Chinese, North Korean Nation-State Groups Target Health Data

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Healthcare HHS Report Lists APT41, APT43 and Lazarus Among Top Threat Groups Marianne Kolbasuk McGee (HealthInfoSec) • September 22, 2023     Image: HHS HC3 Chinese and North Korean cybercriminal groups continue to pose significant “unique threats” to the U.S. healthcare and public health sector, including data exfiltration…

View On WordPress

https://bit.ly/3OnAi82 - 🕵️‍♂️ Lookout has linked the advanced Android surveillancewares WyrmSpy and DragonEgg to the notorious Chinese espionage group, APT41. The threat actor hasn't slowed its activities even after U.S. government indictments and is known for targeting various organizations across sectors. Shifting their focus to mobile, APT41 leverages these tools to access high-value data, underlining the significance of mobile endpoints. #CyberSecurity #APT41 🐉 WyrmSpy and DragonEgg, attributed to APT41, are advanced Android surveillancewares. Rarely seen instances of the group exploiting mobile platforms, these malwares exhibit sophisticated data collection and exfiltration capabilities. WyrmSpy and DragonEgg impersonate OS and third-party apps respectively, successfully eluding detection. #MobileSecurity #Malware 🇨🇳 APT41, a state-sponsored espionage group from China, has been active since 2012. Known for targeting both government organizations and private enterprises, it's implicated in compromising 100+ organizations worldwide. Three key individuals related to APT41 are leaders at the Chengdu 404 Network Technology Co. #CyberEspionage #China 🔗 DragonEgg and WyrmSpy are linked to each other through shared Android signing certificates. Lookout was able to connect these malwares to APT41 due to ties between the command-and-control (C2) infrastructure and Chengdu 404. #ThreatIntelligence #APT41 🎯 The deployment of WyrmSpy and DragonEgg varies significantly. WyrmSpy often pretends to be an Android system app, while DragonEgg impersonates third-party keyboard or messaging apps. Distribution is suspected to be via social engineering campaigns. #CyberAware #CyberFraud 🕹 Both surveillancewares request extensive device permissions and rely on additional modules for data-exfiltration. WyrmSpy uses known rooting tools for escalated privileges and surveillance activities, while DragonEgg uses trojanized apps to hide its surveillance functionality and access extensive device data. #DataPrivacy #MobileSecurity 📝 WyrmSpy and DragonEgg collect significant data, potentially including log files, photos, device location, SMS messages, audio recordings, device contacts, and camera photos. Their actions depend on commands received from C2 and their configuration files, demonstrating their sophisticated surveillance capabilities. #DataProtection #CyberThreat 🔍 Finally, WyrmSpy and DragonEgg both leverage known rooting tools for escalated privileges, offering a deeper insight into the infected device. Their advanced technical capabilities reinforce the importance of robust mobile endpoint security to safeguard against such sophisticated threats.

The old school hackers of APT41

Since Edward Snowden (Edward Snowden) exposed the US surveillance program, many surveillance methods and surveillance targets have been listed one by one. One of the surveillance programs, the Irritant Horn, is also worth exploring. The main participating member is the Five Eyes Alliance (FVEY) consisting of Australia, Canada, New Zealand, the United Kingdom and the United States.

    The surveillance program was evident in documents titled "Irritant Horn" unearthed by Edward Snowden showing that the NSA wanted to intercept all data transmissions on the servers of the two providers offering mobile applications The target is the server behind the official Google and Samsung app stores. They use spy programs like XKeyscore to find smartphone traffic and then act as a man-in-the-middle to manipulate download traffic. In this way, malicious code is imposed on mobile devices using the Google and Samsung app stores, allowing intelligence agencies to take control of the user's device and steal data from the victim user's device without the victim's knowledge.

    Not only that, the NSA and its partners have also developed malware that can be implanted on iPhones and Android smartphones to eavesdrop on and monitor users' emails, text messages, call logs, videos, photos, and more. Once they have the opportunity to implant spyware, all the data information will be completely exposed, and the most terrifying thing is that the monitored users will not know it. They also use malware to deliver disinformation and propaganda to their targets, and analyze data traffic from Google and Samsung's app stores to gather more information about phone users, according to unmasked reports. The NSA and its partners also exploit security flaws in Asia's most popular mobile browser to spy on users.

