Search This Blog

Showing posts with label Chinese Hackers. Show all posts

Hackers Working For the Chinese Government Tracking Movements of Ethnic Uighurs




Hackers working for the Chinese government are said to have been tracking the movements of ethnic Uighurs, a mostly Muslim minority, which is viewed as a security threat by Beijing. The hacks are a part of a rather extensive cyber-espionage campaign focused on “high-value individuals” such as diplomats and foreign military personnel, the sources said.

As a part of the campaign, various groups of Chinese hackers have compromised telecoms operators in nations including Turkey, Kazakhstan, India, Thailand and Malaysia, the four sources said.

China is currently confronting growing international criticism over its treatment of Uighurs in Xinjiang , as the members from the group have been subject to mass confinements in what China calls  “vocational training”  centres as well as 'widespread state surveillance'.

The nation has more than once denied association in any cyber-attacks or any abuse of the Uighur people, whose religious and cultural rights Beijing says are completely ensured, and the Chinese Foreign Ministry said any hacking charges should be upheld by legitimate proof.

“We would again like to stress that China is a resolute safeguarder of internet security. We consistently and resolutely oppose and crack down on any forms of internet attacks,” a ministry statement said.

While government authorities in India and Thailand declined to remark in regards to the specific telecoms operators that were undermined, officials in Malaysia, Kazakhstan and Turkey refused to promptly react to the requests for comments.

Chinese Hackers Attacked Eight Major Technology Service Providers




Eight largest technology service providers were attacked by the hackers of China’s Ministry of State Security; they attempted to access sensitive commercial information and secrets from their clients across the world.

In December, last year, a vicious operation was outlined in formal charges filed in the U.S.; it was designed to illegally access the Western intellectual property with motives of furthering China’s economic interests.

According to the findings made by Reuters, the list of the compromised technology service providers include Tata Consultancy Services, Dimension Data, Hewlett Packard Enterprise, Computer Sciences Corporation, HPE’s spun-off services arm, IBM, DXC Technology, Fujitsu and NTT Data.

Furthermore, various clients of the service providers such as Ericsson also fall prey to the attack.
However, IBM previously stated that it lacks evidence on any secret commercial information being compromised by any of these attacks.

Referencing from the statements given by HPE, they worked diligently for their “customers to mitigate this attack and protect their information.” Meanwhile, DXC told that it had, “robust security measures in place” in order to keep their clients secure.

Commenting on the matter and denying the accusations and any sort of involvement in the attacks, the Chinese government said, “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,”

“While there have been attacks on our enterprise network, we have found no evidence in any of our extensive investigations that Ericsson’s infrastructure has ever been used as part of a successful attack on one of our customers,” a spokesperson of Ericsson told as the company said, it doesn’t comment on specific cybersecurity matters.



Chinese espionage campaign hit telecommunications firms around the world






Hackers have breached into the systems of more than a dozen global telecommunications companies and have to hold on a large amount of personal as well as corporate data, researchers from a cybersecurity company said on Tuesday.

Security researchers from a cybersecurity firm Cybereason, which is a collaboration of US-Israel, said that the attackers compromised companies in more than 30 countries. 

The main aim behind this espionage is to gather information about individuals who are working in government, law enforcement and politics. The group is linked to a Chinese cyber-espionage campaign.

The tools used by hackers were similar to other attacks which were carried out by Beijing, but the country denied of involvement in any kind of mischievous activity. 

Lior Div, chief executive of Cybereason. “For this level of sophistication, it’s not a criminal group. It is a government that has capabilities that can do this kind of attack,” he told Reuters.

Cybereason said in a blog post. “They built a perfect espionage environment. They could grab information as they please on the targets that they are interested in.”



“We managed to find not just one piece of software, we managed to find more than five different tools that this specific group used,” Div said.

Australian Universities' Servers hacked, data back from 19 Years stolen






The Australian National University (ANU) confirmed on Tuesday hackers breached their cyber defense system in order to access sensitive data, including students bank and passport details going back 19 years. 

The university said they discovered the breach two weeks ago only, and it was carried out by some ‘’sophisticated operator.”

Last year in July, they thwarted an attempt to hack their network system. According to media reports at that time, the bid originated in China. 

“National community agencies are recruiting directly out of ANU,” said Fergus Hanson, head of the International Cyber Policy Centre at think-tank the Australian Strategic Policy Institute. “To have information around particular people who are working in different departments... that would be very useful.” 

Australia’s cyber intelligence agency said they are still investigating who was behind the attack.

“It does appear to be the work of a sophisticated actor,” a representative of the Australian Signals Directorate said in an emailed statement. “It is too early to speculate about connections to other compromises.”

However, China has always denied its involvement in any kind of hacking attacks and its embassy in Australia did not respond to a request from Reuters for comment.


