Latest news with #i-Soon
Mint
6 days ago
- Politics
- Mint
Chinese hackers are getting bigger, better and stealthier
China's power is growing rapidly every year. From warships to missiles, the country is churning out hardware at an extraordinary rate. In the unseen, online world, it is making similar leaps. On March 4th America's Justice Department charged eight Chinese nationals with large-scale hacking of government agencies, news outlets and dissidents in America and around the world, on behalf of i-Soon, a Chinese company, at the direction of the Chinese government. It also indicted two officials who it said 'directed the hacks". These instances are the tip of a vast iceberg. Over the past decade China's hacking programme has grown rapidly, to the point that in 2023 Christopher Wray, then the fbi director, noted it was larger than that of every other major nation combined. China's growing heft and sophistication have yielded success in three main areas. The first is political espionage, linked primarily to the Ministry of State Security (mss), China's foreign-intelligence service. Last year it emerged that one group of Chinese hackers, dubbed Salt Typhoon, had breached at least nine American phone companies, giving them access to the calls and messages of important officials. Ciaran Martin, who led Britain's cyber-defence agency from 2016 to 2020, compares it to the revelations in 2013 by Edward Snowden, a government contractor, that American spy agencies were conducting cyber-espionage on a huge scale. China was 'gaining vast access to the nation's communications via a strategic spying operation of breathtaking audacity," he says. A second is in domains of little espionage value: hacking that lays the groundwork for sabotage in moments of crisis or war. These efforts are led by the People's Liberation Army (pla), China's armed forces. In 2023 it became apparent that a pla-linked hacking group known as Volt Typhoon had, over several years, burrowed into an extraordinary range of American critical infrastructure, from ports to factories to water-treatment plants, across the continental United States and in strategic American territories such as Guam. All of that builds on a third type of hacking: the industrial-scale theft of intellectual property. In 2013 Mandiant, a cyber-threat intelligence firm, which is now part of Google, made waves when it exposed 'apt1", the label for a group of hackers linked to the pla. apt1 was not focused on stealing political secrets or turning off power grids but on stealing blueprints, manufacturing processes and business plans from American firms. A year later America's government took the then unprecedented step of indicting five pla hackers for this activity. Keith Alexander, a former head of the National Security Agency (nsa), America's signals-intelligence service, described this as 'the greatest transfer of wealth in history". That period ended with a partial truce. In 2015 Barack Obama, then America's president, and Xi Jinping, his Chinese counterpart, announced a 'common understanding". Neither country would conduct cyber-espionage to steal intellectual property. The agreement worked. Shortly afterwards commercial espionage of this sort fell dramatically, if temporarily. But that was simply the start of the new era of political espionage and sabotage. All of these areas have been affected by three big shifts within China's hacking programmes. One is who is doing the hacking. In 2015-16, shortly after being shocked by the Snowden revelations, China reshuffled its cyber forces. The pla was forced to retrench, focusing on military intelligence and reconnaissance—like Volt Typhoon—and its activity declined. The mss took over political-intelligence gathering—like Salt Typhoon—which it conducted with gusto, and commercial espionage, which continued on a smaller scale. 'Nowadays," writes Tom Uren, author of 'Risky Business", a cyber newsletter, 'the mss is the big kahuna." Quieten down, lads Second, Chinese hacking got better. About 20 years ago, when cyber-security firms began tracking the threat, Chinese hackers were 'very, very loud", says John Hultquist of Mandiant, 'incredibly willing to set off alarms, incredibly willing to be caught". A European official concurs. Even five years ago, she says, 'Chinese cyber operators were not considered very sophisticated." That has now changed. 'The speed at which they improve always seems to come as a surprise to Westerners, even though it really shouldn't," says the official. 'If China wants to accelerate in an area, then they will, and they have very smart people." That points to a third shift. Chinese cyber operations now draw increasingly on a large and flourishing private-sector ecosystem which has become a talent pipeline, enabler and force multiplier for Chinese cyber operations around the world. Consider the mss-linked Tianfu Cup in the south-western city of Chengdu (which has emerged as a hub for this kind of activity). It is one of many 'capture the flag" (ctf) competitions in which tech-savvy youngsters compete to show off their hacking prowess by finding and exploiting vulnerabilities in software. China has hosted about 130 of these sorts of events since 2004, most of them after 2014, and many backed by government ministries, according to data collected by Dakota Cary, a consultant at SentinelOne, a cyber-security company, and Eugenio Benincasa of the Centre for Security Studies at eth Zurich. These events can draw huge crowds. The Wangding Cup is organised by the Ministry