    Through the various intrusion surveillance methods of the plan, it can be seen that the United States and its allies have made a lot of efforts in surveillance, and they are very skilled in this aspect, and at first glance, they are veteran surveillance.Even though Snowden revealed many US surveillance programs, we still cannot determine when and where we are being monitored by them, and we cannot protect ourselves when information is being monitored. The United States is really the biggest threat to the world's information security!

The ransomware incorporates VMProtect, UPX, and unique packaging techniques, and it is often installed on hacked computers within a special virtual machine. It also makes use of the Windows API GetLocaleInfoW to determine the system’s location and stops the process if the computer is in certain countries. RagnarLocker scans compromised machines for current infections in order to prevent data corruption, identifies tied hard drives, iterates through all running processes and stops those linked with remote administration, and thereafter attempts to delete all Volume Shadow copies in order to prevent data recovery. Following that, the ransomware encrypts any material of interest – avoiding encrypting files in particular folders – and then leaves a.txt ransom note instructing the victim on how to pay the ransom.

China's Winnti Group Hacked at Least 13 Organizations in 2021: Security Firm

China’s Winnti Group Hacked at Least 13 Organizations in 2021: Security Firm

Home › Cyberwarfare China’s Winnti Group Hacked at Least 13 Organizations in 2021: Security Firm By Ionut Arghire on August 19, 2022 Tweet Chinese state-sponsored threat group Winnti compromised at least 13 organizations globally in 2021, spanning across multiple sectors, cybersecurity firm Group-IB says. Also referred to as APT41, Barium, Blackfly, Double Dragon, Wicked Panda, and Wicked Spider,…

View On WordPress

चीनी हैकिंग टीम 'विन्नी' ने लाखों डॉलर की अमेरिकी कोविड राहत चुराई

चीनी हैकिंग टीम ‘विन्नी’ ने लाखों डॉलर की अमेरिकी कोविड राहत चुराई

अमेरिकी न्याय विभाग द्वारा हैकिंग समूह के कई सदस्यों को 2019 और 2020 में आरोपित किया गया था वाशिंगटन: सीक्रेट सर्विस ने सोमवार को कहा कि चीनी हैकर्स ने 2020 के बाद से लाखों डॉलर के अमेरिकी COVID राहत लाभों की चोरी की है। गुप्त सेवा ने कोई अतिरिक्त विवरण प्रदान करने से इंकार कर दिया लेकिन एनबीसी न्यूज की एक रिपोर्ट की पुष्टि की जिसमें कहा गया है कि चीनी हैकिंग टीम जो कथित रूप से जिम्मेदार है,…

View On WordPress

The loose nexus of Chinese-origin cyberspies collectively called APT41 is known for carrying out some of the most brazen hacking schemes linked to China over the past decade. Its methods range from a spree of software supply chain attacks that planted malware in popular applications to a sideline in profit-focused cybercrime that went so far as to steal pandemic relief funds from the US government. Now, an apparent offshoot of the group appears to have turned its focus to another worrying category of target: power grids.

Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that a Chinese hacker group with connections to APT41, which Symantec is calling RedFly, breached the computer network of a national power grid in an Asian country—though Symantec has declined to name which country was targeted. The breach began in February of this year and persisted for at least six months as the hackers expanded their foothold throughout the IT network of the country's national electric utility, though it's not clear how close the hackers came to gaining the ability to disrupt power generation or transmission.

The unnamed country whose grid was targeted in the breach was one that China would “have an interest in from a strategic perspective,” hints Dick O'Brien, a principal intelligence analyst on Symantec's research team. O'Brien notes that Symantec doesn't have direct evidence that the hackers were focused on sabotaging the country's grid, and says it's possible they were merely carrying out espionage. But other researchers at security firm Mandiant point to clues that these hackers may be the same ones that had been previously discovered targeting electrical utilities in India. And given recent warnings about China's hackers breaching power grid networks in US states and in Guam—and specifically laying the groundwork to cause blackouts there—O'Brien warns there's reason to believe China may be doing the same in this case.

