Chinese Hackers | Breaking Cybersecurity News | The Hacker News

Yesterday at Stanford University in the United States, Cyber Security Experts and Leaders from more than 40 countries gathered to talk about the cyberspace security problems and cooperation among countries. The need for international cooperation in cybersecurity is evident, due to the nature of cyberspace itself. Cyberspace or the Internet is "borderless" in nature. Cai Mingzhao , Minister of the State Council Information Office of China said that China is keen to continue working with other countries to deal with cyber security Challenges. Interesting! When China is itself the culprit in major Cyber Threats and attacks. " To maintain cyber security, we need to strengthen international cooperation, " and " We are ready to expand our cooperation with other countries and relevant international organizations on the basis of equality and mutual benefit, " he said . He said that the China is a victim of cyber security breaches, where more than 80% of Chinese i

Earlier this year, in the month of July it was first discovered that 99% of Android devices are vulnerable to a flaw called " Android Master Key vulnerability " that allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the device.  The vulnerability was also responsibly disclosed to Google back in February by Bluebox and but the company did not fix the issue even with Android 4.3 Jelly Bean. Later, Google has also modified its Play Store's app entry process so that apps that have been modified using such exploit are blocked and can no longer be distributed via Play. Then after a few days, in the last week of July this year,  Android Security Squad , the China -based group also uncovered a second Android master key vulnerability similar to the first one. Security researcher  Jay Freeman has  discovered  yet another Master Key vulnerability in A

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

We have discussed many times in our stories the network of Intelligent devices , their capabilities and the possibilities that cyber criminals could exploit them for illegal activities. Hidden chips are used by cyber criminals and state-sponsored hackers to infiltrate company networks and organizations for various purposes, to send out spam or for cyber espionage . The fact has happened in Russia, the State-owned channel Rossiya 24 has showed the images of an electric iron included in a batch of Chinese imports where the operators find a chip used for spying the environment surround. China is planting Microchips practically in every electrical device, as recently it has been discovered that the  electric iron  and kettles were modified with this technique to launch spam attacks. The Microchips were equipped with a little microphone and according to the correspondent the component were mostly being used to serve malware and the chips in fact are able to connect any co

In March of this year, we saw the first ever 300 Gigabit DDoS attack , which was possible due to a DNS Reflection Amplification attack against Spamhaus . On 24 September World's 3rd Largest Bitcoin exchange BTC China , a platform where both Bitcoin and Chinese yuan are traded faced massive DDoS attack for continued nine hours, where no amplification techniques were used. Incapsula , Cloud-based security service provider helped the Chinese Bitcoin trader to protect them from such massive denial-of-service attack and successfully mitigated the threats. Incapsula tweeted  a graph of DDoS attack last month as shown, " Yesterday we prevented a ~100Gbps DDoS. The attack's load was distributed across our 350Gbps network. " Specialist at Incapsula shared the details of the attack with TheRegister , explained " The attack against BTC China took the form of a SYN flood rather than the DNS amplification-style attack ", " The attacker balanced the assault betwee

Kaspersky Lab has identified another Chinese APT campaign , dubbed ' Icefog ', who targeted Governmental institutions, Military contractors, maritime / shipbuilding groups, telecom operators, industrial and high technology companies and mass media. The Hacking group behind the attack who carry out surgical hit and run operations , is an advanced persistent threat (APT) group, used a backdoor dubbed Icefog that worked across Windows and Mac OS X to gain access to systems. " The Mac OS X backdoor currently remains largely undetected by security solutions and has managed to infect several hundred victims worldwide ," the report  (PDF) said. This China-based campaign is almost two years old and follows the pattern of similar APT-style attacks where victims are compromised via a malicious attachment in a spear-phishing email, or are lured to a compromised website and infected with malware . The attackers embed exploits for several known vulnerabilities (CV

During the weekend China's Internet was taken down by a powerful distributed denial of service (DDoS) attack on the .cn domain slowed and blocked Internet access inaccessibility for hours. Security expert clarified that China could have been perpetrated by sophisticated hackers or by a single individual. The China Internet Network Information Center [ CINIC ] reported that the attack began at 02:00 local time on Sunday with a peek at 04:00 that made it the largest DDoS attack the country's networks have ever faced. The CCINIC is responsible for registering sites in the .cn domain. Before malicious coders can launch a DDoS attack, they must infect the computers of unsuspecting users, often by tricking people into installing malware on their computers. The China Internet Network Information Center confirmed the attack with an official statement informing internet users that it is gradually restoring web services and that will operate to improve the security leve

