Latest news with #SilkTyphoon
The National
13-03-2025
- Politics
- The National
Cyber crime: Five hacking groups and syndicates to be aware of
Following an alleged cyber attack on Elon Musk's platform X this week, speculation over the perpetrators has been rife and generated a renewed interest in hacker and cyber threat groups around the world. Mr Musk said the IP addresses that caused X to be offline for almost an entire day originated near Ukraine but has not elaborated on that accusation. Morey Haber, a chief security adviser at cybersecurity firm BeyondTrust, said while he does not have strong feelings about Mr Musk's Ukraine claims, determining where cyber attacks originate is complicated. 'I would advise caution when blaming the attack on Ukraine, simply based on source IP address,' he said. 'Threat actors typically use bots, virtual private networks and bastion hosts to conduct attacks and obfuscate their identity, so the cyberattack of X/Twitter, if true, should have easily been defendable against an attack based on IP address or geolocation.' Associating a potential cyber attack with an IP address should never be used in a public statement without additional indicators or proof, Mr Haber added. Though it might be tempting to name and shame hackers and cyber threat actors, Mr Haber told The National that by the time the groups become widely known, they've already caused a lot of damage. 'Crime syndicates perform the most damage when they are unnamed, unknown and can operate from the deep shadows of the internet,' he said. Once they have been found and details around their operations leaked, Mr Haber added, their strength and ability to hack diminishes substantially. 'This doesn't negate their threat, but once indicators of compromise, methods of attack and malware become publicly documented, that should allow organisations to strengthen cybersecurity defences.' Mr Haber pointed out that hacking attracts a wide spectrum, with some perpetrators fuelled by politics and others by financial gain, some state-sponsored and others working alone. Here's a look at five of some of the more prominent groups currently on cybersecurity experts' radar and that have made headlines around the world: 'I only believe one cybersecurity syndicate poses the biggest threat worldwide,' said Mr Haber. 'Silk Typhoon, also known as APT27 and has been linked to the US Treasury Department breach in late 2024.' According to the US Cybersecurity and Infrastructure Security Agency and the FBI, Silk Typhoon has been linked to the Chinese government. Microsoft has also echoed that notion. 'Silk Typhoon is an espionage-focused Chinese state actor whose activities indicate that they are a well-resourced and technically efficient group with the ability to quickly operationalise exploits for discovered zero-day vulnerabilities in edge devices,' Microsoft's threat intelligence group has said. China has repeatedly denied the accusations. According to cybersecurity risk-mitigation company Cobalt, Anonymous is perhaps the most well-known hacking group. It first made headlines during the Occupy Wall Street protests in 2011, and Cobalt notes Anonymous has 'targeted PayPal, Visa and MasterCard'. 'Authorities have arrested hackers who claim to be part of Anonymous over the years, but the group's decentralised nature makes tracking down or prosecuting members challenging,' Cobalt wrote on its website. The group has also been known to use distributed denial-of-service (DDoS) attacks that have led to massive website disruptions. Both Norton and Cobalt list Morpho, a group of hackers dedicated to financially motivated cyber attacks, as a worrisome entity. The geographic origins of the group are largely unknown but, according to Norton, Morpho has previously targeted X, Meta, Microsoft and Apple to try to steal confidential information. There are some clues that Morpho has left behind in the cyber mess it causes. 'It's said that they may be of English-speaking origin because the code is entirely composed of English and their encryption keys are named after memes in American pop culture,' Norton said on its website. According to Cobalt, Morpho has also been known to seek intellectual property from health care and technology companies. Cybersecurity firms and technology analysts routinely list Darkside as one of the more prominent hacking groups. It rose to prominence in 2021 when it claimed responsibility for the Colonial Pipeline cyber attack that caused fuel shortages and price increases across the US. Darkside has also been known to run affiliate programmes to help other hacker groups in infiltration attempts. It has been known to use a 'ransomware-as-a-service model', meaning it sells or leases ransomware to others to carry out attacks. According to cybersecurity firm Norton, Darkside likely originates in Eastern Europe. 'This group is known for targeting high-profile corporations worldwide with stolen credentials and manual jacking with testing tools,' Norton said. Though it doesn't necessarily have the same history or name recognition of other hacking groups or cyber threat actors, Mint Sandstorm is quickly stoking fears in the technology security world. Microsoft's threat intelligence group said that Mint Sandstorm is an Iran-affiliated group 'known to primarily target dissidents protesting the Iranian government, as well as activist leaders, the defence industrial base, journalists, think tanks, universities, and multiple government agencies and services, including targets in Israel and the US'. It has been widely speculated that Mint Sandstorm was behind the attempted hack and potential breach of communications within Donald Trump's 2024 presidential campaign. 'Also uses credential harvesting to obtain access to official work accounts as well as personal accounts,' said Microsoft.
