world

Chinese cyber-espionage unit on U.S. hacking spree: report

39 Comments

The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.

© 2021 AFP

©2021 GPlusMedia Inc.

39 Comments
Login to comment

I think that all this is US propaganda since most of the government sponsored hacking is done by USA and Israel followed by UK. While Russians and Chinese private individuals and hacking clubs do exist the governments are only interested in preventive information collecting unlike the western governments that actually try to use the hacking as a weapon to interfere with the industry and research in attacked countries.

-21 ( +8 / -29 )

Damn commies. Thank our god for not letting Americans do the same low down commie hacking. MAGA Make America God Again

-18 ( +2 / -20 )

ZvonkoJonathanToday  02:24 pm JST

I think that all this is US propaganda since most of the government sponsored hacking is done by USA and Israel followed by UK.

Show us your evidence please.

5 ( +16 / -11 )

I think that all this is US propaganda since most of the government sponsored hacking is done by USA and Israel followed by UK. While Russians and Chinese private individuals and hacking clubs do exist the governments are only interested in preventive information collecting unlike the western governments that actually try to use the hacking as a weapon to interfere with the industry and research in attacked countries.

Not true. Not true at all. Read what I have posted in the link below. It was a report generated by a private cyber security firm and published in order to make customers and the public at large aware of the great size, scope and persistence of Chinese cyber espionage. The full report even includes screen shots taken while the Chinese are going through a customer's data bases. Fireeye, then called Mandiant, was working with this customer both to defeat the hack and to identify who was doing it. The report even names the PLA unit the hackers belong to, show images of their workplace in the Pudong district of Shanghai and even names a couple of them and how they were able to determine their names. You cannot read a report like this and still believe the deliberate disinformation being put out by "ZvonkoJonathan".

https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf

7 ( +14 / -7 )

I used to think that when war broke out, this would be a new form of warfare. For this reason, went the story, people would need to practice preventing such attacks, in the event that such a war should ever break out.

Looks like some people have not been waited for any formal war, and just got stuck in anyway.

4 ( +5 / -1 )

Here is a quote from the opening paragraphs of the Fireeye report in the link in the post above.

"The activity we have directly observed likely represents only a small fraction of the cyber espionage that APT1 has conducted. Though our visibility of APT1’s activities is incomplete, we have analyzed the group’s intrusions against nearly 150 victims over seven years. From our unique vantage point responding to victims, we tracked APT1 back to four large networks in Shanghai, two of which are allocated directly to the Pudong New Area. We uncovered a substantial amount of APT1’s attack infrastructure, command and control, and modus operandi (tools, tactics, and procedures). In an effort to underscore there are actual individuals behind the keyboard, Mandiant is revealing three personas we have attributed to APT1. These operators, like soldiers, may merely be following orders given to them by others.

Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. In seeking to identify the organization behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate."

3 ( +7 / -4 )

Chinese cyber-espionage unit on U.S. hacking spree: report

No doubt. And the Biden government moved quickly to re-allow the CCP into the US power grid, and to re-allow the CCP "Confucius Institute" propaganda outfit into US universities. Stand by this new government to re-allow Hua Wei into 5G projects. Some very happy campers in Beijing.

-6 ( +8 / -14 )

Btw, on 19 May 2014 a grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.

9 ( +13 / -4 )

So is Microsoft going to pull out of China? How about Orix, Intel, and Sun Micro Systems?

Seems all that phat cash they were all promised came with a ...

catch.

Who knew?

9 ( +13 / -4 )

Oh but wait. China is our friend. How could they?

In China Yiji Shangjiang (Genral) Lee stated some concerns about patches and the mission success to steak more secrets from the U.S.A.

No data! No ticky!

He said to his IT's!

Meanwhile in the USA, Biden will just offer up a little slap on the wrist. China public gami gami.

Better send Hunter on mission of diplomacy, wink wink. Stated Biden

-13 ( +2 / -15 )

You'd think they could load malware into the data being targeted and take down the hackers.

10 ( +10 / -0 )

Amazingly

-4 ( +0 / -4 )

China has been waging war on many fronts for a long time, any one who has not been aware or denies it is either blind, ignorant, stupid or complicit !

This is just one more aspect of their onslaught, be prepared for much much more and expected it to come in ways you did not even imagine.