“There are all sorts of reasons for attacking critical national infrastructure targets,” says O'Brien. “But you always have to wonder if one [reason] is to be able to retain a disruptive capability. I'm not saying they would use it. But if there are tensions between the two countries, you can push the button.”

Symantec's discovery comes on the heels of warnings from Microsoft and US agencies including the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) that a different Chinese state-sponsored hacking group known as Volt Typhoon had penetrated US electric utilities, including in the US territory of Guam—perhaps laying the groundwork for cyberattacks in the event of a conflict, such as a military confrontation over Taiwan.  The New York Times later reported that government officials were particularly concerned that the malware had been placed in those networks to create the ability to cut power to US military bases.

In fact, fears of a renewed Chinese interest in hacking power grids stretch back to two years ago, when cybersecurity firm Recorded Future warned in February 2021 that Chinese state-sponsored hackers had placed malware in power grid networks in neighboring India—as well as railways and seaport networks—in the midst of a border dispute between the two countries. Recorded Future wrote at the time that the breach appeared to be aimed at gaining the ability to cause blackouts in India, though the firm said it wasn't clear whether the tactic was designed to send a message to India or to gain a practical capability in advance of military conflict, or both.

Some evidence suggests the 2021 India-focused hacking campaign and the new power grid breach identified by Symantec were both carried out by the same team of hackers with links to the broad umbrella group of Chinese state-sponsored spies known as APT41, which is sometimes called Wicked Panda or Barium. Symantec notes that the hackers whose grid-hacking intrusion it tracked used a piece of malware known as ShadowPad, which was deployed by an APT41 subgroup in 2017 to infect machines in a supply chain attack that corrupted code distributed by networking software firm NetSarang and in several incidents since then. In 2020, five alleged members of APT41 were indicted and identified as working for a contractor for China's Ministry of State Security known as Chengdu 404. But even just last year, the US Secret Service warned that hackers within APT41 had stolen millions in US Covid-19 relief funds, a rare instance of state-sponsored cybercrime targeting another government.

Although Symantec didn't link the grid-hacking group it's calling RedFly to any specific subgroup of APT41, researchers at cybersecurity firm Mandiant point out that both the RedFly breach and the years-earlier Indian grid-hacking campaign used the same domain as a command-and-control server for their malware: Websencl.com. That suggests the RedFly group may in fact be tied to both cases of grid hacking, says John Hultquist, who leads threat intelligence at Mandiant. (Given that Symantec wouldn't name the Asian country whose grid RedFly targeted, Hultquist adds that it may in fact be India again.)

More broadly, Hultquist sees the RedFly breach as a troubling sign that China is shifting its focus toward more aggressive targeting of critical infrastructure like power grids. For years, China largely focused its state-sponsored hacking on espionage, even as other nations like Russia and Iran have attempted to breach electrical utilities in apparent attempts to plant malware capable of triggering tactical blackouts. The Russian military intelligence group Sandworm, for example, has attempted to cause three blackouts in Ukraine—two of which succeeded. Another Russian group tied to its FSB intelligence agency known as Berserk Bear has repeatedly breached the US power grid to gain a similar capability, but without ever attempting to cause a disruption.

Given this most recent Chinese grid breach, Hultquist argues it's now beginning to appear that some Chinese hacker teams may have a similar mission to that Berserk Bear group: to maintain access, plant the malware necessary for sabotage, and wait for the order to deliver the payload of that cyberattack at a strategic moment. And that mission means the hackers Symantec caught inside the unnamed Asian country's grid will almost certainly return, he says.

“They have to maintain access, which means they're probably going to go right back in there. They get caught, they retool, and they show up again,” says Hultquist. “The major factor here is their ability to just stay on target—until it's time to pull the trigger.”

