Chinese banks require clients to use tax programs laced with backdoors, report says

When a Chinese bank asked a new client to use a specific kind of tax software as a condition of doing business, the company didn’t know that the tax technology came with a backdoor that would give hackers a new way in, according to research from Trustwave. The Chinese bank had told the U.K.-based defense contractor that the Chinese government required firms to use that specific software tool to pay local taxes. However, findings published Tuesday by the security vendor Trustwave spotlight how the tax software’s developer has relied on a number of subcontractors to build software flaws into other software tools for years. The programs are required to be used through the Chinese government’s Chinese Golden Tax Project, a tax system launched in the 1990s meant to streamline tax administration, according to Trustwave. The security company did not identify the Chinese bank nor the U.K.-based defense contractor. The revelation that Beijing mandates […]

The post Chinese banks require clients to use tax programs laced with backdoors, report says appeared first on CyberScoop.

Continue reading Chinese banks require clients to use tax programs laced with backdoors, report says

A discovered malware sample uses code from the NSA and a Chinese hacking group

Good hackers steal, great hackers borrow. According to new research from ESET, a code obfuscation tool that’s been linked to Chinese-based hackers has been used in tandem with an implant that has been attributed to Equation Group, a hacking faction that is broadly believed to have ties to the National Security Agency. ESET says the obfuscation tool is linked with Winnti Group, while the implant, known as PeddleCheap, appeared in an April 2017 leak from the mysterious group known as the Shadow Brokers. It’s unclear if the sample was used in a malicious campaign or if it’s the product of a security researcher experimenting with different tools, according to Marc-Étienne Léveillé, a malware researcher at ESET. It was uploaded to malware-sharing repository VirusTotal in 2017, according to Léveillé. The Winnti-linked packer was used in a series of intrusions at gaming organizations in 2018, which ESET has previously documented. ESET published its findings […]

The post A discovered malware sample uses code from the NSA and a Chinese hacking group appeared first on CyberScoop.

Continue reading A discovered malware sample uses code from the NSA and a Chinese hacking group

A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts

In mid-April, an obscure agency housed under the Department of Defense issued a bulletin that a little-known, Chinese-linked hacking group is likely responsible for some suspicious activity aimed at defense contractors in the U.S. But how the Defense Counterintelligence and Security Agency (DCSA) came to that conclusion is complicated. The alert, sent to 38 contractors, says DCSA detected the group was making “inbound and outbound connections” with contractors’ facilities as of Feb. 1. The targeting, which appeared to have stopped by March 25, was directed at several critical infrastructure sectors, including aerospace, health care and maritime, according to a copy of the bulletin obtained by CyberScoop. A DCSA official tells CyberScoop the document was meant to raise awareness among the contractors, but numerous sources tell CyberScoop that it is more confusing than clarifying. The bulletin, which was first reported by Politico, has raised questions about the attributed hacking group and if the actions described […]

The post A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts appeared first on CyberScoop.

Continue reading A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts

These tiny islands are at the heart of an uncovered Chinese phishing campaign

Suspected Chinese hackers are behind a phishing campaign apparently aimed at collecting data about Vietnamese government officials amid an ongoing territorial dispute between the two nations, according to new findings. A hacking group known as Pirate Panda, which has possible ties to the Chinese government, is trying to trick Vietnamese government officials into clicking on malicious Microsoft Excel documents attached to emails purportedly detailing festivities for Vietnamese holidays, according to research the threat intelligence firm Anomali shared with CyberScoop. Targeted individuals appear to be located in Da Nang, Vietnam, near a collection of landmasses in the South China Sea known as the Paracel Islands. The area is one of the most hotly contested regions of the South China Sea, with Beijing claiming ownership of much of the waterway. In recent days, Vietnam has said it does not recognize China’s claims over the islands, while China has said that Vietnamese claims […]

The post These tiny islands are at the heart of an uncovered Chinese phishing campaign appeared first on CyberScoop.

Continue reading These tiny islands are at the heart of an uncovered Chinese phishing campaign

Chinese hackers hit Citrix, Cisco vulnerabilities in sweeping campaign

Earlier this year, state-backed Chinese hackers embarked on one of the most sweeping Chinese espionage campaigns FireEye has seen in years, according to new research the security firm published Wednesday. The campaign, which lasted between January 20 and March 11, targeted 75 organizations ranging in nearly every economic sector: telecommunications, healthcare, government, defense, finance, petrochemical, manufacturing, and transportation. The campaign, believed to be run by APT41, targeted nonprofit, legal, real estate, travel, education, and media organizations as well. “This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years,” researchers Christopher Glyer, Dan Perez, Sarah Jones, and Steve Miller said. “While APT41 has previously conducted activity with an extensive initial entry … this scanning and exploitation has focused on a subset of our customers, and seems to reveal a high operational tempo and wide collection requirements for APT41.” APT41 zeroed in on victims […]

The post Chinese hackers hit Citrix, Cisco vulnerabilities in sweeping campaign appeared first on CyberScoop.