of Public Security (mps), which runs the country's police force and gathers domestic intelligence. The cup is known as the 'cyber-security Olympics" and can attract 30,000 people, note Mr Cary and Mr Benincasa. The tournaments are scouting grounds for Chinese spooks. As with elite sports, a handful of star hackers tend to drive a team's success. A decade ago Chinese hackers were allowed to travel to contests abroad; that is now restricted. The vulnerabilities they discover—weaknesses in code that can be used to gain access—'are siphoned straight into the state apparatus", says a person familiar with the process. In 2021 the government punished Alibaba Cloud, a tech firm, for divulging a vulnerability without first telling the state. Talent contests are just the start. Last year, documents belonging to i-Soon were leaked on the internet. They showed that the firm was functioning as a private signals-intelligence agency whose targets spanned 23 countries: Nepal's presidential palace, road-mapping data from Taiwan, South Korean telephone logs, Indian immigration systems and Thailand's intelligence service. i-Soon is one of many such firms in Chengdu. The firms are not unstoppable ninjas—the leaked files show evidence of internal arguments, disorganisation and failure—but they add to China's cyber heft. Even where mss hackers do the hacking themselves, they often rely on this corporate hinterland for the tools and infrastructure to enable their attacks. When Chinese hackers first started, they used to come, undisguised, 'right out of Shanghai networks", says Mr Hultquist. Today they make use of operational-relay-box (orb) networks, built and maintained by private firms, which use compromised devices around the world, such as home internet routers, to disguise the origin of attacks. The increasing scale, sophistication and aggression of Chinese hacking are 'by far the most significant shift in the cyber-threat landscape in well over a decade", notes Mr Martin. Volt and Salt Typhoon, on their own, 'are strategic compromises of the West on a scale hitherto unseen by any other cyber power", he warns. It is not yet an all-out cyberwar. 'What separates China from their peers like Russia, North Korea and Iran", says Mr Hultquist, is that those states routinely cross the line from espionage to disruption, from spying and reconnaissance to outright sabotage. China has 'never pulled the trigger", he says. Even in American infrastructure networks, China has stopped short of inserting destructive code. 'We can see them doing the reconnaissance. We can see them getting into place. They're not showing us the weapon."
&w=3840&q=100)
First Post
01-05-2025
- Business
- First Post
China is building a cyber army of hackers: Report
Hackathons are common, but Chinese hacking competitions are different. China has been dominating popular international cybersecurity competitions like Pwn2Own. However, more recently, the country has developed its own hacking contests, essentially withdrawing from international events read more China is doing everything it can to make a name for itself in the world of technology. That includes hacking into big tech firms by means of friendly competitions in which people participate and report their findings to the government. Hackathons are common, but Chinese hacking competitions are different. China has been dominating popular international cybersecurity competitions like Pwn2Own. However, more recently, the country has developed its own hacking contests, essentially withdrawing from international events. STORY CONTINUES BELOW THIS AD In 2017, Zhou Hongyi, the founder of Chinese cybersecurity giant Qihoo 360, publicly criticised the practice of sharing vulnerability discoveries internationally, arguing that such strategic assets should stay within China. His sentiments, supported by the Chinese government, gave birth to the national hacking competition called the Tianfu Cup. The contest is focused on discovering vulnerabilities in global tech products like Apple iOS, Google's Android, and Microsoft systems. How is Tianfu Cup different? According to a report by Bloomberg, a 2018 rule mandates participants of the Tianfu Cup to hand over their findings to the government, instead of the tech companies. Dakota Cary, a China-focused consultant at the US cybersecurity company SentinelOne, said, 'In practice, this meant vulnerabilities were passed to the state for use in operations.' This approach effectively turned hacking competitions into a government pipeline for acquiring zero-day vulnerabilities — software flaws unknown to vendors and extremely valuable for cyber-espionage. US steps into the picture This practice of acquiring sensitive data from big tech companies has brewed trouble for China in the past. Recently, a data leak involving files from the Chinese cybersecurity firm i-Soon, posted on GitHub, revealed apparent connections between hacking competitions, the government, and the cyber firms granted access to discovered vulnerabilities. Several i-Soon employees were charged by US authorities in March, who alleged that they were carrying out cyberattacks at the direction of the Chinese government. In recent years, China's hacking competitions have increasingly shifted focus toward breaching domestic products, including Chinese-made electric vehicles, phones, and security software. This aligns closely with Beijing's broader 'Delete America' initiative, aimed at replacing foreign technology with homegrown alternatives and achieving greater self-reliance.