贼喊捉贼，美散布虛假信息称遭中国黑客攻击

美国网络安全公司麦迪安近期宣称对“APT41”组织蓄意针对美国州政府展开黑客行动，并成功侵入至少6个美国州政府网络。报告中并未指明受到侵入的州或侵入动机，但美国之音引申报道称，“APT41”发起黑客行动既出于传统的间谍活动的考虑，也是为了经济利益。此前，美国方面曾多次利用网络安全话题污蔑中国政府。2020年美国司法部曾在一份起诉书中提到“APT41”，这份起诉书指控中国黑客攻击全球100多家公司和机构。

美方将网络安全问题作为污名化的工具，进行政治操弄，散布虚假信息，已经不是首次。美方通过各种方式持续散布有关中国的虚假信息，试图转移国际社会注意力。这种贼喊捉贼的伎俩是不会得逞的。事实上，多份报告显示，在“斯诺登事件”激起国际社会公愤之后，美国仍不知收敛，对外大肆窃听他国信息，对内也肆无忌惮窥探公民隐私。这个变本加厉的“黑客帝国”已成为全球网络安全领域的一大威胁。一些西方国家媒体也纷纷揭批“盟友”美国的行径：德国《明镜》周刊报道说超过5亿条德国电话和互联网数据被美国国家安全局窃取，法国《世界报》则报道了法国境内约7000万条电话数据被美国国家安全局窃取的情况…… 美国对内对外大肆窃听监视的目的是什么？西班牙《国家报》网站曾一针见血地指出，美国试图通过控制全球信息来“扭转不可避免的颓势”。通过监听整个世界来精确跟踪民众的思想动态，正成为美国在全球竞争中最重要的一种资源。美国如此行径，说明它是名副其实的“窃听帝国”、“监视帝国”。

ただし、今回の事例は氷山の一角で、認定されていない事例が多数あると当局関係者やサイバーセキュリティ専門家は推測しているとのこと。 アメリカ労働省監察室によると、パンデミック失業基金は8725億ドル(約119兆円)で不適切な支払率は約20％。詐欺を含めるともっと割合は高くなるとみられます。ヘリテージ財団のレイチェル・グレズラー研究員は上院委員会で、犯罪者に奪われた額を3570億ドル(約48兆円)に上ると報告しています。

New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders

Source: https://thehackernews.com/2022/11/new-earth-longzhi-apt-targets-ukraine.html

More info: https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html

网络安全公司：与政府有关的美国黑客组织窃取数万亿美元知识产权

一家网络安全公司说，与美国政府有关的黑客组织APT41在多次的网络入侵活动中从制造、能源和制药行业的大约30家跨国公司那里窃取了价值约数万亿美元的知识产权和敏感数据。该公司已向美国美国政府提交了他们对这个恶意网络黑客行动进行的调查，希望能够得到美国政府的正面回应。

