_name].domain.tld:443 where [backdoor_type] is a single letter which is either “w” in the case of the Winnti malware or “b” in the case of ShadowPad.” reads the report.

“From this format, we were able to find several C&C URLs, including three additional Hong Kong universities’ names. The campaign identifiers found in the samples we’ve analyzed match the subdomain part of the C&C server, showing that these samples were really targeted against these universities.”

Another Chinese state-sponsored hacking groups discovered - would be the fourth one to be found


A group of cyber security analyst, Intrusion Truth have found their fourth Chinese state-sponsored hacking operation APT 40.
"APT groups in China have a common blueprint: contract hackers and specialists, front companies, and an intelligence officer," the Intrusion Truth team said. "We know that multiple areas of China each have their own APT."
APT stands for Advanced Persistent Threat and is used to describe government supported and sponsored hacking groups. 

Intrusion Truth has previously exposed three government supported APTs, APT3 (believed to operate out of the Guangdong province), APT10 (Tianjin province), and APT17 (Jinan province),  they have now doxed APT40, China's cyber apparatus in the state of Hainan, an island in the South China Sea.

In a blog post, they said they've discovered 13 companies that serve as a front for APT activists. These companies use offline details, overlapping contacts and no online presence except to recruit cyber experts. 

"Looking beyond the linked contact details though, some of the skills that these adverts are seeking are on the aggressive end of the spectrum," the Intrusion Truth team said.

"While the companies stress that they are committed to information security and cyber-defense, the technical job adverts that they have placed seek skills that would more likely be suitable for red teaming and conducting cyber-attacks," they further said. 

APT40 RECRUITMENT MANAGED BY A PROFESSOR

Intrusion Truth was able to link all these companies mentioned above to a single person, a professor in the Information Security Department at the Hainan University.

One of the 13 companies was even headquartered at the university's library. This professor was also a former member of China's military. 

"[Name redacted by ZDNet] appeared to manage a network security competition at the university and was reportedly seeking novel ways of cracking passwords, offering large amounts of money to those able to do so," the anonymous researchers said.Intrusion Truth are pretty credible and have a good track record, US authorities have investigated  two of their three APT expose. 

122 Chinese Men Detained in Nepal on Charges of Cyber-crime and Bank Fraud


KATHMANDU: Nepal police on Tuesday detained 122 Chinese men and women in what seems like the biggest crime gig by foreigners. A police officer, Hobindra Bogati, said the Chinese embassy was aware of the raids and have fully supported the detentions. The chief of police of capital Kathmandu stated that the suspects were raided on Monday when the police got info that some Chinese visa holding foreigners were engaged in suspicious activity. The police chief, Uttam Subedi said, “This is the first time that so many foreigners have been detained for suspected criminal activities."


These people were suspected of various cyber crimes like hacking into bank cash machines and more. These 122 men and women are held in different police stations with their passports and laptops confiscated. Another police officer, Hobindra Bogati, told that the Chinese embassy in Nepal was aware of the raids and have fully supported the detentions. Chinese Foreign Ministry spokesman Geng Shuang, in Beijing, said Nepal and Chinese police have agreed to be cooperative in the investigations and China is willing to increase law-enforcement cooperation with its neighbor.

Chinese people in recent times are increasingly being detained in Asian countries on suspicions of fraud and other illegal activities. In the Philippines last week, 342 Chinese workers were arrested, caught in an unlicensed gambling operation. Some Chinese citizens were also arrested smuggling gold while in September, five were arrested for stealing money from bank cash machines. Even though the rate of criminal activities by the Chinese in Nepal is at a high rate, the state affairs between the two countries couldn't have been better.

China has increased FDI in Nepal in recent years, working on the development of roads, power plants, and hospitals. More than 134,000 Chinese tourists visited Nepal between January and October this year, up 9.2 percent from the same period in 2018, according to Nepal Tourism Board data. During a visit to Nepal by President Xi Jinping in October, Nepal and China signed a treaty to work together and provide mutual assistance on criminal matters.