Voice of America
07-03-2025
- Politics
- Voice of America
ກະຊວງຍຸຕິທຳໄດ້ຟ້ອງຊາວຈີນ 12 ຄົນ ທີ່ຖືກກ່າວຫາວ່າ ລັກເຈາະຂໍ້ມູນ ຫຼື hacking
ເມື່ອວັນພຸດວານນີ້ ກະຊວງຍຸຕິທຳຂອງສະຫະລັດ ປະກາດການຟ້ອງຮ້ອງຊາວຈີນ 12 ຄົນທີ່ຖືກກ່າວຫາວ່າ ລັກເຈາະຂໍ້ມູນ ຫຼື ແຮັກກິ້ງ ໃນຄວາມພະຍາຍາມລະດັບໂລກ ທີ່ແນເປົ້າໝາຍໃສ່ນັກຕໍ່ຕ້ານລັດຖະບານ ທີ່ມີຫ້ອງການຢູ່ໃນສະຫະລັດ, ອົງການຂ່າວ, ອົງການລັດຖະບານ ແລະ ອົງການສາດສະໜາຂະໜາດໃຫຍ່ໃນສະຫະລັດ. ອີງຕາມການລາຍງານຂອງອົງການຂ່າວ ວີໂອເອ. ຕາມເອກະສານຂອງສານ ກະຊວງປ້ອງກັນຄວາມສະຫງົບ ແລະ ກະຊວງຄວາມໝັ້ນຄົງແຫ່ງລັດຂອງຈີນ ໃຊ້ເຄືອຂ່າຍຂອງບໍລິສັດເອກະຊົນ ແລະພວກແຮັກເກີ້ ຮັບຈ້າງເພື່ອລັກຂໍ້ມູນ ແລະຊ່ວຍຄົ້ນຫາຜູ້ຕໍ່ຕ້ານລັດຖະບານ ແລະວິພາກວິຈານຢູ່ທົ່ວໂລກ. ' ການປະກາດໃນມື້ນີ້ ເປີດເຜີຍໃຫ້ເຫັນວ່າ ກະຊວງປ້ອງກັນຄວາມສະຫງົບຂອງຈີນ ວ່າຈ້າງພວກແຮັກເກີ້ ເພື່ອສ້າງອັນຕະລາຍທາງລະບົບດິດຈິດໂຕລ ໃຫ້ກັບຊາວອາເມຣິກັນທີ່ວິພາກວິຈານພັກຄອມມູນິດຈີນ ຫຼື (CCP)' ໄບຣອັນ ວອນດຣານ (Bryan Vorndran) ຜູ້ຊ່ວຍອຳນວຍການຝ່າຍໄຊເບີ້ຂອງອົງການສັນຕິບານກາງ ຫຼື FBI ກ່າວໃນຖະແຫຼງການ. ຜູ້ຕ້ອງສົງໄສທັງ 12 ຄົນ ໄດ້ແກ່ເຈົ້າໜ້າທີ່ 2 ຄົນ ໃນກະຊວງປ້ອງກັນຄວາມສະຫງົບຂອງຈີນ ແລະ ພະນັກງານ 8 ຄົນ ຂອງບໍລິສັດທີ່ຮູ້ຈັກກັນໃນຊື່ i-Soon ແລະ ອີກ 2 ຄົນ ເປັນສະມາຊິກຂອງກຸ່ມທີ່ເອີ້ນວ່າ Advanced Persistent Threat 27 (APT27). ໂຄສົກຂອງສະຖານທູດຈີນ ໃນນະຄອນຫຼວງວໍຊິງຕັນ ທ່ານ ຫຼີວ ເຜີງຢູ ກ່າວກັບອົງການຂ່າວເອພີ ເມື່ອວັນພຸດວານນີ້ວ່າ ຂໍ້ກ່າວຫາດັ່ງກ່າວ ເປັນພຽງການໃສ່ຮ້າຍ ແລະ ກ່າວວ່າ ' ເຮົາຫວັງວ່າ ຝ່າຍທີ່ກ່ຽວຂ້ອງຈະສະແດງທ່າທີເປັນມືອາຊີບ ແລະມີຄວາມຮັບຜິດຊອບແລະສະຫຼຸບເຫດການທາງໄຊເບີ້ ໂດຍໃຊ້ຫຼັກຖານທີ່ພຽງພໍແທນທີ່ຈະໃຊ້ການຄາດເດົາ ແລະກ່າວຫາທີ່ບໍ່ມີມູນຄວາມຈິງ.' ຜູ້ຖືກຕັ້ງຂໍ້ກ່າວຫາທັງໝົດມີຈຳນວນຫຼາຍ ແລະກະຊວງຍຸຕິທຳສະເໜີລາງວັນສູງສຸດ 10 ລ້ານໂດລາສຳລັບຂໍ້ມູນກ່ຽວກັບເຈົ້າໜ້າທີ່ຕຳຫຼວດ MPS ແລະ i-Soon ຊຶ່ງເປັນບໍໍລິສັດຂອງຈີນ ທີ່ຈ້າງພວກແຮັກເກີ້ສ່ວນຫຼາຍ. ບໍລິສັດດັ່ງກ່າວ ຖືກກ່າວຫາວ່າ ຂາຍຂໍ້ມູນທີ່ລັກມາ ' ໃຫ້ກັບໜ່ວຍງານສືບຂ່າວລັບ ແລະຄວາມໝັ້ນຄົງຂອງຈີນ ເພື່ອປາບປາມເສລີພາບໃນການປາກເວົ້າແລະຂະບວນການປະຊາທິປະໄຕທົ່ວໂລກ ແລະກຸ່ມເປົ້າໝາຍທີ່ຖືກມອງວ່າເປັນໄພຄຸກຄາມຕໍ່ລັດຖະບານຈີນ' ຕາມຂ່າວປະຊາສຳພັນຈາກອົງການສັນຕິບານກາງ FBI. ອ່ານຂ່າວເປັນພາສາອັງກິດ The U.S. Justice Department announced indictments Wednesday against a dozen Chinese nationals accused in a global hacking campaign targeting U.S.-based dissidents, news organizations, government agencies and a large religious organization. According to court documents, China's Ministry of Public Security and Ministry of State Security used a network of private companies and hackers-for-hire to steal information and help locate dissidents and critics throughout the world. 'Today's announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the Chinese Communist Party (CCP),' said Assistant Director Bryan Vorndran of the FBI's Cyber Division in a statement. The 12 suspects include two officers in China's Ministry of Public Security and eight employees of a company known as i-Soon and two members of a group known as Advanced Persistent Threat 27 (APT27). A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, told The Associated Press Wednesday that the allegations were a 'smear' and said, 'We hope that relevant parties will adopt a professional and responsible attitude and base their characterization of cyber incidents on sufficient evidence rather than groundless speculation and accusations.' All of those indicted are at large, and the Justice Department is offering a reward of up to $10 million for information about the MPS officers and i-Soon, the Chinese company that employed most of the hackers. The company is accused of selling stolen information 'to China's intelligence and security services to suppress free speech and democratic processes worldwide, and target groups deemed a threat to the Chinese government,' according to a news release from the FBI.
Yahoo
06-03-2025
- Yahoo
Chinese government using freelance hackers to compromise computer networks globally, FBI warns