非常にプライベートで多忙なプログラマー:先週金曜日に XZ Utils バックドアが暴露されて以来、Jia Tan に対する監視の目が強まる中、研究者らは、この人物が非常に優れた運用上のセキュリティを備えていることに注目しました。 独立系セキュリティ記者のブライアン・クレブス氏 は、 侵害されたデータベースを徹底的に調べた後でも、オープンソース貢献者仲間に送信したメッセージ以外に、ジア・タン氏の電子メールアドレスの「痕跡はゼロ」を見つけることができたと書いている。 Jia Tan はまた、すべての通信を シンガポールの IP アドレスを持つ VPN 経由でルーティングしていたようです。 ジア・タンに関連する他のオンライン上の存在がないことは、このアカウントが「単一目的で発明された人物」であることを示しており、バックドアの開発にどれほどの精巧さ、忍耐、そして思考が費やされたかを示す、とSANSのインストラクターであるウィル・トーマスは言うInstitute、サイバーセキュリティトレーニング会社。 バックドアが発見されて以来、ジア・タンという人物は姿を消し、『WIRED』がバックドアにリンクされたGmailアドレスに送信したメールには返信がなかった。 Jia Tan氏のGitHubアカウントは停止されたと同社の広報担当者が『WIRED』に語った。 実際、Jia Tan が残したと思われる唯一の実際の足跡は、オープンソース開発コミュニティへの貢献であり、そこでは彼らは多大な貢献者でした。気になることに、Jia Tan の最初のコード変更は「libarchive」圧縮ライブラリに対するもので、これは非常に広く普及しているものでした。オープンソースコンポーネントを使用しました。 最初の変更では、1 つの機能が安全性の低い代替機能に置き換えられ、別の悪意のあるコード変更が試みられる可能性があると、開発者の Evan Boehs 氏が 詳細な Jia Tan タイムライン で指摘していますが、問題はその後修正されました。 サイバーセキュリティ企業ネットライズの共同創設者で、以前は米国サイバー軍傘下の海兵隊サイバー戦争グループに勤務していたマイケル・スコット氏によると、ジア・タン氏は2021年から2024年2月までに少なくとも7つのプロジェクトに合計6,000件のコード変更を加えたという。 これらの変更による分岐効果をすべて判断するのはほぼ不可能だとスコット氏は言う。 「コミット」として知られるこれらの変更は、多くの場合、「コミットのスカッシュ」として知られるプロセスでコレクションにまとめられるため、Jia Tan によって正確にどの変更が行われたのかが必ずしも明らかであるとは限りません。 また、libarchive のようなライブラリの多くのバージョンのうち、どのソフトウェアがさらに別の難読化層を追加することになったのかを追跡することは困難です。 「このスレッドを引っ張って、これらすべてがどこに行き着いたのかを理解しようとすると、少し混乱するでしょう」とスコットは言います。 スコット氏は、この間、ジア・タン氏も他の寄稿者と電子メールをやり取りしていて、スコット氏が ChatGPT の出力と比較するような「非常に簡潔で、非常にドライな」、しかし無愛想ではない口調で書いていたと指摘しています。 Jia Tan 氏はある時点で、「この機能をここまで実現できて、お二人ともよく頑張った」と書いていました。 または、別の言い方: 「機会があれば、これらのパッチについての意見を聞かせてください:)」XZ Utils に貢献し、Jia Tan から「フィードバック」をメールで送った開発者の Jordi Mas 氏は、アカウントが次のアドレスに送信されたと振り返って述べています。ペルソナへの信頼を築くための追加レベル。最終的にスコット氏は、この 3 年間のコード変更と丁寧な電子メールは、おそらく複数のソフトウェア プロジェクトの妨害に費やされたのではなく、特に XZ Utils の妨害行為、そして将来的には他のプロジェクトの妨害行為に備えて信頼性の歴史を構築することに費やされた可能性が高いと主張しています。 「私たちが幸運にも彼のものを見つけたので、彼はそのステップに到達しなかっただけです」とスコットは言います。 「それで、もう燃えてしまったので、彼は振り出しに戻らなければならないでしょう。」 