Chinese hackers attacked Russian companies and government agencies for 9 years



Russian Security Companies Positive Technologies and Kaspersky Lab discovered a cyber group which for several years stole data from more than 20 Russian companies and government agencies. The expert said that such groups are usually engaged in political intelligence or industrial espionage.

The hacker group has been working for at least 9 years. The names of the companies attacked by hackers were not disclosed. But it is specified that 24 Russian important organizations were attacked.

According to Positive Technologies, the attackers used Chinese developers to create their tools and used during the attacks Chinese IP addresses. Moreover, the keys for some versions of malicious programs are found on specialized forums where people from China communicate.

Positive Technologies gave the name TaskMasters to the hacker group because it created specific tasks in the task scheduler that allows hackers to execute commands of the operating system and run software at a certain point in time. After penetration into local networks of the enterprises, leaks of information were used for espionage.

Kaspersky Labs said they have been tracking the activity of this group since 2016, and they call it BlueTraveler. According to experts, hackers attack more often government agencies, mainly from Russia and the CIS. In addition, they confirm that the attackers speak Chinese and the methods used by Asian attackers is popular for political intelligence or industrial espionage.

An interesting fact is that the attacks of Asian hackers for years remained unnoticed by antivirus or information security services. Hackers downloaded without trace gigabytes of information, files, documents and drawings to their servers.

Known hackers of financial institutions prefer the method using the task scheduler. Namely, the Russian-speaking groups Cobalt and MoneyTaker use this method.

It is worth noting that at the end of 2018, cybersecurity experts reported that the financial sector of Russia for the year lost at least 3 billion rubles from cyber attacks.

A Hacker Group, 'Barium' on a Supply Chain Hijacking Spree



One of the most fatal forms of hacking is a software supply chain attack as it involves illicitly accessing a developer's network and placing the malicious code into the software updates and applications that users consider and trust the most.

In a single attempt, supply chain hackers can potentially place their ransomware onto thousands or millions of computer systems, they can do so without even a single trace of malicious activity. With time, this trick has gained a lot of traction and has become more advanced and difficult to be identified. Supply chain attacks follow a similar pattern and have been used by the associated companies as their core tool.

Basically, supply chain attacks exploit various software dissemination channels and over the last three years, these attacks have been majorly linked to a group of Chinese hackers. Reportedly, they are popularly known as ShadowHammer, Barium, Wicked Panda and ShadowPad, the name varies along with the security firms.

The trick demonstrates the massive potential of ShadowHammer to destroy computer systems on a large scale along with exploiting vulnerabilities present in a fundamental model which governs the code employed by users on their systems, such destructive ability possessed by Barium is a matter of great concern for security researchers.

Referencing from the statements given by Vitaly Kamluk, the director of the Asia research team for security firm Kaspersky, "They're poisoning trusted mechanisms," "they’re the champions of this. With the number of companies they’ve breached, I don’t think any other groups are comparable to these guys."

"When they abuse this mechanism, they’re undermining trust in the core, foundational mechanisms for verifying the integrity of your system,"

"This is much more important and has a bigger impact than regular exploitation of security vulnerabilities or phishing or other types of attacks. People are going to stop trusting legitimate software updates and software vendors."

On being asked, Marc-Etienne Léveillé, a security researcher, said, "In terms of scale, this is now the group that is most proficient in supply chain attacks,"

"We’ve never seen anything like this before. It’s scay because they have control over a very large number of machines

"If [Barium] had deployed a ransomware worm like that through one of these attacks, it would be a far more devastating attack than NotPetya," said another expert on the matter.






During ransomware attack, student's GCSE coursework seized

Sir John Colfox Academy, in Bridport, was the target of hackers, believed to be from China, after a member of staff mistakenly opened an email that contained virus and infected the school’s entire computer network. The email claimed to be from a teacher at another Dorset school.

Hackers seized pupil’s GCSE courework of the secondary school and demanded cash or returning it.

The Sir John Colfox Academy has about 1,000 pupils. The coursework was from one subject submitted by Year 11 students, which was saved on the school' system.

Head teacher David Herbert said: "We are liaising with the relevant exam boards about this specific issue."

Police have launched an investigation into the cyber attack.

Neither police nor the school have said how much money was demanded for the return of the coursework, but police say no money has been paid.

Russian Hacking Trouble for the Cyber World



According to data analysis by computer security company CrowdStrike, Russian hacking attack team spares only 19 minutes to the victim to respond to the attack. The next fastest group were North-Koreans who took two hours to jump to the next server to spread the attack,the third on the list comes Chinese attackers who on average gives four hours to the victim to foil their target attack.

Statistically the calculated time is coined as  “dubbed time“ and is the time attacker takes to jump from one network to another to spread the attack. Introducing the concept, CrowdStrike wrote in its report “shows how much time defenders have on average to detect an initial intrusion, investigate it and eject the attacker before sensitive data can be stolen or destroyed.”