A notorious Chinese hacker collective known as APT1 or Comment Crew, possibly linked to the Chinese Army, have been caught red handed breaking into a fake United States water control system i.e. known as a Honeypot . Kyle Wilhoit, a researcher with security company Trend Micro has just revealed the details at BlackHat Conference on Wednesday.  Hackers hacked a water control system for a US municipality back in December last year, but it was merely a decoy set up by Kyle Wilhoit using a Word document hiding malicious software to gain full access.  The honeypots directly mimicked the ICS/Scada devices used in many critical infrastructure power and water plants. Cloud software was used to create realistic Web-based login and configuration screens for local water plants seemingly based in Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have been tracked back to the APT1 Group, which security company Mandiant has claimed operate

Android Security Squad, the China-based group that  uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures.  The whole point of digitally signing a document or file is to prove the file hasn't been modified. The process uses a form of public-key cryptography . In Chinese version of hacking attack, malicious code can be added into the file headers, but the method is limited because targeted files need to be smaller than 64K in size. APK files are packed using a version of the widespread ZIP archiving algorithm. Most ZIP implementations won't permit two same-named files in one archive, but the algorithm itself doesn't forbid that possibility. So basically, two versions of the classes.dex file are placed inside of the package, the original and a hacked alternative. When checking an app's digital signature, the Android OS looks at the first matching file, but when act

Security experts are confident that the Chinese hackers group known as Comment Crew is still operating under cover. " The Comment Crew is back again " this is the rumor within Intelligence community, researchers suspect the involvement of the group of hackers in the recent cyber dispute between U.S. and China. Let's make a step back, last February Mandiant Intelligence firm released an interesting report that revealed an enterprise-scale computer espionage campaign dubbed APT1. Mandiant linked the APT1 attacks, that compromised 141 organizations in seven years, to Chinese military unit called " 61398 ". The is very interesting is that the security firm identified a common pattern for the attacks conducted by Chinese hackers group, it was also able to define a series of key indicators for identifying ongoing APT attacks. Mandiant security firm had monitored the group during last years and report details its operations, it wasn't the only one FireEye is anoth

Edward Snowden, the self confessed NSA Whistleblower of secret surveillance documents, claimed Wednesday that the United States intelligence agents have been hacking computer networks around the world, specially Chinese targets since 2009. Snowden alleged that the Prism program , which collects information on users of numerous technological services such as Google, Facebook and Twitter, targeted universities, businesses and public officials throughout mainland China and Hong Kong. Out of More than 61,000 targets of the National Security Agency , there are thousands of computers in China which U.S. officials have increasingly criticized as the source of thousands of attacks on U.S. military and commercial networks. China has denied such attacks. " We hack network backbones like huge Internet routers, basically that give us access to the communications of hundreds of thousands of computers without having to hack every single one ," he revealed. But why Snowden leaking all this infor

China has developed a new supercomputer known as Tianhe-2  which is twice as fast as US and Japanese systems has been measured at speeds of 30.65 petaflops or 74 percent faster than the current holder of the world's-fastest-supercomputer title. Titan, the U.S. Department of Energy's fastest supercomputer, has been clocked in at just 17.6 petaflops per second. Earlier reports said China is aiming for no lesser than a 100 Petaflops machine by 2015. China's National University of Defense Technology last week revealed about a massive machine in Changsha, that's expected to come out next weekend during the International Supercomputing Conference. Tianhe-2 is built with Intel Ivy Bridge and Xeon Phi processors. The powerful system was assembled by Chinese company Inspur using tens of thousands of the latest multicore chips produced by Intel, with an addition of some home-made technology. In total, the supercomputer is said to contain over 3 million processor cor

Since 2010, foreign state sponsored organizations have repeatedly compromised an unencrypted database maintained by the Veterans Affairs Department that contains personally identifiable information on roughly 26 million veterans. Including at least eight foreign-sponsored organizations, mostly connected to the Chinese military had successfully compromised VA networks and data.  Other than this, possibly Russia were identified as likely culprits in the attempts to steal VA data. Details regarding exactly what information has been compromised are sparse, but unencrypted data included names, dates of birth and Social Security numbers of veterans that could be used to commit credit and identity fraud. Lack of basic security controls, such as encryption of data, make VA an easy target. The 2006 breach was caused by the theft of a VA employee's laptop, which contained personal information on about 26 million veterans and military personnel. From another report, The Marc

As concerns are growing regarding Chinese hacking attacks, the country will undergo its first digital war games. Only two days after the U.S. has attributed cyber espionage attacks against U.S. government and business entities to the Chinese Government and Military, it was announced that the Chinese will soon be conducting digital war games for the first time in the country's history. " It will be the first time a People's Liberation Army exercise has focused on combat forces including digitized units, special operations forces, army aviation and electronic counter forces, " the report said. The timing of the digital war games is also interesting, since it will coincide with a meeting between President Barack Obama and Chinese President Xi Jinping next week as Washington's level of concern rises regarding Chinese hacking of US military networks. The army's general staff department said eight military academies and forces from the Beijing Military Area Comman