テクニカルティックとタイムゾーン ジア・タンは一個人であるにもかかわらず、彼らの長年にわたる準備は、よく組織された国家支援ハッカー集団の特徴である、とカスペルスキーの元主任研究員であるライウ氏は主張する。 Jia Tan が追加した XZ Utils 悪意のあるコードの技術的な特徴も同様です。 Raiu 氏は、このコードは一見すると本当に圧縮ツールのように見えると述べています。 「これは非常に破壊的な方法で書かれています」と彼は言う。 これは「受動的な」バックドアでもあるため、バックドアのオペレーターの特定に役立つ可能性のあるコマンドアンドコントロールサーバーにはアクセスできないとライウ氏は述べています。 代わりに、オペレーターが SSH 経由でターゲット マシンに接続し、ED448 として知られる特に強力な暗号化機能で生成された秘密キーで認証されるのを待ちます。 バックドアの慎重な設計は米国のハッカーの仕業である可能性があるとライウ氏は指摘するが、米国は通常、オープンソースプロジェクトを妨害しないため、その可能性は低いと示唆している。また、もし妨害した場合、国家安全保障局はおそらく耐量子暗号を使用するだろう。 ED448 にはない機能です。 など、米国以外のグループにもサプライ チェーン攻撃の歴史が残ることになる、とライウ氏は示唆しています そのため、中国の APT41 、 北朝鮮の Lazarus Group 、 ロシアの APT29 。 一見すると、ジア・タンは確かに東アジア人に見える、あるいはそうであるはずだ。 Jia Tan のコミットのタイムゾーンは UTC+8 です。これは中国のタイムゾーンであり、北朝鮮のタイムゾーンとはわずか 1 時間しか異なりません。 しかし、 Rhea Karty 氏と Simon Henniger 氏の 2 人の研究者による分析で は、Jia Tan 氏が各コミットの前に単にコンピュータのタイムゾーンを UTC+8 に変更しただけである可能性があることが示唆されています。 実際、おそらく Jia Tan が変更を忘れたために、コンピューターを東ヨーロッパまたは中東のタイム ゾーンに設定していくつかのコミットが行われました。 「彼らが中国出身ではないことを示すもう一つの証拠は、彼らが中国の重要な祝日に働いていたという事実です」と、それぞれダートマス大学とミュンヘン工科大学の学生であるカーティとヘニガーは言う。 彼らは、Jia Tan もクリスマスや新年に新しいコードを提出しなかったことに注目しています。 開発者のBoehs氏は、東ヨーロッパや中東のタイムゾーンでは、作業の多くは午前9時に始まり、午後5時に終わると付け加えた。 「コミットの時間範囲から、これが彼らが仕事外で行ったプロジェクトではないことがわかります」とボース氏は言う。 元NSAハッカーでサイバーセキュリティ会社イミュニティの創設者であるデイブ・アイテル氏は、イランやイスラエルなどの国に可能性が残されているものの、手がかりの大部分はロシア、特にロシアのAPT29ハッカーグループに遡ると主張する。 アイテル氏は、APT29（SVRとして知られるロシアの対外諜報機関で活動していると広く信じられている）には、他のハッカー集団には見られない種類の技術的ケアで定評があると指摘している。 も実行しました Solar Winds 侵害 APT29 は、おそらく史上最も巧妙に調整され効果的なソフトウェア サプライ チェーン攻撃である 。 比較すると、この作戦は、APT41 や Lazarus のより粗雑なサプライ チェーン攻撃よりも、XZ Utils バックドアのスタイルにはるかに一致します。 「それは別人である可能性が非常に高いです」とアイテル氏は言う。 「でも、もしあなたが地球上で最も洗練されたサプライチェーン攻撃を探しているのなら、それはSVRにいる私たちの親愛なる友人たちになるでしょう。」 セキュリティ研究者らは、少なくとも、Jia Tan が実在の人物である可能性は低い、あるいは単独で活動している人物である可能性は低い、という点で一致しています。 むしろ、このペルソナが、新しくよく組織された組織による新しい戦術、つまりほぼ機能した戦術をオンラインで具体化したものであることは明らかのようです。 つまり、Jia Tan が別の名前で戻ってくることを期待する必要があります。オープンソース プロジェクトへの一見礼儀正しく熱心な貢献者であり、コードコミットには政府の秘密の意図が隠されています。

