Chinese cyber attacks

[KingKhanWC]

New Delhi: A successful Chinese hacking attack has caused what is arguably the biggest security breach in India with systems of hundreds of key DRDO and other security officials being compromised and leading to the leak of sensitive files related to the cabinet committee on security (CCS), the highest decision-making body for security issues of the government of India.

The other stolen files recovered so far belong to the governments of the United States, Russia, and South Korea.

The leak was detected in the first week of March as officials from India’s technical intelligence wing, National Technical Research Organisation (NTRO), working with private Indian cyber security experts cracked open a file called “army cyber policy”. The file had been attached to hacked email accounts of senior DRDO officials that quickly spread through the system in a matter of seconds.

As Indian security experts began to track its origin they discovered, for the first time, that all the sensitive files stolen from the infected systems were being uploaded on a server in the Guangdong

So far, Indian intelligence has never been able to pinpoint a hacking attack with such accuracy.

As they continued to trace the breach, they discovered thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments.

Even the e-tickets of the scientists who had travelled to Delhi in the last week of February were found on the server.

The intelligence officials also discovered documents of deals struck between DRDO and Bharat Dynamics Ltd, a defence PSU which manufactures strategic missiles and components. Some other recovered files were related to price negotiations with MBDA, a French missile manufacturing company.

But the shocking part was the extent of the hacking by the Chinese, believed to be officially sponsored.

The officials began to find files related to the Russian military as well as files that belonged to CSRDC (Centre for Security Research & Development Center) which comes under the United States department of Homeland Security’s Science and Technology directorate. Some files from NASA too have been recovered so far. All this was discovered after cyber security

officials of the Information Dominance Group (IDG) and private Indian cyber security officials began to track down the “NetTraveler Trojan and Key logger” that had infected Indian systems. The other files recovered belong to South Korea, Russia, and the United States.

http://zeenews.india.com/news/nation/india-s-top-secrets-are-in-guangdong_834999.html

Chinese brothers please forward to ISI@greenmail.com

 

[ElRaja]

As Indian security experts began to track its origin they discovered, for the first time, that all the sensitive files stolen from the infected systems were being uploaded on a server in the Guangdong

So far, Indian intelligence has never been able to pinpoint a hacking attack with such accuracy.

As they continued to trace the breach, they discovered thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments.

so its the first time they happen to have managed to pinpoint the attacks so accurately yeah, why do i get the feeling china wont be too displeased with that, lols.

 

[Last Monetarist]

https://www.bbc.com/news/world-asia-china-57889981

The UK, US and EU have accused China of carrying out a major cyber-attack earlier this year.

The attack targeted Microsoft Exchange servers, affecting at least 30,000 organisations globally.

Western security services believe it signals a shift from a targeted espionage campaign to a smash-and-grab raid, leading to concerns Chinese cyber-behaviour is escalating.

The Chinese Ministry of State Security (MSS) has also been accused of wider espionage activity and a broader pattern of "reckless" behaviour.

China has previously denied allegations of hacking and says it opposes all forms of cyber-crime.

The unified call-out of Beijing shows the gravity with which this case has been taken. Western intelligence officials say aspects are markedly more serious than anything they have seen before.

It began in January when hackers from a Chinese-linked group known as Hafnium began exploiting a vulnerability in Microsoft Exchange. They used the vulnerability to insert backdoors into systems which they could return to later.

The UK said the attack was likely to enable large-scale espionage, including the acquisition of personal information and intellectual property.

It was mainly carried out against specific systems which aligned with Hafnium's previous targets, such as defence contractors, think tanks and universities.

"We believe that cyber-operators working under the control of Chinese intelligence learned about the Microsoft vulnerability in early January, and were racing to exploit the vulnerability before [it] was widely identified in the public domain," a security source told the BBC.

If this had been all, it would have been just another espionage operation. But in late February something significant changed.

The targeted attack became a mass pile-in when other China-based groups began to exploit the vulnerability. The targets scaled up to encompass key industries and governments worldwide.

It had turned from targeted espionage to a massive smash-and-grab raid.

Western security sources believe Hafnium obtained advance knowledge that Microsoft intended to patch or close the vulnerability, and so shared it with other China-based groups to maximise the benefit before it became obsolete.

It was the recklessness of the decision to spread the vulnerability that helped drive the decision to call out the Chinese publicly, officials say.