According to report published by for the Defense Department and government and defense industry officials, Chinese hackers have gained access to the designs of many of the nation's most sensitive advanced weapons systems. The compromised U.S. designs included those for combat aircraft and ships, as well as missile defenses vital for Europe, Asia and the Gulf, including the advanced Patriot missile system, the Navy's Aegis ballistic missile defense systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter. The report comes a month before President Obama meets with visiting Chinese President Xi Jinping in California. The report did not specify the extent or time of the cyber-thefts, but the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data. For the first time, the Pentagon specifically named the Chinese government a

Secret and highly sensitive and $630 million building blueprints outlining the layout of Australia's top spy agency's new headquarters have been stolen by Chinese hackers. According to a report by the ABC 's Four Corners, the blueprints included floor plans, communications cabling, server locations and the security systems. The cyber attack, launched on a contractor involved in work at the site, is one of the reasons completion of the new building has been delayed. Companies including BlueScope Steel and Adelaide-based Codan, which makes radios for military and intelligence agencies, are also said have been targeted by the Chinese. Under this major hacking operations, hackers successfully breached the Defence Department's classified email system, the Department of Prime Minister and Cabinet, and the Department of Foreign Affairs and Trade. A separate attack on the Defence Department involved an employee sending a highly classified document from his des

In 2010, as part of what has been dubbed as Operation Aurora , Chinese hackers infiltrated a special database within Google's systems and gained access to a sensitive database worth of information about American surveillance targets.  Google reported the hack publicly years ago, saying that the sophisticated attack resulted in the theft of Google intellectual property and the partial compromise of some human rights activists' email accounts. When the news first surfaced in 2010, Google said hackers stole the source code behind its search engine, and targeted email accounts of activists critical of China's human rights record. But recently discovered that the hackers also obtained surveillance information, including emails belonging to suspected spies, diplomats and terrorists which law enforcement officials had been monitoring. Google reported this breach to the FBI, resulting in a national security investigation. According to the sources, hackers were after the names of

Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese  cyber criminal group to target South East Asian organizations from the video gaming sector. Winnti malware used by hackers to hijack control of web users systems using a new backdoor contained in the legitimate Aheadlib analysis tool. Dubbed as " Bkdr_Tengo.A, " passes itself off as a legitimate system DLL file called winmm.dll. " We believe that this was done using a legitimate tool called Aheadlib, which is a legitimate analysis tool. "  wrote Trend Micro's Eduardo Altares. " The file is not encrypted and neither was it particularly hard to analyze. Its main behavior is to steal Microsoft Office, .PDF, and .TIFF files from USB drives inserted into the system. These stolen files are stored in the $NtUninstallKB080515$ under the Windows folder. It also creates a log file named Usblog_DXM.log. The files can be retrieved by

QinetiQ , a UK-based defense contractor  suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information all this because of QinetiQ's faulty decision-making. QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East. The hacking was so extensive that external consultants ended up more or less working permanently inside the firm to root out malicious software and compromises on an ongoing basis. In one of the attacks, that took place in 2009, the hackers raided at least 151 machines of the firm's Technology Solutions Group (TSG) over a 251-day period, stealing 20 gigabytes of data before being blocked.  As the White House moves to confront China over its theft of U.S. technology through hacking, policy makers are faced with the questi

U.S. intelligence agencies traced a recent cyber intrusion into U.S. Army database that holds sensitive information about vulnerabilities in U.S. dams.  The U.S. Army Corps of Engineers National Inventory of Dams contains information about 79,000 dams throughout the country and tracks such information as the number of estimated deaths that could occur if a specific dam failed. The database also holds sensitive information, including vulnerabilities, of every major dam throughout the country. Michelle Van Cleave, a former consultant to the CIA, told the Beacon that the data breach appeared to be part of a greater effort to collect vulnerability and targeting data for future cyber or military attacks. The Corps of Engineers National Inventory of Dams was hacked by an unauthorized user believed to be from Chinese government or military cyber warriors, beginning in January and uncovered earlier this month. " In the wrong hands, the Army Corps of Engineers' database cou

FireEye experts have been tracking the Operation Beebus campaign for a few months now, and new same gang of hackers are being blamed for a set of recently discovered spear-phishing attacks that aim to steal information related to American drones . These attacks exploited previously discovered vulnerabilities via document files delivered by email in order to plant a previously unknown backdoor onto victim systems. Operation Beebus is an APT-style attack campaign targeting government agencies in the United States and India as well as numerous aerospace, defense, and telecom industry organizations. FireEye Labs has linked the attacks to the China-based Comment Group hacker collective (a prolific actor believed to be affiliated with the Chines government), and Operation Beebus. " The set of targets cover all aspects of unmanned vehicles, land, air and sea, from research to design to manufacturing of the vehicles and their various subsystems. Other related malware have been discov