Continue reading Chinese hackers hit Citrix, Cisco vulnerabilities in sweeping campaign

A Chinese hacking group breached a telecom to monitor targets’ texts, phone metadata

Chinese government-linked hackers are monitoring mobile text messages of specific users, and for certain keywords as part of a new surveillance campaign meant to track individuals in a vast trove of telecommunication data, according to findings published Thursday. APT41, a group that carries out state-sponsored cyber-espionage on Beijing’s behalf, this summer compromised an unnamed telecommunications provider to monitor the messaging activity of high-ranking individuals of interest to the Chinese government, according to FireEye. Chinese hackers primarily have been scanning for military or intelligence keywords, tracking how subjects are reacting to protests, such as those in Hong Kong, and analyzing victims’ opinions of world leaders, Steve Stone, advanced practices director at FireEye, told CyberScoop. During the same intrusions into the unnamed phone company, APT41 also sought individuals’ records from call detail record (CDR) databases, which provide metadata such as the time the calls were made, the phone numbers involved, and the length of the […]

The post A Chinese hacking group breached a telecom to monitor targets’ texts, phone metadata appeared first on CyberScoop.

Continue reading A Chinese hacking group breached a telecom to monitor targets’ texts, phone metadata

Cylance: More and more APT groups are relying on mobile malware to track dissidents

State-backed hackers from China and Iran have long been spying on their country’s political dissidents using mobile malware, but new research from BlackBerry’s Cylance shows these same nation-state hackers — including groups that have previously been unknown — are using the malware to also spy on targets abroad. “It’s … worth expanding our notion of the typical target of the Chinese government: malware meant for targets of interest … for domestic reasons may very well end up inside a Western business,” Cylance researchers write in a blog post. Chinese hackers, for instance, have been using mobile malware to spy on the Uighur and Tibetan population in recent months through iOS and Android malware. But while Volexity, the firm behind the Uighur population’s surveillance research, has previously said there were “possible ties” between the two campaigns, Cylance links both to one actor. Cylance claims Winnti, a Chinese APT group better known for its targeting […]

The post Cylance: More and more APT groups are relying on mobile malware to track dissidents appeared first on CyberScoop.

Continue reading Cylance: More and more APT groups are relying on mobile malware to track dissidents

FCC chair pitches rules to block Huawei, ZTE

Federal Communications Commission Chairman Ajit Pai revealed a proposal Monday that would bar U.S. communications companies from using federal subsidies to buy Huawei and ZTE equipment and services. It’s the latest push from the Trump administration to block Chinese-owned telecommunications equipment and services from being used in the U.S. due to national security concerns. Pai’s proposal would prevent communications companies from using the FCC’s $8.5 billion service fund, known as the Universal Service Fund, from buying equipment that poses a “national security threat” to the U.S. Pai specifically cites Huawei and ZTE. “We need to make sure our networks won’t harm our national security, threaten our economic security, or undermine our values. The Chinese government has shown repeatedly that it is willing to go to extraordinary lengths to do just that,” Pai said in a statement. “As the United States upgrades its networks to the next generation of wireless technologies — […]

The post FCC chair pitches rules to block Huawei, ZTE appeared first on CyberScoop.

Continue reading FCC chair pitches rules to block Huawei, ZTE

Justice official: U.S. private and public sectors face the same Chinese spying tactics

Chinese spies are trying the same tactics to steal intellectual property from U.S. companies as they use to cultivate assets from U.S. national security circles, a top Department of Justice official has warned the private sector. Chinese intelligence officers have looked to recruit employees at U.S. companies and use that foothold to steal trade secrets in sophisticated operations, according to John Demers, the assistant attorney general for national security. Intelligence agencies, companies and research institutes in China are also coordinating deeply to pinpoint the data they want, Demers said Thursday at CyberTalks in Washington, D.C. “[C]learly, I think our cases reflect an increased focus by the [Chinese] intelligence services to do this kind of intellectual property collection,” Demers said, referring to cyber-enabled theft. The department last year tapped Demers to lead a new task force dedicated to combatting alleged Chinese economic espionage. Under the initiative, FBI officials are reaching out universities to warn them of the risk of intellectual property theft, while prosecutors are […]

The post Justice official: U.S. private and public sectors face the same Chinese spying tactics appeared first on CyberScoop.

Continue reading Justice official: U.S. private and public sectors face the same Chinese spying tactics

Chinese-linked hacking group gets crafty to avoid detection

Over the last several months, Chinese-linked hackers have been targeting a Southeast Asian government using simple spearphishing emails and hundreds of malicious documents with a focus on consistently changing their tactics to avoid detection, according to Check Point research. The most noteworthy part of the hackers’ months-long campaign is their perpetually changing tactics, according to Michael Abramzon, the cyber research team lead at Check Point. While watching the group over the last seven months, it has been consistently able to install PowerShell-based backdoors onto victim machines via spearphishing emails laced with malicious documents. The group, known as Rancor group, used different delivery methods and payloads in order to do so every couple of months. In December, the group was sending documents to victims containing a macro code that eventually downloaded a malicious installer (an MSI payload) from the group’s server, which then installed a PowerShell script. But between January and March, […]

The post Chinese-linked hacking group gets crafty to avoid detection appeared first on CyberScoop.

Continue reading Chinese-linked hacking group gets crafty to avoid detection