CyberSecurity news

FlagThis - #chinahacking

@World - CBSNews.com //

i-Soon Hacking Operations - The U.S. Justice Department has indicted 12 Chinese nationals for a global cyber espionage campaign, targeting various sectors and perpetrating unauthorized computer intrusions.
References: bsky.app , CyberInsider , bsky.app ...
The U.S. Justice Department has indicted 12 Chinese nationals for their alleged involvement in state-linked cyber operations. The individuals include employees of the Chinese technology firm i-Soon, members of the APT27 group (also known as Emissary Panda, TG-3390, Bronze Union, and Lucky Mouse), and two officers from China's Ministry of Public Security. These indictments shed light on the hacking tools and methods allegedly employed in a global hacking scandal. The Justice Department stated that the Ministry of State Security (MSS) and Ministry of Public Security (MPS) utilized an extensive network of private companies, including i-Soon, to conduct unauthorized computer intrusions in the U.S. and elsewhere.

The U.S. DoJ charges these individuals with data theft and suppressing dissent worldwide. i-Soon, identified as one of the private companies involved, allegedly provided tools and methods to customers and hacked for the PRC (People's Republic of China). These actions highlight a significant cybersecurity concern involving state-sponsored actors and their use of private firms to conduct cyber espionage.

Recommended read:
References :
  • bsky.app: US Justice Department has charged Chinese state security officers and APT27 and i-Soon Chinese hackers linked to network breaches and cyberattacks targeting victims worldwide since 2011.
  • CyberInsider: U.S. Charges 12 Chinese Nationals Over Decade-Long Cyber Espionage Campaign
  • The Cyber Express: The United States Department of Justice (DOJ) has taken action against a major cyber threat, opening indictments against 12 Chinese nationals, including two officers from China’s Ministry of Public Security (MPS) and several employees of the Chinese technology firm i-Soon.
  • bsky.app: USA accuses China's State of operating network of "hackers for hire". Accused 12 individuals, 2 officers of the PRC Ministry of Public Security (MPS), employees of a private company, Anxun Information Technology Co. Ltd, and members of APT27.
  • The Hacker News: U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
  • securityaffairs.com: US DOJ charges 12 Chinese nationals for state-linked cyber operations
  • The Register - Security: Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox US government agencies announced Wednesday criminal charges against alleged members of China's Silk Typhoon gang, plus internet domain seizures linked to a long-term Chinese espionage campaign that saw Beijing hire miscreants to compromise US government agencies and other major orgs.…
  • DataBreaches.Net: U.S. Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns
  • bsky.app: The US Justice Department has charged Chinese state security officers and APT27 and i-Soon Chinese hackers linked to network breaches and cyberattacks targeting victims worldwide since 2011.
  • cyble.com: U.S. Indictments Shed Light on i-Soon Hacking Tools, Methods
  • Metacurity: US indicts twelve prolific Chinese hackers, including eight i-Soon staffers
  • Carly Page: The Department of Justice has announced criminal charges against 12 Chinese government-linked hackers who are accused of hacking over 100 American organizations, including the U.S. Treasury, over the course of a decade
  • Threats | CyberScoop: US indicts 12 Chinese nationals for vast espionage attack spree
  • BleepingComputer: The U.S. Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011.
  • hackread.com: US Charges 12 in Chinese Hacker-for-Hire Network, Offers $10M Reward
  • Risky Business: US indicts the i-Soon and APT27 hackers, the BADBOX botnet gets disrupted again,authorities seize the Garantex crypto exchange, and the FBI arrests hackers who stole Taylor Swift concert tickets.
  • Security | TechRepublic: Targets included the U.S. Treasury Department, journalists, and religious organisations, and the attacks intended to steal data and suppress free speech.
  • techxplore.com: US indicts 12 Chinese nationals in hacking
  • : US Charges Members of Chinese Hacker-for-Hire Group i-Soon
  • Matthias Schulze: U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
  • WIRED: US Charges 12 Alleged Spies in China’s Freewheeling Hacker-for-Hire Ecosystem
@www.justice.gov //