7 ( +11 / -4 )

It’s not so difficult as it sounds. Just disconnect your private (=corporate, company) network from the public network, internet etc. Then take extraordinarily strict measures on the interface machines, that are used to connect between the both nets. Not so much staff and resources needed for this, right? One well-paid trusted IT guy or girl can do it for any size of company. By doing this, you only transfer the necessary and filtered or anonymizes data to that machine, without any value for the black hackers, intruders , rival countries and all such. Also you ensure in return to get only raw or structured table data back from outside, that therefore simply can’t contain macros or executables harming your Intranet. A short example...you send only product availability and price lists to that interface machine, so no one can have access to your PDF, patents, research documents and such. And in return you only accept table data, like customer data, orders, delivery states and such as outside input for your interface machine. There simply is no dangerous virus, spyware, scum , macros or executable files in those simple text data. Of course still physical access in your building must be avoided, by a guard man, someone you hired, not from a security service company. And then...You can sleep relaxed like a baby, private, as a company or as a country....lol

3 ( +4 / -1 )

WilliBToday  03:16 pm JST

Chinese cyber-espionage unit on U.S. hacking spree: report

No doubt. And the Biden government moved quickly to re-allow the CCP into the US power grid, and to re-allow the CCP "Confucius Institute" propaganda outfit into US universities.

Biden did not "re-allow the Confucius Institutes" into our Universities. In fact, Trump never got rid of them. All he did was make it mandatory for such schools to report their involvement. And all Biden did was remove that requirement since anyone off the street with a laptop can google up which schools.

3 ( +5 / -2 )

This is one reason China requires all foreign business to give their proprietary technologies over to them. To either copy it or to learn how to hack it!

It is time for countries to respond accordingly and put China in its place!!!

9 ( +10 / -1 )

Start by boycotting the Olympics then divest from China!

7 ( +8 / -1 )

May a small meteorite make a direct hit upon the building where those Hacker sit.

4 ( +5 / -1 )

First BioWeapon attacks, then CyberAttacks... the CCP really should be flagged as a Terrorist Organisation.

4 ( +5 / -1 )

Are you sure this action is chinese???. I am not because the chinese are too busy with their business growth.

-8 ( +0 / -8 )

Why do we keep doing business with this regime?

3 ( +4 / -1 )

A) Don't put email servers directly on the internet, especially monsters like MS-Exchange.

B) Use an email gateway server to filter all in/out emails so stuff you don't want in is drastically reduced and stuff you don't want leaving DOESN'T LEAVE.

C) Keep all your internet connected systems patches. Never run unsupported OSes on the internet.

D) Make all desktops and client devices go through professionally managed proxies. Have tools AND humans actually review the logs on those proxies for odd behavior, strange connections, connections to places that shouldn't happen. If a desktop can 'ping google.com', then you've failed.

There is a slight, but important, difference between how the US gathers information over the internet and how almost everyone else does it. When China or France or Russia do it, everything they learn is handed over to local corporations to be used. In 6-18 months, the stolen information shows up in new products. There is plenty of proof of this in the world press.

When the USA does it, nothing is handed over to corporations. Information gathered is used purely for military planning based on capabilities.

I've worked in air-gapped environments. It is a pain, but necessary. Almost every programmer working in the environment wanted to find a way around those restrictions because it cuts their productivity about 90% when they can't quickly lookup solutions/answers online. The normal workers inside that environment also were unhappy because during their shifts, they had no contact with the outside world. Where I worked, no RF could get inside or outside the building - no cell phones worked. Only wired voice lines were allowed and everything was recorded. All USB ports were physically disabled. There were lockers for any devices with cameras, outside the building.

Microsoft will never implement this sort of security in their corporate offices. Heck, about 15 yrs ago, some of my servers were being attacked from inside the corporate MSFT network, which told me all I needed to know about their lax security. What is really sad is they are 90% better than everyone else.

We should never forget that every Chinese company - all of them - are effectively extensions of the Chinese CCP govt. This is part of their laws. They cannot refuse to provide access to any data the CCP request. Period.

The US is different. Companies refuse to provide data to the USgovt all the time and take the govt to court AND they win, often. It may seem similar, but it isn't in some important ways.

Now, in Europe, there are some laws around encryption which I find very worrisome - mainly in the UK and France. If requested, a person cannot refuse to provide unlocking codes to those govts. May as well be in India or Pakistan or Russia as far as that is concerned. In the US, you can always refuse. The right against self-incrimination, 5th Amendment, is very important.

4 ( +6 / -2 )

Biden did not "re-allow the Confucius Institutes" into our Universities. In fact, Trump never got rid of them. All he did was make it mandatory for such schools to report their involvement. And all Biden did was remove that requirement since anyone off the street with a laptop can google up which schools.

The GAO had already conducted a survey of all the Confucian Institutes in the US. There are a grand total of 54 now, down from over 100. There was no need for the additional reporting as the GAO already has the information.