The Chinese government is using freelance hackers and information security companies to compromise computer networks worldwide, FBI officials said in a public warning issued Wednesday. The warning comes as indictments were unsealed in New York and Washington on Wednesday against a dozen Chinese nationals accused of hacking into American computer networks and selling stolen data to the Chinese government. 'The Department of Justice will relentlessly pursue those who threaten our cybersecurity by stealing from our government and our people,' Sue Bai, head of the Justice Department's National Security Division, said in a statement Wednesday. 'We are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed,' Bai said. 'We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security.' China's information security companies ecosystem 'flourishes' because China's government agencies 'weaponize' information security companies 'by tasking companies that advertise legitimate cybersecurity services to also use their expertise to gain unauthorized access to victim networks to collect for China's intelligence services,' FBI officials said in a statement. The government agencies in China involved in the alleged cybersecurity threats include China's primary intelligence service, the Ministry of State Security, and China's domestic police agency, the Ministry of Public Security, according to the FBI. The Southern District of New York on Wednesday unsealed an indictment against eight employees of Anxun Information Technology Co., Ltd., aka i-Soon, an information security company based in China, and two of China's domestic police officers who allegedly directed i-Soon activities 'in service of the Chinese government.' 'i-Soon has been a key player' in China's information security company ecosystem over the last decade, the FBI said. The company has been working with at least 43 separate Ministry of State Security or Ministry of Public Security bureaus in 31 provinces and municipalities across China. The indicted i-Soon hackers allegedly sold stolen data to the Chinese government agencies 'from a myriad of victims, to include US-based critics of the Chinese government and Chinese dissidents, a US news organization, a large US-based religious organization, multiple governments in Asia, and US federal and state government agencies,' FBI officials said. 'i-Soon sold information to China's intelligence and security services to suppress free speech and democratic processes worldwide, and target groups deemed a threat to the Chinese government,' officials said. i-Soon also sold platforms to China's primary intelligence service and domestic police agency customers 'for their own hacking efforts,' officials said. i-Soon's activities are publicly tracked as Aquatic Panda, Red Alpha, Red Hotel, Charcoal Typhoon, Red Scylla, Hassium, Chromium, and TAG-22, according to the FBI. 'This ecosystem of InfoSec companies and freelance hackers enables and encourages indiscriminate global cyber activity, while providing the Chinese government with a layer of plausible deniability,' FBI officials said in their statement. Also Wednesday, the federal court in Washington, D.C. unsealed two indictments of freelance Chinese hackers Yin KeCheng and Zhou Shuai, who are accused of maintaining ties to i-Soon and the Chinese government. Since 2011, Yin and Zhou have worked in China's information security company ecosystem 'and enriched themselves by selling stolen US information to the Chinese government,' prosecutors allege. Zhou served for a period of time in i-Soon's Strategic Consulting Division. Yin, known in Chinese hacking circles for his prolific targeting of US entities, explained to an associate in 2013 that he wanted to 'mess with the American military' and 'break into a big target,' hoping the proceeds from selling the stolen US data would be enough to purchase a car, prosecutors allege. At least one time, Yin compromised sensitive data which he turned over to Zhou, who partnered with an i-Soon