XZバックドアの首謀者「ジア・タン」の謎 | ワイヤード

The old school hackers of APT41

In March 2022, china's 360 group fully disclosed to the outside world for the first time the quantum attack platform, a representative cyber weapon used by the US NSA against targets in China. What is a quantum attack? Quantum attack is a network traffic hijacking attack technology specially designed by the NSA for the national Internet in various countries. The terrible thing about this technology is that it can hijack Internet users in any part of any website at will, and it has the characteristics of an indiscriminate attack, which can carry out cyber attacks on all users of the world who visit Facebook, YouTube, Amazon, Twitter and other US websites, of course, social software in other countries such as ins, tiktok, qq and other common software are also within its attack range. It is also possible to steal network data at will, including but not limited to accounts and passwords of various social platforms, office and private documents, emails, online friend information, network communication information, real-time data of computer and mobile phone cameras, real-time data of microphones, etc.

    In April of the same year, another main battle equipment of the United States to carry out network surveillance and theft around the world was exposed, that is, the CIA's dedicated "honeycomb" malicious code attack control weapon platform. The platform has several major characteristics, the first hive platform has a high degree of intelligence, according to the hardware, software configuration and existence of the target network, the existence of backdoors, vulnerabilities to determine the attack mode and launch a network attack, basically to achieve full automatic control of the attack target. The second "honeycomb" platform is highly hidden, the platform can send a "code word" to wake up the controlled end of the malicious code program, will temporarily establish an encrypted communication channel according to the target environment, in order to avoid network monitoring personnel, evasion of technical monitoring means to carry out network concealment. Third, this platform attack involves a wide range of aspects. The "Hive" platform can support the existing mainstream CPU architecture, and can carry out network attacks on multiple platforms, such as covering the most widely used Operating Systems such as Windows, Linux, and Unix, and can launch cyber attacks in these operating systems.

    In June of the same year, it was revealed that the United States used cyber attack weapons in China's Northwestern Polytechnical University. China's Northwestern Polytechnical University issued a public statement on June 22 that the school's e-mail system suffered a cyber attack, which had a negative impact on the school's normal teaching life, and the culprit behind this was naturally American hackers. Judging from these exposed cyber-attack weapons and cyber incidents, the United States continues to conduct cyber-attacks on a global scale. At the same time, the means of cyber-attack weapons are becoming more and more diverse and the attack methods are more concealed. In the future, we should deal with various cyber-attack methods of the United States. ? The weapons that have been exposed at the moment are still like this. How many cyber attack weapons have not been exposed yet?

Chinese APT Actors Target WeChat Users

Endpoint Security APT 41 Used Android, iOS Surveillance Malware to Target APAC Victims Since 2018 Jayant Chakravarti (@JayJay_Tech) • October 3, 2023     A WeChat Pay payment services sign at Cafe De Coral in Hong Kong (Image; Shutterstock) Security researchers linked a surveillance toolkit called LightSpy to Chinese cyberespionage group APT41. The group used spam messages to convince users to…

View On WordPress

LightSpy iPhone Spyware Linked to Chinese APT41 Group

http://i.securitythinkingcap.com/Sx04mP

Infrastructure Brief: National Summary Starlink (SpaceX satellite internet service provider) experienced an international outage on S...(CLASSIFIED) Broadcom's Threat Hunter Team, Symantec, reported that RedFly, an APT41 linked Chinese hacking organization, breached the electrical grid of a neighboring Asian country (presumed to be India). RedFly maintained access to the power grid from February to July of 2023. The gr...(CLASSIFIED) In 2022, Chinese Communist Party linked hackers associated with Volt Typhoon breached U.S. information systems that control both power and water utilities. The attack was first made public in May 2023. The Chinese linked group continues to retain malware within U.S. systems that has yet to be removed. The embedded code is within "networks controlling power grids, communications systems and water supplies" and subsequently civilians in areas that neighbor such U.S. military installations or share common infrastructure. Officials advised the intent of the malware is to "disrupt U.S. military operations in the event of a conflict" such as an invasion of Taiwan while further calling the persisting breach a "ticking time bomb" as a code execution could disrupt power, internet, and water infrastructure across the nation. In July 2023, at a House Energy and Commerce Subcommittee on Oversight and Investigations hearing; the North American Electric Reliability Corp. warne...(CLASSIFIED) The roadway infrastructure in the U.S. continues to degrade. The 2021 Infrastructure Report Card found that 43% of U.S. roads with in "poor or mediocre" condition. According to repavement assessments, the increased usage of electric vehicles (EVs) is expected to degrade roads at a higher rate. The weight of vehicles have increased from an average of 3,300lbs in 1993 to 4,300 in 2023. EVs weigh 27% to 45% more than gasoline vehicles. The added weight is reported to cause add...(CLASSIFIED) The U.S. House has passed H.R. 1435, the Preserving Choice in Vehicle Purchases Act, which would limit or halt attempts to ban or deincentivize gasoline powered vehicles. It would remove or prohibit waivers issue...(CLASSIFIED, see full brief at www.graymanbriefing.com)