According to the author, Pete Singer, the new analysis is eye-opening, "These stats are driven by a whole variety of factors, among them the skills and capability, the relative risk each is making in their likelihood of getting caught and the consequences. No matter how you look at it, an average of 18 minutes is quite amazing given the scale."

The Russians hackers have attacked many defense and military establishments throughout Europe and NATO since last year. Russian hackers were alleged to attack PyeongChang Winter Olympic Games in 2018.

Chris Krebs, DHS Cybersecurity and Infrastructure Security Agency Director, told defenseone.com recently, “We are doubling down on election security in advance of the 2020 election. Despite what some of the reporting might be, election security and countering foreign influence efforts aren’t going anywhere.”

According to a research from Arizona state University, researchers revealed that the exploiting a known vulnerability depended greatly on the country of the attacker.For Instance, the researchers looked at the Dark Web chat rooms , If attackers were discussing  vulnerabilities in National Database and If the hackers discussing the bug were Chinese, the chances to exploit the vulnerability in question was nine percent, But if the conversation was between Russians, then the probability of exploiting vulnerability is forty percent.

New Ransomware Strain Hits the Chinese Web; Infects 100K PCs




More than 100,000 Chinese users have had their Windows PCs infected with yet another strain of ransomware that encodes their records and files all the while requesting a 110 yuan (~$16) ransom. The inadequately composed ransomware is known to have been scrambling local documents and taking credentials for various Chinese online services.

As of now there has been no threat made to international users as the ransomware is only determined to focusing on the Chinese web only.

The individual or the group behind the activity are only utilizing Chinese-themed applications to appropriate the ransomware by means of local sites and discussions at the same time asking for ransom payments through the WeChat payment service, just accessible in China and the contiguous areas.


A report from Chinese security firm Huorong, the malware, named 'WeChat Ransom' in a few reports, came into existence on December 1 and the quantity of infected systems has developed to more than 100,000 as of December 4.

Security specialists who analysed the attack said that other than encoding records, the ransomware additionally incorporated an information-stealing component that collected login credentials for a few Chinese online services, like Alipay, Baidu Cloud, NetEase 163, Tencent QQ, and Taobao, Tmall, and Jingdong.

Chinese security organizations examining the malware concur that it is a long way from a complex risk that can be effortlessly defeated. Although it professes to delete the decryption key if the victim neglects to pay the ransom by a specific date, document recuperation is as yet conceivable in light of the fact that the key is hardcoded in the malware.

Specialists from Huorong examining this ransomware string have found a name, a cell phone number, a QQ account, and an email address that could enable police to identify and catch the thief.

This most recent ransomware campaign anyway is additionally not the first occasion when those Chinese-based ransomware creators have utilized WeChat as a ransom payment dealing strategy. The ones who committed this deadly error in the past have been captured by the officials within months.

The Chinese police, in general, have a decent reputation of capturing the hackers within weeks or months after a specific malware crusade stands out as truly newsworthy.

Chinese Hacking Groups target UK Think Tanks

Cybersecurity firm, Crowdstrike, says that UK think tanks are being repeatedly targeted by Chinese hacking groups. Crowdstrike says that beginning in April 2017, it saw repeated targeting of British think tanks specialising in international security and defense issues.

The firm said it has investigated the breaches and attributes these attacks to groups they call “Panda,” which Crowdstrike said are China-based and linked to the Chinese state.

Crowdstrike was reportedly called in by some of the think tanks to investigate the attacks, help in clean-up, and protect their security. According to a report by BBC, not all attacks were successful.

The company also said that in 2017, Chinese cyber activity increased all over the world, targets including universities, law firms, technology companies across the world.

According to Dmitri Alperovitch, Crowdstrike’s co-founder and CTO, think tanks that work on Chinese policy were targeted “very aggressively” in an attempt to steal reports and information relating to connections with the government.

He said that this was because they believe the think tanks are influential in US and UK, saying "they believe that they may have access to information which is not public.”

According to Alperovitch, the hackers would persist and try to get back in even after they had been kicked out.

Chinese Huawei allegedly hacked into Indian state-owned Telecoms company BSNL

Parliament of India was informed on Wednesday that the State-owned Telecoms Company Bharat Sanchar Nigam Limited(BSNL)'s network was allegedly hacked by a Chinese Telecom equipment maker Huawei.

"The government has constituted an inter-ministerial team to investigate the matter."Killi Kruparani, Minister of State for Communications and IT, told the Lok Sabha.

According to reports,  the engineers of Huawei allegedly hacked a BSNL's mobile tower in Coastal area of Andhra Pradesh in October 2013.

India has launched an investigation, the investigation team is comprise of top officials from National Security council Secretariat, Intelligence Bureau, Union home ministry and BSNL.

