#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Chinese Hackers | Breaking Cybersecurity News | The Hacker News

CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

Sep 15, 2020
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks," the cybersecurity agency said. Over the past 12 months, the victims were identified through sources such as Shodan , the Common Vulnerabilities and Exposure ( CVE ) database, and the National Vulnerabilities Database (NVD), exploiting the public release of a vulnerability to pick vulnerable targets and further their motives. By compromising legitimate websites and leveraging spear-phishing emails with malicious links pointing to attacker-owned sites in order to gain initial access, the Chinese
US Government Warns of a New Strain of Chinese 'Taidoor' Virus

US Government Warns of a New Strain of Chinese 'Taidoor' Virus

Aug 04, 2020
Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks. Named " Taidoor, " the malware has done an 'excellent' job of compromising systems as early as 2008 , with the actors deploying it on victim networks for stealthy remote access. "[The] FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation," the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) said in a joint advisory . The US Cyber Command has also uploaded four samples of the Taidoor RAT on the public malware repository VirusTotal to let 50+ Antivirus companies check the virus's involvement in other unattributed cam
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI

EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI

Jul 31, 2020
The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are ' WannaCry ', ' NotPetya ', and ' Operation Cloud Hopper ,' as well as an attempted cyber-attack against the organization for the prohibition of chemical weapons. Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals. The companies involved in carrying out cyberattacks include an export firm based in North Korea, and technology companies from China and Russia. The sanctions imposed include a ban on persons traveling to any EU countries and a freeze of assets on persons and entities. Besides this, EU citizens and entities are also forbidden from doing any busin
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
US Charges 2 Chinese Hackers for Targeting COVID-19 Research and Trade Secrets

US Charges 2 Chinese Hackers for Targeting COVID-19 Research and Trade Secrets

Jul 22, 2020
The U.S. Department of Justice (DoJ) yesterday revealed charges against two Chinese nationals for their alleged involvement in a decade-long hacking spree targeting dissidents, government agencies, and hundreds of organizations in as many as 11 countries. The 11-count indictment , which was unsealed on Tuesday, alleges LI Xiaoyu (李啸宇) and DONG Jiazhi (董家志) stole terabytes of sensitive data, including from companies developing COVID-19 vaccines, testing technology, and treatments while operating both for private financial gain and behalf of China's Ministry of State Security. "China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being 'on call' to work for the benefit of the state, [and] to feed the Chinese Communist party's insatiable hunger for American and other non-Chinese companies' hard-earned intellectual property, includ
Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions

Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions

Jul 21, 2020
An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong intending to steal sensitive information, cybersecurity firm Malwarebytes revealed in the latest report shared with The Hacker News. The attacks were observed during the first week of July, coinciding the passage of controversial security law in Hong Kong and India's ban of 59 China-made apps over privacy concerns, weeks after a violent skirmish along the Indo-China border. Attributing the attack with "moderate confidence" to a new Chinese APT group, Malwarebytes said they were able to track their activities based on the "unique phishing attempts" designed to compromise targets in India and Hong Kong. The operators of the APT group have leveraged at least three different Tactics, Techniques, and Procedures (TTPs), using spear-phishing emails to drop variants of Cobalt Strike and MgBot malware, and bogus Andr
Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs

Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs

May 27, 2020
Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The botnet was traced back to a group it calls ShuangQiang (also called Double Gun ), which has been behind several attacks since 2017 aimed at compromising Windows computers with MBR and VBR bootkits , and installing malicious drivers for financial gain and hijack web traffic to e-commerce sites. In addition to using images uploaded to Baidu Tieba to distribute configuration files and malware — a technique called steganography — the group has begun using Alibaba Cloud storage to host configuration files and Baidu's analytics platform Tongji to manage the activity of its infected hosts, the researchers said. The initial compromise relies on luring unsuspecting users to install game launching software from sketchy game portals that contain malicious code under the guise of a patch. Once the user downloads and inst
This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years

This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years

May 07, 2020
An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei—which went undetected for at least five years and is still an ongoing threat. The group, named 'Naikon APT,' once known as one of the most active APTs in Asia until 2015, carried out a string of cyberattacks in the Asia-Pacific (APAC) region in search of geopolitical intelligence. According to the latest investigation report Check Point researchers shared with The Hacker News, the Naikon APT group had not gone silent for the last 5 years, as initially suspected; instead, it was using a new backdoor, called " Aria-body ," to operate stealthily. "Given the characteristics of the victims and capabilities presented by the group, it is evident that the group's purpose is to gather intelligence and spy on the countries whose governments it
Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims

Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims

Apr 22, 2020
A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. The findings, published by digital forensics firm Volexity , reveal that the exploit — named "Insomnia" — works against iOS versions 12.3, 12.3.1, and 12.3.2 using a flaw in WebKit that was patched by Apple with the release of iOS 12.4 in July 2019. Volexity said the attacks were carried out by a state-sponsored hacking group it calls Evil Eye , the same threat actor that it said was behind a series of attacks against the Uyghurs last September following a bombshell disclosure by Google's Project Zero team . China has long considered Xinjiang a breeding ground for " separatists, terrorists and religious extremists ," with the residents of the region — ethnically Turkic Muslims — thrown into concentration camps , and subjected to persecution and high-tech surv
Researchers Claim CIA Was Behind 11-Year-Long Hacking Attacks Against China

Researchers Claim CIA Was Behind 11-Year-Long Hacking Attacks Against China

Mar 03, 2020
Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency (CIA) to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies. The targeted industry sectors include aviation organizations, scientific research institutions, petroleum, and Internet companies—which, if true, gives the CIA the ability to do "unexpected things." According to the researchers, these cyberattacks were carried out between September 2008 and June 2019, and most of the targets were located in Beijing, Guangdong, and Zhejiang. "We speculate that in the past eleven years of infiltration attacks, the CIA may have already grasped the most classified business information of China, even of many other countries in the world," the researchers said . "It does not even rule out the possibility that now the CIA is able to track down the real-time global flight status, passe
U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach

U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach

Feb 10, 2020
The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held today with the Attorney General William Barr and FBI Deputy Director David Bowdich, the DoJ officials labeled the state-sponsored hacking campaign as the largest hacking case ever uncovered of this type. The four accused, Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可) and Liu Lei (刘磊), have also been indicted for their involvement in hacking and stealing trade secrets, intellectual property and confidential information from several other U.S. businesses in recent years. In September 2017, credit reporting agency Equifax disclosed it had become a victim of a massive cyberattack that left highly sensitive data of nearly half of the U.S. population in the hands of hackers. As The Hacker News reported earlier, hackers compr
Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages

Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages

Oct 31, 2019
A group of Chinese hackers carrying out political espionage for Beijing has been found targeting telecommunications companies with a new piece of malware designed to spy on text messages sent or received by highly targeted individuals. Dubbed " MessageTap ," the backdoor malware is a 64-bit ELF data miner that has recently been discovered installed on a Linux-based Short Message Service Center (SMSC) server of an unnamed telecommunications company. According to a recent report published by FireEye's Mandiant firm, MessageTap has been created and used by APT41 , a prolific Chinese hacking group that carries out state-sponsored espionage operations and has also been found involved in financially motivated attacks. In mobile telephone networks, SMSC servers act as a middle-man service responsible for handling the SMS operations by routing messages between senders and recipients. Since SMSes are not designed to be encrypted, neither on transmitting nor on the telec
Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Oct 22, 2019
Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily. Dubbed Skip-2.0 , the backdoor malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running MSSQL version 11 and version 12 by using a "magic password." What's more? The malware manages to remain undetected on the victim's MSSQL Server by disabling the compromised machine's logging functions, event publishing, and audit mechanisms every time the "magic password" is used. With these capabilities, an attacker can stealthily copy, modify, or delete the content stored in a database, the impact of which varies from application to application integrated with targeted servers. "This could be used, for example, to manipulate in-game currencies for financial gai
A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments

A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments

Oct 02, 2019
Phishing is still one of the widely used strategies by cybercriminals and espionage groups to gain an initial foothold on the targeted systems. Though hacking someone with phishing attacks was easy a decade ago, the evolution of threat detection technologies and cyber awareness among people has slowed down the success of phishing and social engineering attacks over the years. Since phishing is more sort of a one-time opportunity for hackers before their victims suspect it and likely won't fall for the same trick again, sophisticated hacking groups have started putting a lot of effort, time and research to design well-crafted phishing campaigns. In one such latest campaign discovered by cybersecurity researchers at Check Point, a Chinese hacking group, known as Rancor , has been found conducting very targeted and extensive attacks against Southeast Asian government entities from December 2018 to June 2019. What's interesting about this ongoing 7-month long campaign is
Report Reveals TeamViewer Was Breached By Chinese Hackers In 2016

