Latest news with #ChineseHackers
Japan Times
2 days ago
- Politics
- Japan Times
Chinese hacked U.S. telecom a year before known wireless breaches
Corporate investigators found evidence that Chinese hackers broke into an American telecommunications company in the summer of 2023, indicating the country's attackers penetrated the U.S. communications system earlier than publicly known. Investigators working for the telecommunications firm discovered last year that malware used by Chinese state-backed hacking groups was on the company's systems for seven months starting in the summer of 2023, according to a document and two people familiar with the matter. The document, an unclassified report sent to Western intelligence agencies, doesn't name the company where the malware was found and the people familiar with the matter declined to identify it. The 2023 intrusion at an American telecommunications company came about a year before U.S. government officials and cybersecurity companies said they began spotting clues that Chinese hackers had penetrated many of the country's largest phone and wireless firms. The U.S. government has blamed the later breaches on a Chinese state-backed hacking group dubbed Salt Typhoon. It's unclear if the 2023 hack is related to that foreign espionage campaign and, if so, to what degree. Nonetheless, it raises questions about when Chinese intruders established a foothold in the American communications industry. "We've known for a long time that this infrastructure has been vulnerable and was likely subject to attack,' said Marc Rogers, a cybersecurity and telecommunications expert. "What this shows us is that it was attacked, and that going as far back as 2023, the Chinese were compromising our telecom companies.' A representative of the Chinese government embassy in Washington emphasized in a statement the difficulty of determining the origins of hacks, and said the U.S. and its allies have been responsible for cyberattacks on China. "The relevant party needs to stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats,' said spokesperson Liu Pengyu. Representatives of the U.S. Central Intelligence Agency, National Security Agency, Federal Bureau of Investigation, and Cybersecurity and Infrastructure Security Agency all declined to comment. In the Salt Typhoon compromises, U.S. officials have said, hackers infiltrated AT&T, Verizon and seven other U.S. telecommunications companies, vacuuming up the personal data of millions of Americans and targeting the phones of the presidential candidate Donald Trump, his running mate JD Vance and then-Vice President Kamala Harris. Those hacks were part of a "multi-year operation' that "breached multiple layers of major telecom networks,' Laura Galante, director of the Cyber Threat Intelligence Integration Center at the Office of the Director of National Intelligence from 2022 until January, said in written testimony to Congress in April. It was as the government and telecommunication industry was racing to counter those hacks in the fall of 2024 that cybersecurity investigators found evidence of the 2023 breach. That discovery followed a tip from U.S. intelligence agencies, said one of the people. At various points during the response to the Salt Typhoon hacks, U.S. intelligence services advised companies to look for a specific piece of Chinese malware, known as Demodex, according to that person and two others familiar with the matter. They all spoke on condition that they not be identified discussing the sensitive information. Demodex is a "rootkit' that gives hackers deep and secretive access to an infected machine. Several cybersecurity companies have said in public reports that Demodex has been used by a Chinese hacking group that's targeted telecommunication companies and governments in Southeast Asia. The malware has also been tied to the Salt Typhoon attackers, as well as other hacking groups, and was used in attacks on telecommunications firms in Thailand, Afghanistan and Indonesia, said Allan Liska, a threat analyst at the security firm Recorded Future. The malicious program was developed by employees of companies that work for the Chinese Ministry of State Security, said Michael Freeman, the head of threat intelligence at cybersecurity firm Armis. Freeman said his firm has spent years tracking the work of one of the developers. In the 2023 U.S. telecommunications breach, hackers accessed the computers of IT administrators at the company, the two people said. The investigation found that the malware had been on the firm's systems until late winter of 2024, according to the report, which was sent to American and other Western intelligence agencies last October. The report only identifies the company where the malware was found as being "known for providing services to the defense, travel and logistics industries.' It's unclear what the hackers did once they were inside the breached machines because Demodex is designed to leave few digital traces, the people said. The malware includes code that temporarily terminates a common Microsoft security program, Defender, according to the report. While that safeguard is down, the report states, the program takes steps to hide itself and future activity. A spokesperson representing Microsoft, Michelle Rose Micor, declined to comment.