Regarding the power grid, Mr. Biden’s executive order suspended for 90 days a directive issued by former President Donald Trump that aimed to limit the use of electrical equipment manufactured by foreign adversaries, like China. However, under Biden’s executive order, the prohibitions against installing foreign utilities in the U.S. power grid remain in place. Under Mr. Biden's order only the prohibition against buying Chinese made electrical utility equipment is suspended. "During this 90-day review period, Responsible Utilities will refrain from installation of bulk-power system electric equipment or programmable components… subject to foreign adversaries’ ownership, control, or influence," the Energy Department wrote on an FAQ page on its website.

3 ( +3 / -0 )

@theFu knows of which he speaks. Very good post.

2 ( +2 / -0 )

Are you sure this action is chinese???. I am not because the chinese are too busy with their business growth.

How do you think they grow their businesses? Mao killed or ran off a whole generation of highly educated Chinese who today should be their senior engineers, scientists, program managers developing the next hot product. My wife is one of those people and her mother was run out of the classroom and into internal exile by the Red Guards. Lacking talent and decades behind the west in many important technologies the Chinese have chosen to steal what they need to catch up.

2 ( +2 / -0 )

Why do we keep doing business with this regime?

Buick is the best selling automobile brand in China. China is GMs largest and most profitable market. Yep, GM sells more cars in China than in the US and makes pretty much all of them in China including GM cars and SUVs you have never seen outside of China (driving around Shanghai is great fun for a car guy like me, so much interesting hardware on the street). About 25% of Boeing's sales are to Chinese airlines and Boeing has a final assembly line in China for their Chinese deliveries. Tesla has a huge factory in Shanghai. Starbucks, KFC, Walmart are everywhere (the KFC menu in China is quite interesting) and now Costco has a big store in Shanghai with more planned to come. Chinese firms are Caterpillar's biggest customers, not just in China but equipment for Chinese projects all across Asia and Africa. How does the US unravel this? The businesses involved won't leave willingly at this point so one has to ask what can the US government legally do that will pass muster with the courts to force US firms to abandon what for some is their largest and most profitable market? Think about it, just about anything the US government tries to do will end up before the US Supreme Court so any legislation must be carefully crafted to withstand the inevitable challenges. What for example would prevent GM or Caterpillar from simply de-camping their headquarters from the US to another nation or even China itself if the shareholders thought such a move would best protect their profits? Imagine if Boeing did that!

4 ( +4 / -0 )

@theFu, maybe you can give me some insight on a thought I have had. Instead of air gapping everything with all the problems you mention ( I too have been on an air gapped network ) how about say the DoJ, State Department and DoD writing their own custom operating systems and graphic interfaces and encrypting the software code? My thought is that if the tools were not shared with commercial products like Macroshaft and their nature kept secret, along with encrypting the code itself most, maybe all, hacking could be thwarted. I have heard people say this would be possible but prohibitively expensive but it seems the cost of these hacks has become prohibitively expensive.

2 ( +2 / -0 )

how about say the DoJ, State Department and DoD writing their own custom operating systems and graphic interfaces and encrypting the software code?

There are a few difficulties with this:

1) Governments often have a hard time bringing in high level IT, as it can be hard to compete with the salaries offered by the private sector.

2) Smaller software teams, building custom built solutions, have a harder time writing secure systems, as they have less manpower for doing testing, and a smaller user base for testing upon.

Consider that microsoft has some of the most skilled developers on the planet, and their primary focus is on creating secure code, with teams of developers coding, and yet still get hacked. Now consider how hard it would be for the DoD to do that, with less access to skilled resources, and less ability to test code security.

3 ( +3 / -0 )

1) Governments often have a hard time bringing in high level IT, as it can be hard to compete with the salaries offered by the private sector.

2) Smaller software teams, building custom built solutions, have a harder time writing secure systems, as they have less manpower for doing testing, and a smaller user base for testing upon.

I know at least the place I work has the talent and does work of this nature. It would require a decision by the top leaders to abandon commercial software and write a custom solution.

Consider that microsoft has some of the most skilled developers on the planet, and their primary focus is on creating secure code,

If true, then why is so much of their software kludge Swiss Cheesed full of security holes? No, they develop software to a price point and if anything to maximize collection of user information. Windblows 10 is all about gaining information on the user. I think the party line that private enterprise is always and forever superior to a government effort gets in the way of making the decision to abandon commercial software in favor of in-house software.

0 ( +0 / -0 )

1) Governments often have a hard time bringing in high level IT, as it can be hard to compete with the salaries offered by the private sector.

It depends on the government agency.

The NSA is notorious for competing with the private sector for talent. However, their operations become so secret that nearly nothing leaves the agency. Worse still is the operational security that could prevent the use of intelligence or know-how gathered.

