Chinese Hackers | Breaking Cybersecurity News | The Hacker News

It's been almost four weeks since the outcry of WannaCry ransomware , but the hackers behind the self-spread ransomware threat have not been identified yet. However, two weeks ago researchers at Google, Kaspersky Lab, Intezer and Symantec linked WannaCry to 'Lazarus Group,' a state-sponsored hacking group believed to work for the North Korean government. Now, new research from dark web intelligence firm Flashpoint indicates the perpetrators may be Chinese, based on its own linguistic analysis. Flashpoint researchers Jon Condra and John Costello analyzed each of WannaCry's localized ransom notes, which is available in 28 languages, for content, accuracy, and style, and discovered that all the notes, except English and Chinese versions (Simplified and Traditional), had been translated via Google Translate. According to the research, Chinese and English versions of the ransomware notes were most likely written by a human. On further analysis, researchers discovered that

Hackers won't be spared. Three Chinese hackers have been ordered to pay $8.8 million (£6.8 million) after hacking email servers of two major New York-based law firms to steal corporate merger plans in December 2016 and used them to trade stocks. The U.S. District Judge Valerie Caproni in Manhattan sued 26-year-old Iat Hong, 30-year-old Bo Zheng, and 50-year-old Hung Chin, over a multi-million dollar insider trading scam. According to BBC News , the U.S. Securities Exchange Commission (SEC) alleged the three hackers targeted 7 different law firms, but managed to installed malware on networks belonging to two law firms only, then compromised their IT admin accounts that gave the trio access to every email account at the firms. Access to the email and web servers allowed them to gain information on planned business mergers and/or acquisitions. The trio then used this information to buy company stock before the deal, and then sell it after the public announcement of the merger

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Researchers have uncovered a Chinese cyber-espionage against the United States ahead of the trade summit on Thursday between US President Donald Trump and China's President Xi Jinping. According to a new report published today by Fidelis Cybersecurity firm, the Chinese APT10 hacking group implanted a piece of malware on the "Events" page of the US National Foreign Trade Council (NFTC) website in February. Dubbed ' Operation TradeSecret ,' the attack against the NFTC site is seen as an attempt to conduct surveillance on the main industry players and lobbyists closely associated with U.S trade policy activities. Researchers say hackers placed a malicious link on the NFTC website, inviting the organization's board of directors to register for a meeting in Washington DC on March 7. But clicking on the link deployed a spying tool called " Scanbox ." Dates back to 2014, Scanbox – previously used by nation-state threat actors associated with the

Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages. SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send convincing bogus messages to trick mobile users into downloading a malware app onto their smartphones or lures victims into giving up sensitive information. Security researchers at Check Point Software Technologies have uncovered that Chinese hackers are using fake base transceiver stations (BTS towers) to distribute " Swearing Trojan ," an Android banking malware that once appeared neutralized after its authors were arrested in a police raid. This is the first ever reported real-world case in which criminals played smart in such a way that they used BTS — a piece of equipment usually installed on cellular telephone towers — to spread malware. The phishing SMS, which masquerades itself as the on

The brand new Android smartphone launched by Google just a few months back has been hacked by Chinese hackers just in less than a minute. Yes, the Google's latest Pixel smartphone has been hacked by a team white-hat hackers from Qihoo 360, besides at the 2016 PwnFest hacking competition in Seoul. The Qihoo 360 team demonstrated a proof-of-concept exploit that used a zero-day vulnerability in order to achieve remote code execution (RCE) on the target smartphone. The exploit then launched the Google Play Store on the Pixel smartphone before opening Google Chrome and displaying a web page that read "Pwned By 360 Alpha Team," the Reg media reports . Qihoo 360 won $120,000 cash prize for hacking the Pixel. Google will now work to patch the vulnerability. Besides the Google Pixel, Microsoft Edge running under Windows 10 was also hacked in PwnFest hacking competition. The Qihoo 360 team also hacked Adobe Flash with a combination of a decade-old, use-after-free