Bloomberg
2 days ago
- Politics
- Bloomberg
Chinese Hacked US Telecom a Year Before Known Wireless Breaches
Corporate investigators found evidence that Chinese hackers broke into an American telecommunications company in the summer of 2023, indicating the country's attackers penetrated the US communications system earlier than publicly known. Investigators working for the telecommunications firm discovered last year that malware used by Chinese state-backed hacking groups was on the company's systems for seven months starting in the summer of 2023, according to two people familiar with the matter and a document seen by Bloomberg News. The document, an unclassified report sent to Western intelligence agencies, doesn't name the company where the malware was found and the people familiar with the matter declined to identify it.
Bloomberg
28-05-2025
- Politics
- Bloomberg
Czechs Blame China for Cyber Attack Against Foreign Ministry
Chinese hackers were behind an attack against the Czech Republic's foreign ministry, according to the ministry's head Jan Lipavsky. 'China is interfering in our society - through manipulation, propaganda and cyberattacks,' he said on X on Wednesday.
Forbes
12-05-2025
- Forbes
‘No Fear Of FBI'—iPhone, Android Users Brace For ‘Massive' Chinese Attack
The FBI has warned iPhone and Android users to stop sending texts as Chinese hackers maraud through U.S. networks, and to delete all the fraudulent texts on their phones as Chinese cyber criminals bombard users from state to state. Now there's a new warning, as a new threat campaign 'on a massive scale' targets smartphone users. These Chinese gangs have 'compromised Apple and Gmail accounts in bulk to facilitate distribution,' and attack iMessage and RCS rather than SMS, given 'the richer set of tools for creating convincing attacks, better engagement features, and more sophisticated methods of deception.' The warning comes courtesy of Resecurity, which exposed China's Smishing Triad and is now warning smartphone users in America, Europe and elsewhere that there's a new Chinese gang in town, and this time it's not fake unpaid tolls and undelivered packages, it's your Google Wallet and Apple Pay at risk, with attacks that 'harvest traditional credit card and PII data, and intercept transactions.' Resecurity is now exposing this 'new smishing kit known as 'Panda Shop,' based on the same principles used by the Smishing Triad.' The giant panda, the team says, 'is a prominent and iconic symbol of China. It's recognized domestically and internationally as a symbol of the country, representing peace, friendship, and soft power. But in this case, it doesn't seem to bring anything good besides financial losses to consumers.' These criminals 'feel untouchable' and have 'no fear of FBI.' According to Resecurity, they favor Telegram over Chinese messaging apps and in their comms brazenly boast 'that they do not care about U.S. law enforcement agencies — residing in China, they enjoy complete freedom of action and engage in many illegal activities.' This is yet more evidence as to the scale of industrialized text attacks — whether SMS, iMessage or Google Messages. 'According to the latest chatter, one identified threat actor can send up to 2,000,000 smishing messages daily.' Put simply, this means a gang 'could easily target up to 60,000,000 victims per month, or 720,000,000 per year, enough to target every person in the US at least twice every year." Resecurity think these are rebadged Smishing Triad members, 'who transitioned their operations under the new brand after being publicly shamed.' The attack kit mimics what has been seen before, with 'improvements and new supported templates.' According to Zimperium's Kern Smith, the latest attacks "are a stark reminder that mobile devices and apps are uniquely vulnerable [and] show the continued investment by cybercriminals in targeting mobile users.' As with the road toll and parcel delivery based attacks, the phishing/smishing kits are sold to multiple gangs who then execute the attacks. The central gang provides multiple templates to target by region or brand — a bank or telco or retailer, for example. If you're hit, then your 'intercepted credit card data goes to underground carding shops and is sold to other cybercriminals.' As with the other attacks, it's not the modest value of the fraudulent transaction that matters, it the card details, your login credentials and even your identity that is being targeted. Resecurity warns 'the scale of global smishing activity generated by Chinese cybercriminals is impressive," with damages 'estimated at tens to hundreds of millions of dollars.' Stopping the threat is almost impossible, given that cybercriminals residing in China are not easily accessible by U.S. law enforcement. The geopolitical situation between China and the U.S. complicates timely legal action to contain this illegal activity, opening the doors for cybercrime and fraud at scale." The advice for users has not changed. Assume all unsolicited texts are scams. Never click links and always use normal channels to log into accounts or make contact. Delete all such texts from your phone. And if you think you've been hit, check your accounts and change your passwords right away.