The UK is also understood to have raised the issue of Chinese cyber-activity in private with Beijing over an extended period, including handing over dossiers of evidence.

Microsoft went public about the vulnerability on 2 March and offered a patch to close it. At this point, more hackers around the world had realised its value and piled in.

Around a quarter of a million systems globally were left exposed - often small or medium-sized businesses and organisations - and at least 30,000 were compromised.

Western governments accuse the MSS of using hackers for hire and want it to sever ties with them.

The UK Foreign Office said the Chinese government had "ignored repeated calls to end its reckless campaign, instead allowing state-backed actors to increase the scale of their attacks and act recklessly when caught".

The White House said it was "deeply concerned" that China had "fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber-operations worldwide".

The EU, meanwhile, said the hack had "resulted in security risks and significant economic loss for our government institutions and private companies".

But Western spies are still struggling to understand why Chinese behaviour has changed. If the hackers were authorised to escalate, it would suggest a step-change in what the country is willing to do and raise the fear that they no longer care about being caught.

That is partly why so many governments have joined together to signal their concerns. Japan, Australia, Canada and New Zealand have joined Nato in issuing a statement in "solidarity".

The countries also called out wider Chinese behaviour which it linked to two groups known as APT 40 and APT 31, which are believed to be linked to the MSS.

Despite the strong language, there are no signs of fresh sanctions against China. In contrast, new sanctions were placed on Russia for the recent SolarWinds campaign which many experts believe was less serious than the Microsoft Exchange campaign linked to China.

Some officials, however, hope China is more sensitive than Russia to international pressure.

The US Department of Justice has announced criminal charges against four MSS hackers which it said were linked to a long-term campaign targeting foreign governments and entities in key sectors in a least a dozen countries.

Ultimately, Western security sources believe the MSS is behind all the activity revealed today and hope co-ordinated international action will put pressure on their activities.

 

[Last Monetarist]

Official press release from the British government:

https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking

The UK is joining likeminded partners to confirm that Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.

The attacks took place in early 2021, affecting over a quarter of a million servers worldwide.

Foreign Secretary Dominic Raab said:
The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour.

The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not.

The attack was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property. At the time of the attack, the UK quickly provided advice and recommended actions to those affected and Microsoft said that by end of March that 92% of customers had patched against the vulnerability.

Today the UK is also attributing the Chinese Ministry of State Security as being behind activity known by cyber security experts as “APT40” and “APT31”.

Widespread, credible evidence demonstrates that sustained, irresponsible cyber activity emanating from China continues.

The Chinese government has ignored repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught.

This coordinated action today sees the international community once again urge the Chinese government to take responsibility for its actions and respect the democratic institutions, personal data and commercial interests of those with whom it seeks to partner.

The UK is calling on China to reaffirm the commitment made to the UK in 2015 and as part of the G20 not to conduct or support cyber-enabled theft of intellectual property of trade secrets.

Notes to editors:

• As part of a cross-Government response, the National Cyber Security Centre (NCSC) issued tailored advice to over 70 affected organisations to enable them successfully to mitigate the effects of the compromise.
• In 2018, the UK government and its allies revealed that elements of the Chinese Ministry of State Security (MSS) were responsible for one of the most significant and widespread cyber intrusions stealing trade secrets.
• The European Union has also made an announcement today

 

[Local.Dada]

While it is understandable Op’s “pleasure” at China hacking India , I wonder how he feels about Chinese hackers hacking his “home country” of UK as well,May be he can negotiate with the Chinese brothers not to forward those.

 

[KingKhanWC]

While it is understandable Op’s “pleasure” at China hacking India , I wonder how he feels about Chinese hackers hacking his “home country” of UK as well,May be he can negotiate with the Chinese brothers not to forward those.

UK government needs to change and be friends with China, its the next superpower, Yanks are on the way down.

 

[hoshiarpurexpress]

Australia joins allies in accusing China of ‘malicious cyber activities’

The Australian government says China’s ministry of state security exploited vulnerabilities in Microsoft Exchange software

The Morrison government has joined with the United States, the United Kingdom and other countries to accuse China of “malicious cyber activities”, in a move likely to inflame tensions in the relationship with Beijing.

Senior Australian ministers said they held serious concerns about the activities and called on all countries – including China – to act responsibly in cyberspace.