US Sanctions Chinese Firm for Firewall Hacks - The US sanctioned Sichuan Silence for exploiting a zero-day vulnerability in Sophos firewalls, compromising tens of thousands of firewalls globally.
References: www.pcmag.com , , www.justice.gov ...
The US Treasury Department has sanctioned Sichuan Silence, a Chinese cybersecurity company, and its employee Guan Tianfeng for their involvement in a global firewall compromise in April 2020. This hack exploited a zero-day vulnerability, impacting tens of thousands of firewalls, including those of critical infrastructure companies. Guan Tianfeng has also been indicted by the Department of Justice for developing and deploying malware, leading to a $10 million reward for information on the company or Guan. This coordinated action highlights the ongoing threat posed by Chinese cyber actors.

Recommended read:
References :
  • www.pcmag.com: US sanctions Chinese cybersecurity firm for hacking 81k firewall devices
  • : Related to DOJ toot above. The Department of the Treasury's Office of Foreign Assets Control (OFAC) is sanctioning cybersecurity company Sichuan Silence Information Technology Company, Limited (Sichuan Silence), and one of its employees, Guan Tianfeng, both based in People's Republic of China (PRC), for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide.
  • www.bleepingcomputer.com: US sanctions Chinese firm for hacking firewalls in ransomware attacks
  • www.justice.gov: Chinese national Guan Tianfeng was charged in connection with the mass exploitation of Sophos firewalls in 2020.
  • : People's Republic of China (PRC)-based Sichuan Silence Information Technology Co. Ltd. (Sichuan Silence) has provided services to China's Ministry of Public Security, among other Chinese government agencies. In 2020, Chinese national Guan Tianfeng and other employees of Sichuan Silence developed and tested intrusion techniques prior to deploying malicious software that allowed them to exploit a zero-day vulnerability in certain Sophos firewalls (CVSSv3.0: 10.0 critical). Sichuan Silence used the exploit to infiltrate approximately 81,000 firewall devices, infecting them with malware designed to not only retrieve and exfiltrate data from firewalls and computers behind them, but also encrypt files on infected computers if a victim attempted to remediate the infection.
  • Cyber Security News: US Sanctions Chinese Firm for Firewall Hacks Linked to Ransomware
  • gbhackers.com: US Charged Chinese Hackers for Exploiting Thousands of Firewall
  • CyberInsider: U.S. Indicts Chinese Hacker for Firewall Exploit Targeting 81,000 Devices
  • dataconomy.com: Dataconomy's report on the Sophos firewall breach.
  • therecord.media: US sanctions Chinese cyber firm for compromising ‘thousands’ of firewalls in 2020
  • flashpoint.io: China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewalls Worldwide
  • malware.news: China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewalls Worldwide
  • The Hacker News: The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020.
  • CyberScoop: Treasury sanctions Chinese cyber company, employee for 2020 global firewall attack
  • DataBreaches.Net: China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewalls Worldwide
@Techmeme //

Silk Typhoon Breaches US Treasury, CFIUS - Chinese state-sponsored hacking group 'Silk Typhoon' breached a US Treasury agency and the Committee on Foreign Investment, stealing sensitive information via a stolen API key.
The Chinese state-sponsored hacking group known as "Silk Typhoon," also referred to as Hafnium, is reportedly behind a significant cyber breach targeting the US Treasury Department in December 2024. The hackers are believed to have exploited a stolen Remote Support SaaS API key, obtained through third-party cybersecurity vendor BeyondTrust, to access and steal data from workstations within the Office of Foreign Assets Control (OFAC). Silk Typhoon is known for its cyber espionage activities, typically using tools like the China Chopper Web shell, and has previously targeted sectors including education, healthcare, defense, and non-governmental organizations. The group also targeted the Treasury Department’s Office of Financial Research in the attack.

