economic espionage – WindowsTechs.com

US agencies circulate warning about ‘aggressive’ Chinese hacking effort to steal secrets from a range of targets

Posted on July 16, 2021 by Sean Lyngaas

Chinese government-backed hackers’ rampant appetite for intellectual property represents a “major threat to U.S. and allied cyberspace assets,” according to a U.S. government assessment obtained by CyberScoop. The analysis from the National Security Agency, FBI and Department of Homeland Security’s cyber agency warns that Beijing-linked hackers are still “aggressively” targeting U.S. and allied defense and semiconductor firms, medical institutions and universities to steal sensitive corporate data and personally identifiable information. The advisory is a reminder that, despite the Biden administration’s heightened attention on ransomware gangs based in Russia, Chinese state-backed hacking remains a formidable threat to U.S. interests. The document is scheduled to be released publicly in the coming weeks, perhaps as soon as Monday. “NSA, [the Cybersecurity and Infrastructure Security Agency], and FBI have observed increasingly sophisticated Chinese state-sponsored cyber activity targeting U.S. political, economic, military, educational, and [critical infrastructure] personnel and organizations,” says the advisory. “These cyber operations […]

The post US agencies circulate warning about ‘aggressive’ Chinese hacking effort to steal secrets from a range of targets appeared first on CyberScoop.

Continue reading US agencies circulate warning about ‘aggressive’ Chinese hacking effort to steal secrets from a range of targets→

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says

Posted on May 27, 2021 by Sean Lyngaas

A sprawling Chinese espionage operation against U.S. and European government organizations extends to additional commercial sectors than previously known and involves four new hacking tools, security firm FireEye said Thursday. All told, two China-linked groups — and other hackers that investigators did not name — are exploiting virtual private network software in breaches that have touched the transportation and telecommunication sectors, according to FireEye. The firm had previously only named the defense, financial and government sectors as affected by the breaches. The attackers are exploiting popular VPN software known as Pulse Connect Secure to burrow into networks and steal sensitive data. Many of the breached organizations “operate in verticals and industries aligned with Beijing’s strategic objectives” that are outlined in the Chinese government’s latest “Five Year Plan” for economic growth, according to Mandiant, FireEye’s incident response arm. The majority of the intrusions have been carried out by a group called […]

The post Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says appeared first on CyberScoop.

Continue reading Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says→

Intrusion Truth details work of suspected Chinese hackers who are under indictment in US

Posted on May 6, 2021 by Sean Lyngaas

Intrusion Truth, a mysterious group known for exposing suspected Chinese cyber-espionage operations, on Thursday published a new investigation that traced front companies allegedly used by two Chinese men whom a U.S. grand jury indicted last year. The findings shed light on a dynamic that U.S. law enforcement officials say is increasingly common: foreign intelligence services’ use of front companies to try to conceal their hacking operations. The details also come at a time when Biden administration officials are dealing with the fallout of another suspected Chinese hacking campaign in which attackers leveraged widely used Microsoft software. The Justice Department has alleged that the two suspects, Li Xiaoyu and Dong Jiazhi, met at university before embarking on a decade of malicious cyber activity, sometimes for personal financial gain and other times on behalf of the Ministry of State Security, China’s civilian intelligence agency. In some cases, the men allegedly probed the […]

The post Intrusion Truth details work of suspected Chinese hackers who are under indictment in US appeared first on CyberScoop.

Continue reading Intrusion Truth details work of suspected Chinese hackers who are under indictment in US→

China-linked hackers exploited SolarWinds software in 2020 breach, researchers say

Posted on March 8, 2021 by Sean Lyngaas

Suspected Chinese spies exploited popular enterprise software built by SolarWinds in a hacking operation last year, Dell-owned Secureworks said Monday, a conclusion that follows news that Russian hackers also leveraged SolarWinds technology. The suspected Chinese attackers had access to an unnamed private sector organization as early as 2018. Upon being evicted by incident responders, the hackers broke back into the organization in November 2020 by exploiting SolarWinds software, according to Secureworks. The findings underscore the premium that multiple sets of foreign operatives have apparently put on accessing valuable organizational data held by the SolarWinds Orion network monitoring software. The disclosure comes as U.S. organizations are also coping with another suspected Chinese spying operation that exploits Microsoft Exchange Server software to steal organizations’ emails. In both the suspected Russian and Chinese schemes involving SolarWinds, the attackers wrote malicious code tailored to exploit the Orion platform and sift through data stored on […]

The post China-linked hackers exploited SolarWinds software in 2020 breach, researchers say appeared first on CyberScoop.

Continue reading China-linked hackers exploited SolarWinds software in 2020 breach, researchers say→

Tickemaster pays $10M fine to settle charges of using stolen passwords to spy on rival company

Posted on December 31, 2020 by Joe Warminsky

One of the biggest brands in the music and events business, Ticketmaster, has agreed to pay a $10 million fine for “computer intrusion and fraud offenses” after employees used stolen credentials to spy on a competitor, according to the Department of Justice. The rival company didn’t know that one of its former employees had leaked logins to Ticketmaster, which used them to gather information in the mid-2010s about the competitor’s technology and other aspects of its business. “Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” said acting U.S. Attorney Seth D. DuCharme. “Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic.” The feds don’t name the victim company, but it’s widely known to be Songkick. The investigation […]

The post Tickemaster pays $10M fine to settle charges of using stolen passwords to spy on rival company appeared first on CyberScoop.