Axios
05-03-2025
- Politics
- Axios
U.S. indicts Chinese hackers in sweeping cyber espionage case
Federal authorities have charged 10 individuals and two Chinese government officials on Wednesday in connection to several high-profile Beijing-backed intrusions. Why it matters: The U.S. alleges that these individuals helped carry out a wide-reaching Chinese espionage campaign that targeted U.S. government agencies, state governments, news services, universities, defense contractors, law firms, and critical infrastructure. Catch up quick: The people either worked for Silk Typhoon — the Chinese hacking team linked to last year's Treasury breach — or for I-Soon, an offensive "hacker-for-hire" contractor that was exposed in an extensive online document leak last year. The leaked documents, which were publicly available on GitHub, detailed I-Soon's clients and targets. The big picture: The indictment offers one of the clearest insights yet into the shadowy world of offensive cyber contracting — a common practice among the world's superpowers. The Justice Department also seized the web infrastructure that both the Silk Typhoon and I-Soon hackers used in their attacks. A spokesperson for the Chinese embassy did not immediately respond to a request for comment. Zoom in: According to one indictment, I-Soon hacked a range of U.S. victims, including: The Defense Intelligence Agency, the Department of Commerce and the International Trade Administration; Two New York City-based newspapers, including one that publishes news related to China and is opposed to the Chinese Communist Party; A massive religious organization with millions of members; The New York State Assembly and a state research university; A D.C.-based news service that "delivers uncensored domestic news to audiences in Asian countries, including China;" and Several foreign ministries across southeast Asia. Meanwhile, according to a second indictment, the two hackers linked to Silk Typhoon targeted: U.S. technology and defense contractors working with the Pentagon and intelligence agencies; A university-based academic health system with servers in California; A major law firm with hundreds of attorneys specializing in corporate and intellectual property; A municipal government in the U.S.; and A D.C. think tank specializing in defense policy and a law firm that works on IP theft issues. Between the lines: The indictment reveals new details about how I-Soon worked with Beijing, including how much it charged, how long it worked on these efforts and more. I-Soon is believed to have worked with at least 43 different bureaus of China's Ministry of State Security and Ministry of Public Security across 31 different provinces and municipalities, according to the FBI. The company also charged the agencies between $10,000 and $75,000 for each email inbox it successfully hacked, according to the indictment. Sometimes I-Soon worked at the direction of the agencies and other times it would conduct its own hacks and then sell either the network access or data stolen from those targets to the Chinese government. The intrigue: I-Soon would train Chinese government employees to hack on their own, and it sold various tools to help them carry out their attacks. One of those products gave customers the ability to write phishing emails, create malware-laced files and clone websites, according to the U.S. Justice Department. Reality check: China is unlikely to extradite the indicted individuals, but the charges do bar them from traveling to the United States or allied countries where they could be arrested. Go deeper: Leaked documents detail inner-workings of China's vast hacking operations
Yahoo
05-03-2025
- Yahoo
Chinese hackers indicted in US for Treasury breach, other attacks
Twelve Chinese nationals, including two public security ministry officers, have been indicted for a series of hacking attacks, including a 2024 breach of the US Treasury, the Justice Department said Wednesday. Other alleged victims include US-based Chinese dissidents, the foreign ministries of several Asian countries, religious organizations and additional US federal and state government agencies, the department said. Eight employees of a Chinese company called Anxun Information Technology Co. Ltd, also known as i-Soon, and two Ministry of Public Security officers were indicted in New York for involvement in the alleged hacking of email accounts, cell phones, servers, and websites between 2016 and 2023. "For years, these 10 defendants -— two of whom we allege are (People's Republic of China - PRC) officials -- used sophisticated hacking techniques to target religious organizations, journalists, and government agencies, all to gather sensitive information for the use of the PRC," acting US attorney Matthew Podolsky said in a statement. The Justice Department said the private Chinese hackers were paid in some cases by the Chinese ministries of public security and state security to exploit specific victims. "In many other cases, the hackers targeted victims speculatively," it said, identifying vulnerable computers and then selling hacked information to the Chinese government. All 20 defendants remain at large and the State Department offered a reward of up to $10 million for information leading to their arrest. The hacking targets allegedly included a religious organization that sent missionaries to China, an organization focused on promoting human rights and religious freedom in China, a Hong Kong newspaper and the foreign ministries of Taiwan, India, South Korea and Indonesia. - 'Silk Typhoon' - A separate indictment was also unsealed in Washington against Yin Kecheng and Zhou Shuai, alleged members of hacker group "APT 27," also known as "Silk Typhoon." "Yin, Zhou, and their co-conspirators exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access," the Justice Department said. "Between them, Yin and Zhou sought to profit from the hacking of numerous US-based technology companies, think tanks, law firms, defense contractors, local governments, health care systems, and universities, leaving behind them a wake of millions of dollars in damages." The United States sanctioned Yin in January for alleged involvement in a hack of the Treasury Department last year. According to US media outlets, then-Treasury secretary Janet Yellen and other senior Treasury officials were among those targeted. The State Department announced a reward of $2 million each for information leading to the arrest of Yin and Zhou, who are believed to be in China. Several countries, notably the United States, have voiced alarm at what they say is Chinese-government-backed hacking activity targeting their governments, militaries and businesses. Beijing rejects the allegations, and has previously said it opposes and cracks down on cyberattacks. cl/mlm
Bloomberg
05-03-2025
- Business
- Bloomberg
Microsoft Warns of Chinese Hackers Spying on Cloud Technology
Microsoft Corp. warned that an advanced Chinese hacking group is waging a campaign of supply-chain attacks. The company's threat intelligence division said in a blog post Wednesday that the group, known as Silk Typhoon, was targeting remote management tools and cloud applications in order to spy on a range of companies and organizations in the US and abroad.