“In consultation with our partners, the Australian government has determined that China’s ministry of state security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia,” the ministers said in a statement issued late on Monday Australian time.

“These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain.”

In March, Microsoft released a patch to Exchange after discovering that hackers were stealing email communications from internet-facing systems running its business software.

The Australian government’s cybersecurity agency previously urged any organisations using Microsoft Exchange to urgently “patch” their systems but until now the government has not publicly attributed blame to China.

Monday’s statement was issued by the home affairs minister, Karen Andrews, together with the foreign affairs minister, Marise Payne, and the defence minister, Peter Dutton.

“The Australian government is also seriously concerned about reports from our international partners that China’s ministry of state security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese government,” the Australian ministers said.

The Biden administration coordinated the statements pointing the finger at China. An administration official described it as “an unprecedented group of allies and partners”, including the US, the European Union, the United Kingdom, Australia, Canada, New Zealand, Japan and Nato.

The governments “will formally attribute the malicious cyber campaign utilising the zero-day vulnerabilities in the Microsoft Exchange Server disclosed in March” to malicious cyber actors affiliated with the Chinese ministry of state security “with high confidence”, a senior Biden administration official said in a background briefing.

The UK foreign secretary, Dominic Raab, said the cyber-attack amounted to “a reckless but familiar pattern of behaviour”, adding that China “can expect to be held to account” if it failed to “end this systematic cyber-sabotage”.

Andrews, Payne and Dutton called on China to “adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage”.

Comment was sought from China’s embassy in Canberra on Monday night. Chinese officials have previously said China was “a staunch defender of cybersecurity and one of the biggest victims of hacking”.

Amid ongoing tensions with Beijing, the Australian ministers appeared to argue on Monday that they were not singling out China. They said that since 2017, Australia had publicly attributed malicious cyber activity to North Korea, Russia, China and Iran.

“Most recently, Australia joined more than 30 international partners to hold Russia to account for its harmful cyber campaign against SolarWinds,” the Australian ministers wrote.

“Australia calls out these malicious activities to highlight the significant risk they can pose to Australia’s national security or to international stability, which in turn can undermine business confidence and inclusive economic growth.”

The ministers said Australia’s “cybersecurity posture” was strong but there was “no room for complacency” because the online threat environment was “constantly evolving”.

The statement, although issued in concert with allies and partners, indicates the Australian government remains prepared to publicly criticise Beijing despite the relationship with Australia’s top trading partner already dropping to the lowest point in years.

Dutton said in April the risk of conflict over Taiwan could not be “discounted”. Around the same time, the secretary of the home affairs department, Michael Pezzullo, said “free nations” were again hearing “the beating drums” towards conflict and needed to brace “for the curse of war”.

Dutton, the former home affairs minister, has previously defended his commentary about security threats posed by China, saying it was “more important than ever that we have a frank and nuanced discussion with the Australian people about the threats we face”.

https://www.theguardian.com/world/2...-accusing-china-of-malicious-cyber-activities

 

[OMB]

Stay on topic

 

[MenInG]

China has denied allegations that it carried out a major cyber-attack against tech giant Microsoft.

The US and other Western countries on Monday accused China of hacking Microsoft Exchange - a popular email platform used by companies worldwide.

They said it was part of a broader pattern of "reckless" behaviour that threatened global security.

China says it opposes all forms of cyber-crime, and has called the claims "fabricated".

"The US has mustered its allies to carry out unreasonable criticisms against China on the issue of cybersecurity," foreign ministry spokesman Zhao Lijian told reporters.

The UK, EU, New Zealand and Australia were among those to join the US in accusing Chinese state-sponsored actors of "malicious cyber activity", including the Microsoft hack.

Microsoft's Exchange system powers the email of major corporations, small businesses and public bodies worldwide. The hack affected at least 30,000 organisations.

Microsoft has blamed a Chinese cyber-espionage group for exploiting a vulnerability in Microsoft Exchange - which allowed hackers to remotely access email inboxes.

The group, known as Hafnium, was found by Microsoft's Threat Intelligence Centre to be state-sponsored and operating out of China.

Western security sources believe Hafnium obtained advance knowledge that Microsoft planned to deal with the vulnerability, and so shared it with other China-based groups to exploit it while they could.

he sources say the hack seems to signal a shift from a targeted espionage campaign to a smash-and-grab raid, leading to concerns that Chinese cyber-behaviour is escalating.