The same group is also implicated in breaching the Committee on Foreign Investment in the United States (CFIUS), which is a government office tasked with assessing national security risks associated with foreign investments. According to reports, the attackers gained access to CFIUS systems and are suspected of stealing sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the exploits appear to be isolated to this specific agency, with no indication of other federal agencies being impacted. This coordinated attack highlights an escalation in the sophistication and scope of Silk Typhoon's cyber-espionage campaigns.

Recommended read:
References :
  • ciso2ciso.com: Hacking Group ‘Silk Typhoon’ Linked to US Treasury Breach – Source: www.darkreading.com
  • Pyrzout :vm:: Hacking Group ‘Silk Typhoon’ Linked to US Treasury Breach – Source: www.darkreading.com
  • ciso2ciso.com: Hacking Group ‘Silk Typhoon’ Linked to US Treasury Breach – Source: www.darkreading.com
  • BleepingComputer: Treasury hackers also breached US foreign investments review office
  • Patrick C Miller :donor:: Chinese hackers breached US government office that assesses foreign investments for national security risks | CNN Politics
  • bsky.app: Chinese hackers, part of the state-backed Silk Typhoon threat group, have reportedly breached the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments to determine national security risks.
  • BleepingComputer: Chinese hackers, part of the state-backed Silk Typhoon threat group, have reportedly breached the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments to determine national security risks.
  • www.cnn.com: Chinese hackers breached US government office that assesses foreign investments for national security risks | CNN Politics
  • : Screaming Goat : Get it while it's still hot: I created an APT profile on "Silk Typhoon" (aka HAFNIUM) which is publicly attributed to the People's Republic of China (PRC) Ministry of State Security (MSS) by the . They've recently become popular again due to the hack of the U.S. Department of the Treasury via stolen API key from the BeyondTrust breach in December 2024.
  • techcrunch.com: China hacked US Treasury's CFIUS, which reviews foreign investments for national security risks | TechCrunch
  • infosec.press: Screaming Goat : APT profile on "Silk Typhoon" (aka HAFNIUM).
  • techcrunch.com: China hacked US Treasury’s CFIUS, which reviews foreign investments for national security risks
  • Techmeme: Sources: Chinese hackers breached CFIUS, the US government office that reviews foreign investments for national security risks (Sean Lyngaas/CNN)
  • Patrick C Miller :donor:: China hacked US Treasury's CFIUS, which reviews foreign investments for national security risks | TechCrunch
  • Metacurity: Chinese hackers breached US government office that assesses foreign investments for national security risks
@Techmeme //

China-linked Hackers Infiltrate US Treasury - A Chinese state-sponsored hacking group, Silk Typhoon, infiltrated over 400 computers at the US Treasury Department, accessing sensitive information.
The US Treasury Department has confirmed a significant cyberattack, with over 400 computers compromised and potentially exposing sensitive data. Chinese hackers, believed to be associated with the Silk Typhoon group, are suspected of infiltrating these systems. The compromised data includes information related to sanctions, international affairs, and intelligence. The attack targeted computers focused on these sensitive areas, raising considerable concerns about data breaches and security vulnerabilities within the department.

The hackers are reported to have accessed files belonging to Treasury Secretary Janet Yellen and other high-ranking officials. Initial reports indicate that over 3,000 unclassified files were compromised. The attackers specifically targeted usernames, passwords, and documents linked to the Committee on Foreign Investment in the United States (CFIUS). While email and classified networks remained secure, the extent of the breach suggests a sophisticated and well-coordinated effort.

Recommended read:
References :
  • Bloomberg Technology: The US Treasury Department has confirmed a cyberattack that compromised over 400 computers, potentially exposing sensitive information, including data related to sanctions, international affairs, and intelligence.
  • The Verge: The US Treasury Department confirmed a cyberattack linked to a Chinese state-sponsored group, potentially compromising over 400 computers and potentially exposing sensitive information.
  • www.tomshardware.com: Tom's Hardware reports on the Chinese hackers' infiltration of the US Treasury, detailing the scope of the attack and the number of compromised computers.

Blogs

Research Tools