RF will almost always create leaks even in the most secure systems. RF espionage has been the "hack" for nearly a 100 years.

2) Smaller software teams, building custom built solutions, have a harder time writing secure systems, as they have less manpower for doing testing, and a smaller user base for testing upon.

Linux is open source and easier to adapt and control than say a MS OS, which is using Facebook business models of treating the users and their information as the product. As it stands, large software teams are a necessity at large corporations to modify IT to be less leaky.

1 ( +1 / -0 )

Trump likely gave his business partners in the CCP all the passwords when he left - just one more tantrum from the two-year old....

And after four years, there's still plenty of Chinese-made merchandise for sale at the Trumpstore.com...

1 ( +1 / -0 )

Time for users to change their passwords.

I use unique passwords for every site or account, made up of 16-24 characters. I change them every three months. But I only have to remember a single password because I use a password manager, in my case, Dashlane. Works across all my devices.

Use a password manager and take the head ache out of it.

1 ( +1 / -0 )

Is that happening? Is there any real necessity for China to carry on with such cyber-espionage?

There is no great advantage to emulate the western nations on spying, especially when China has been going for total self-reliance? Rather perplexing..

0 ( +0 / -0 )

@Zichi: I use keychain through Apple. Horizontal system as opposed to Windows, so no issues.

-1 ( +0 / -1 )

I use Apple keychain too but does not work with non Apple browsers. The password manager allows me to store all secure details like passport, credit card, banks. I find that very useful when I’m out and about. Also you can share with other family members if you want. Or a company could allow its employees to have access to passwords.

0 ( +0 / -0 )

The USgovt used to use proprietary OSes and software. It was crappy and like all US govt programs, it was always massively late and massively over budget. There was a real effort to switch to COTS whenever possible to save money. We got what we wanted AND got interoperability too. Interoperability means greater productivity for office workers, though it doesn't always seem that way.

The problem with most govt software needs is that interoperability is required and the rest of the country uses just a few proprietary OSes, with proprietary software, that supports a limited number of platforms. If the govt doesn't use those same systems, now they need to support the OS AND the applications.

Govts will always have some proprietary systems. There are things that only they do. Those systems work at a scale that few other organizations understand. Systems architecture that doesn't consider scaling up can easily ensure a terrible solution for govts.

Encryption isn't something the USGovt should be doing themselves. The implementation will need to be used by outside parties and only widely reviewed and shared implementations will be reviewed by the thousands of experts. There's a well known saying in cryptography. https://www.schneier.com/blog/archives/2015/05/amateurs_produc.html

It is suggested that the OS, data, and data transfers should all be encrypted. Well ... there are systems like that. They try to validate that any connected devices have registered keys and should be allowed access to the data. This is sorta like how HDMI in your TV works. If you've ever had an incompatible HDMI device, you understand how bad that can be. Just imagine if 10% of your computers or networking gear isn't compatible after a security patch. That would bring an organization down.

All of this is extremely inconvenient and costly. The more proprietary a system is, the most costly it will be to create, deploy, maintain. Plus, the code will get out, so all that effort will still end up in someone else's hands.

0 ( +0 / -0 )

One well-paid trusted IT guy or girl can do it for any size of company.

This post has to be one of the most confident sounding post on JT this week, that to anyone who knows what they're talking about, was clearly made by someone with no clue of what they speak.

Welcome to JT.

2 ( +2 / -0 )

At least 30,000 U.S. organizations including local governments have been hacked in recent days by an "unusually aggressive" Chinese cyber-espionage campaign, according to a computer security specialist.

CCP hacking and interference has always been aggressive, and with the Biden government busy reversing all the anti-CCP restrictions that Trump put in place, it will pick up steam immensely.

We are definitely making the CCP great again.

-2 ( +0 / -2 )

One well-paid trusted IT guy or girl can do it for any size of company.

This post has to be one of the most confident sounding post on JT

this week, that to anyone who knows what they're talking about, was

clearly made by someone with no clue of what they speak.

I'd love to know how 1 well-paid person will setup air-gapped connections for a company with 5000 locations. I only needed to handle wifi designs at 1200 locations and it took about a year with hundreds of people involved to deploy. Dealing with the networking was easy. Procurement, training, 2FA assignment, key-fob deployment, VPN infrastructure, employee churn, and connectivity only to specific systems where much harder.

If you haven't done something at the same scale before, then you don't really know what is involved.

0 ( +0 / -0 )

Login to leave a comment

Facebook users

Use your Facebook account to login or register with JapanToday. By doing so, you will also receive an email inviting you to receive our news alerts.

Facebook Connect

Login with your JapanToday account

User registration

Articles, Offers & Useful Resources

A mix of what's trending on our other sites