Continue reading Tickemaster pays $10M fine to settle charges of using stolen passwords to spy on rival company→

DHS warns US businesses of China’s data-collection practices

Posted on December 23, 2020 by Sean Lyngaas

As Washington is absorbed with the fallout of a suspected Russian hacking operation against U.S. organizations, the Department of Homeland Security is warning American companies not to be complacent when it comes to cyberthreats from China. A 15-page “business advisory” released Tuesday by DHS cautions that Chinese intelligence services could collect and exploit data held by U.S. firms doing business in China, highlighting longstanding concerns from U.S. officials. Beijing has denied allegations of economic espionage. The advisory is an acknowledgement that, despite efforts by both the Trump and Obama administrations to curb China’s alleged theft of intellectual property, it is still a rampant problem for U.S. officials. It comes after the top U.S. counterintelligence official said this month that China had increased its influence operations targeting incoming Biden administration personnel and their associates. Chinese law requires Chinese businesses and citizens, including in academia, to “take actions related to the collection, […]

The post DHS warns US businesses of China’s data-collection practices appeared first on CyberScoop.

Continue reading DHS warns US businesses of China’s data-collection practices→

Russian-speaking hackers target Russian organizations with industrial spying tools

Posted on October 8, 2020 by Sean Lyngaas

A previously undisclosed, Russian-speaking hacking group has for the last two years been conducting targeted espionage against Russian-speaking organizations, researchers said Thursday. The type of tailored malicious code that Russian security company Kaspersky uncovered is often reserved for spying on diplomats or infiltrating telecom firms rather than corporations, researchers asserted. But these attackers have been stalking unnamed corporations, looking to siphon off certain Microsoft Office and Adobe documents. The discovery adds to a growing body of public reporting on corporate hacking that has often focused on Chinese-speaking hackers. U.S. government officials and security researchers have accused China of economic espionage for years — a charge Beijing denies. In this case, however, the hackers may be pretending to be Chinese but are really Russian speakers, according to Kaspersky. They set up online accounts for communicating with cloud computing infrastructure that “pretend to be of Chinese origin,” the researchers said. To lure their victims, […]

The post Russian-speaking hackers target Russian organizations with industrial spying tools appeared first on CyberScoop.

Continue reading Russian-speaking hackers target Russian organizations with industrial spying tools→

Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated

Posted on October 6, 2020 by Sean Lyngaas

More than 200 people have died in clashes between ethnic Armenian separatists and Azerbaijani government forces over the breakaway region of Nagorno-Karabakh in the last 10 days. It’s the worst outbreak of violence related to Nagorno-Karabakh since Armenia and Azerbaijan, two former Soviet republics, fought a war over the enclave in the 1990s. And this time, hacking has come with the fighting. Unidentified spies have in recent weeks been quietly breaching Azerbaijani government IT networks and accessing the diplomatic passports of certain officials, according to new research from Talos, Cisco’s threat intelligence unit. The Talos data shows how digital espionage often coincides with bursts of violence in modern war. Days after Azerbaijan’s president made a call to mobilize reserve soldiers, the hackers used a fake Azerbaijani government document on the same subject as bait. The malicious code embedded in the document can exfiltrate data from a compromised computer and gives the […]

The post Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated appeared first on CyberScoop.

Continue reading Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated→

Malicious Autodesk plugin at root of cyber-espionage campaign

Posted on August 26, 2020 by Shannon Vavra

A company involved in billion-dollar real estate deals in New York, London, Australia, and Oman has recently become the target of a cyber-espionage campaign from a set of well-resourced hackers, according to new BitDefender research published Wednesday. The hackers waged the campaign against the target, an international architectural and video production entity, in a likely effort to collect financial information or negotiation details of competing contracts for a customer, BitDefender assessed. They infiltrated the victim firm by imitating a plugin for a popular 3D computer graphics software, AutoDesk 3ds Max, and then deploying a malicious file against the target. The perpetrators are likely hackers-for-hire who split their time between running nation-state cyber-operations and conducting corporate espionage on behalf of private sector entities, according to BitDefender’s analysis. Which foreign government BitDefender suspects employs the hackers wasn’t immediately clear, but Russia, China, Iran, and North Korea alike frequently rely on contractor talent or […]

The post Malicious Autodesk plugin at root of cyber-espionage campaign appeared first on CyberScoop.

Continue reading Malicious Autodesk plugin at root of cyber-espionage campaign→

How spies used LinkedIn to hack European defense companies

Posted on June 17, 2020 by Sean Lyngaas

For LinkedIn users, receiving unsolicited messages from pushy job recruiters comes with the territory. It’s an annoyance for some, a welcome path toward a new gig for others. What the experience isn’t supposed to entail is the theft of sensitive data from the defense company that employs you. That’s what happened to employees at two European aerospace and defense firms from September to December 2019, according to research published Wednesday. The culprit was an as-yet-unidentified advanced persistent threat (APT) group — hackers that are usually associated with governments. Their methods were relentless, even clumsy at times. The operatives “targeted a large array of employees at both organizations, across different divisions, relentlessly trying to get a foothold in their target’s network,” said Jean-Ian Boutin, head of threat research at ESET, the anti-virus firm that exposed the hacking campaign. At the end of the operation, the hackers tried to bilk one of the European […]

The post How spies used LinkedIn to hack European defense companies appeared first on CyberScoop.

Continue reading How spies used LinkedIn to hack European defense companies→