Report Reveals TeamViewer Was Breached By Chinese Hackers In 2016

May 17, 2019
The German software company behind TeamViewer, one of the most popular software in the world that allows users to access and share their desktops remotely, was reportedly compromised in 2016, the German newspaper Der Spiegel revealed today. TeamViewer is popular remote-support software that allows you to securely share your desktop or take full control of other's PC over the Internet from anywhere in the world. With millions of users making use of its service, TeamViewer has always been a target of interest for attackers. According to the publication , the cyber attack was launched by hackers with Chinese origin who used Winnti trojan malware, activities of which have previously been found linked to the Chinese state intelligence system. Active since at least 2010, Winnti advanced persistent threat (APT) group has previously launched a series of financial attacks against software and gaming organizations primarily in the United States, Japan, and South Korea. The group i
U.S. Charges Chinese Hacker For 2015 Anthem Data Breach

U.S. Charges Chinese Hacker For 2015 Anthem Data Breach

May 09, 2019
The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang (王 福 杰) and another hacker named John Doe with three different aliases—Deniel Jack, Kim Young, and Zhou Zhihong—are charged with four counts of conspiracy to commit fraud, wire fraud, and damage to a protected computer, according to an indictment [ pdf ] unsealed today in federal court in Indianapolis. In 2015, the hackers managed to breach Anthem, the country's second-largest health insurance company and stole personal information of over 80 Millions of its customers, including their Social Security Numbers, birthdates, email addresses, residential addresses, medical identification numbers, employment information, and income data. The incident marked as one of the worst data breaches in history, with the company paying
US Indicts Two Chinese Government Hackers Over Global Hacking Campaign

US Indicts Two Chinese Government Hackers Over Global Hacking Campaign

Dec 21, 2018
The US Department of Justice on Thursday charged two Chinese hackers associated with the Chinese government for hacking numerous companies and government agencies in a dozen countries. The Chinese nationals, Zhu Hua (known online as Afwar, CVNX, Alayos and Godkiller) and Zhang Shilong (known online as Baobeilong, Zhang Jianguo and Atreexp), are believed to be members of a state-sponsored hacking group known as Advanced Persistent Threat 10 ( APT 10 ) or Cloudhopper that has been working from over a decade to steal business and technology secrets from companies and government agencies around the world. According to the indictment , the alleged hackers targeted more than 45 companies and government agencies from 2006 to 2018 and stole "hundreds of gigabytes" of sensitive data and personal information from its targets. Both Hua and Shilong worked for Huaying Haitai Science and Technology Development Company and are alleged to have committed these crimes at the directio
Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers

Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers

Dec 15, 2018
Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers. Dubbed as ' Magellan ' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications. SQLite is a lightweight, widely used disk-based relational database management system that requires minimal support from operating systems or external libraries, and hence compatible with almost every device, platform, and programming language. SQLite is the most widely deployed database engine in the world today, which is being used by millions of applications with literally billions of deployments, including IoT devices, macOS and Windows apps, including major web browsers, such as Adobe software, Skype and more. Since Chromium-based web browsers—including Google Chrome, Opera, Vivaldi, and
New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

Dec 04, 2018
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack... and the number of infected users is continuously increasing every hour. What's Interesting? Unlike almost every ransomware malware, the new virus doesn't demand ransom payments in Bitcoin. Instead, the attacker is asking victims to pay 110 yuan (nearly USD 16) in ransom through WeChat Pay—the payment feature offered by China's most popular messaging app. Ransomware + Password Stealer — Unlike WannaCry and NotPetya ransomware outbreaks that caused worldwide chaos last year, the new Chinese ransomware has been targeting only Chinese users. It also includes an additional ability to steal users' account passwords for Alipay, NetEase 163 email service, Baidu Cloud Disk, Jingdong (JD.com), Taobao, Tmall , AliWangWang, and QQ websites. A Supply Chain Attack — According to Chinese cybers
Cybersecurity Resources