It is worth to note that BSNL has offered a major part of its network expansion tender to another Chinese company ZTE in 2012.  The goverment suspects it might be the "inter-corporate rivalry" between these two chinese companies.

Huawei India denies allegations of hacking BSNL's network, said it will continue to work with Indian customers and Government and ready to help in addressing any network security issues.

Philippines Bureau of Immigration(BI) arrests 17 Chinese CyberCriminals


The Philippines Bureau of Immigration(BI) has announced the arrest of 17 Chinese Cyber Criminals wanted for Online Fraud and Cyber Crimes in China.

Immigration Commissioner Ricardo David Jr. said that the suspects , 15 of which are women, have been arrested in Makati City as part of an operation conducted by elements of the BI fugitive search unit.

The alleged CyberCriminals were identified as Cai Hong Ji, Mei Li, Huan Huan Yu, Si Meng Liu, Jiang Yang, Wenjie Yan, Ruicen Yuan, Zhi Ying He, Ning Zahang, Qian Shi, Liu Jan Wen, Chen Yan Ling, Peng Yuan Yuan, Ling Min Zhang, Zhou Xiao Yun, Chen Qing E, and Guo Yan.

According to BI report, the arrest come after the Chinese embassy request the BI to help them in capturing cyber criminals who fled to Philippines to evade arrest by Chinese authorities.

“All of them could not present their passports and travel documents, thus we will deport them for being undocumented and overstaying aliens,” the BI chief said.

Philippines News Agency site hacked by Chinese Hackers

The website of the Philippines News Agency(www.pna.gov.ph), the Philippine government's news wire service, was defaced by Chinese hackers.

The hackers defaced the site home page with an image of a Chinese flag and a message that the Panatag (Scarborough) Shoal belongs to China.

"Huangyan Island belongs to China,what power you have said is you?... Tolerance is not possible, no need to endure," the defacement message reads. Also ,hackers left their website URL and email address on the defaced page.

Hackers claim the PAGASA site hack is just for fun

A Hacker call himself as "Net user! broke into a Philippine government website and claimed the breach was only for"fun."

The Philippine Atmospheric Geophysical and Astronomical Services Administration site was defaced with a text message "Hacked by Net user! Just fun a fun!".

Another line on the defaced page indicated the hacker's supposed email, 794399786@qq.com.

According to Solar News report, Initially, the index page had its default presentation defaced by elements with red colors with Chinese characters written on it.

Philippines government sites faces cyber attack from Chinese hackers

Philippines under cyber attack: The official website of the Department of Budget and Management(DBM),sites of the Office of the Presidential Adviser on the Peace Process, Philippine National Police and Department of Foreign Affairs became the latest victim of a cyber attack by Chinese hackers.

The Department of Budget and Management(DBM) site was defaced Wednesday afternoon and quickly taken down by administrators, according to Budget Secretary Florencio Abad.


"Our initial findings indicate that all important data in the website remain intact. We are at present conducting a security audit on the site, which will remain offline until the audit has been completed and the necessary repairs are made. In addition, we have yet to establish the true identities of the parties or individuals responsible for the attack." the statement reads.

The hackers placed a Chinese flag on the defacement along with a caption announcing it was “Hacked! Owned by Chinese Hackers?!”

"How come a small bitch border country are overconfident? And Challenged to Our Chinese Super Hacker?” A warning was also displayed: “Don’t Trouble Chinese, Don’t Play with Fire." The defacement message reads.

Meanwhile , the The Office of the Presidential Adviser on the Peace Process and the Department of Foreign Affairs faced distributed denial-of-service attacks. The site of the Philippine National Police displayed an index of the site's contents instead of the normal content.



The official from the Philippines government told local hackers to stop the cyber attack on Chinese sites because it could lead to other more serious conflicts that would not benefit the country. It seems like no one told Chinese hackers to stop , so their continuing their attack.

Anonymous Philippines fight back ,defaced Chinese websites

Filipino hactivists have hacked and defaced a number of Chinese websites in retaliation for the defacing of the University of the Philippines (UP) website.

"Anonymous #OccupyPhilippines" attacked the China University Media Union site, replacing its homepage content with a digitized image of a Guy Fawkes mask, which symbolizes global protest hacking group Anonymous. Their message: "Chinese government is clearly retarded. Scarborough Shoal is ours!"

The Asiaone reports that hackers broke into a Chinese government site, http://gh.rc.gov.cn/, and posted a map of the West Philippine Sea (South China Sea).

"You got fucked by the Philippines! Spratly Island Is OURS!," Hackers wrote.

Hackers also hacked the following Chinese sites: http://www.lanseyinxiang.com/, v.cyol.com, http://sanxinsudi.com, ploft.cn and ryjzw.com.