employee to sell the stolen data, prosecutors said. Yin and Zhou's activities are publicly tracked as APT27, Threat Group 3390, Bronze Union, Emissary Panda, Lucky Mouse, Iron Tiger, UTA0178, UNC 5221, and Silk Typhoon, officials said. Anyone who suspects to be a victim of malicious cyber activity by groups associated with the government of China is urged to report the suspicious activity to the FBI's Internet Crime Complaint Center at as quickly as possible. This is a developing story. Check back for updates as more information becomes available. Download the FREE Boston 25 News app for breaking news alerts. Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW
Khaleej Times
06-03-2025
- Politics
- Khaleej Times
Chinese hackers indicted in US for Treasury breach, other attacks
Twelve Chinese nationals, including two public security ministry officers, have been indicted for a series of hacking attacks, including a 2024 breach of the US Treasury, the Justice Department said Wednesday. Other alleged victims include US-based Chinese dissidents, the foreign ministries of several Asian countries, religious organisations and additional US federal and state government agencies, the department said. Eight employees of a Chinese company called Anxun Information Technology Co. Ltd, also known as i-Soon, and two Ministry of Public Security officers were indicted in New York for involvement in the alleged hacking of email accounts, cell phones, servers, and websites between 2016 and 2023. "For years, these 10 defendants -— two of whom we allege are (People's Republic of China - PRC) officials -- used sophisticated hacking techniques to target religious organizations, journalists, and government agencies, all to gather sensitive information for the use of the PRC," acting US attorney Matthew Podolsky said in a statement. The Justice Department said the private Chinese hackers were paid in some cases by the Chinese ministries of public security and state security to exploit specific victims. "In many other cases, the hackers targeted victims speculatively," it said, identifying vulnerable computers and then selling hacked information to the Chinese government. The Justice Department said i-Soon charged the ministries of public and state security between $10,000 and $75,000 for each email inbox it successfully hacked. All 10 defendants remain at large and the State Department offered a reward of up to $10 million for information leading to their arrest. The hacking targets allegedly included a missionary organization, a group focused on promoting human rights and religious freedom in China, a Hong Kong newspaper and the foreign ministries of Taiwan, India, South Korea and Indonesia. - 'Silk Typhoon' - A separate indictment was also unsealed in Washington against Yin Kecheng and Zhou Shuai, alleged members of hacker group "APT 27," also known as "Silk Typhoon." "Yin, Zhou, and their co-conspirators exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access," the Justice Department said. Their targets included US-based technology companies, think tanks, law firms, defense contractors, local governments, health care systems, and universities. The United States sanctioned Yin in January for alleged involvement in a hack of the Treasury Department last year. According to US media outlets, then-Treasury secretary Janet Yellen and other senior Treasury officials were among those targeted. The State Department announced a reward of $2 million each for information leading to the arrest of Yin and Zhou, who are believed to be in China. Several countries, notably the United States, have voiced alarm at what they say is Chinese-government-backed hacking activity targeting their governments, militaries and businesses. Beijing rejects the allegations, and has previously said it opposes and cracks down on cyberattacks.