The UK Foreign Office said the Chinese government had "ignored repeated calls to end its reckless campaign, instead allowing state-backed actors to increase the scale of their attacks".

US President Joe Biden said the Chinese government may not have been carrying out the attacks itself, but was "protecting those who are doing it. And maybe even accommodating them being able to do it".

The US Department of Justice on Monday announced criminal charges against four hackers linked to China's Ministry of State Security. It said they were connected to a long-term campaign targeting foreign governments and entities in key sectors in a least a dozen countries.

BBC

 

[Last Monetarist]

https://www.theguardian.com/world/2021/jul/29/china-propped-the-doors-open-for-criminals-in-microsoft-hack-australian-spy-agency-boss-says

Australia’s top cyber spy says China’s actions in the hack of Microsoft Exchange email server software were akin to propping open the doors of thousands of homes and leaving them ajar for criminals to get inside.

Rachel Noble, the director general of the Australian Signals Directorate (ASD), drew the analogy as she said the Chinese government’s actions had “crossed a line”, prompting the Australian government to join with the United States and other countries to publicly point the finger at Beijing last week.

Such “reckless actions should not be tolerated”, added the home affairs secretary, Michael Pezzullo.

The pair appeared at a parliamentary inquiry on Thursday as the Morrison government seeks support for proposed legislation to place extra requirements on the critical infrastructure operators to toughen up their cyber defences.

They were asked about the Australian government’s statement declaring that Canberra had “determined that China’s ministry of state security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia”.

“To describe it in plain language, it would be like houses and buildings had faulty locks on the doors,” Noble said.

“When the Chinese government became aware of those faulty locks on the doors, they went in and they propped all those doors open.

“What then happened was that there was opportunity for all sorts of criminals [and] other state actors – you name it – to pour in behind all those propped-open doors and get into your house or your building.

“It’s that action, from a technical point of view, which crossed a line in the judgment of policy agencies in governments around the world.”

Noble said it was estimated that there were about 70,000 businesses and organisations in Australia using a Microsoft Exchange server.

“So it’s an attack at a scale that is extremely large and significant.”

She said it was “certainly our operational experience that state actors along with criminals can look awfully similar in terms of their behaviour in cyberspace”.

Pezzullo said Australia believed states should show restraint in cyberspace, avoiding reckless or malicious actions.

“If you pry open all the doors, if you pry open all the windows, if you in effect disable all of the burglar alarms, we’re all going to be affected,” Pezzullo said.

“Such reckless actions should not be tolerated as a matter of international and global norms, and that’s why the Australian government joined with such a significant coalition of free democratic nations.”

The Chinese embassy in Canberra last week dismissed the Morrison government’s statement on the Microsoft Exchange matter as “groundless”.

The embassy said it was a case of Australia “following the steps and parroting the rhetoric of the US”, while arguing Australia had “a poor record” as “an accomplice for the US’s eavesdropping activities”.

The Australian parliament’s joint committee on intelligence and security is reviewing a government bill that would impose new cyber security obligations on a range of critical sectors.

These sectors include communications, financial services, data storage, defence industry, universities and research, health care, space technology, transport, and water and sewerage.

There will be mandatory reporting of serious cyber security incidents to ASD.

The bill gives government agencies new powers to respond to major attacks, including obtaining information from an affected business or entity. Australian entities under attack could also be directed to “do, or refrain from doing, a specified act or thing”.

Pezzullo played down concerns from industry about the new rules being overly onerous, arguing the government’s first preference was to work cooperatively with businesses and organisations to strengthen their defences.

He said the new measures, while potentially “far reaching”, were needed “as a last resort in a national emergency, should an entity be unwilling or unable to do what is necessary”.

During Thursday’s hearing, officials were also quizzed about the readiness of security agencies to protect Australia’s electoral systems from potential cyber attacks.

“If something were to occur, we would immediately know, as would other intelligence agencies, and then be working in real time to try and address any incident with a view to try and get the system back up and running to keep the election going, and then deal with the issues of ‘whodunnit’ after that,” Noble said.

Pezzullo added: “It helps that we’re still on paper and pencil [with electoral ballots]. This is one of those cases where not being digital helps.”