U.S. warns of new hacking spree from group linked to China

[nir]

The U.S. government on Wednesday warned that a hacking group widely known as cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.

 

The Department of Homeland issued a technical alert for cloudhopper, which it said was engaged in cyber espionage and theft of intellectual property, after experts with two prominent U.S. cybersecurity companies warned earlier this week that Chinese hacking activity has surged amid the escalating trade war between Washington and Beijing.

 

Chinese authorities have repeatedly denied claims by Western cyber security firms that it supports hacking.

 

Homeland Security released the information to support U.S. companies in responding to attacks by the group, which is targeting information technology, energy, healthcare, communications and manufacturing firms.

 

"These cyber threat actors are still active and we strongly encourage our partners in government and industry to work together to defend against this threat," DHS official Christopher Krebs said in a statement.

 

The reported increase in Chinese hacking follows what cybersecurity firms have described as a lull in such attacks prompted by a 2015 agreement between Chinese President Xi Jinping and former U.S. President Barrack Obama to curb cyber-enabled economic theft.

 

“I can tell you now unfortunately the Chinese are back," Dmitri Alperovitch, chief technology officer of U.S. cybersecurity firm CrowdStrike, said Tuesday at a security conference in Washington, D.C.

 

"We’ve seen a huge pickup in activity over the past year and a half. Nowadays they are the most predominant threat actors we see threatening institutions all over this country and western Europe,” he said.

 

Analysts with FireEye, another U.S. cybersecurity firm, said that some of the Chinese hacking groups it tracks have become more active in recent months.

 

Wednesday's alert provided advice on how U.S. firms can prevent, identify and remediate attacks by cloudhopper, which is also known as Red Leaves and APT10.

 

The hacking group has largely targeted firms known as managed service providers, which supply telecommunications, technology and other services to business around the globe. Managed service providers, or MSPs, are attractive targets because their networks provide routes for hackers to access sensitive systems of their many clients, said Ben Read, a senior intelligence manager with FireEye.

 

"We've seen this group route malware through an MSP network to other targets," Read said.

 

Source

[knowledge-Spammer]

CrowdStrike  lol

they lied lasttime

 

[steven36]

3 hours ago, knowledge said:

CrowdStrike  lol

It was not CrowdStrike who said it this time they said it last time , This time  it was the DHS who said it and this gives the Government reason to  put more Hacking Sanctions on companies  in China . They been doing it all year were you been?

 

They was pushing for it when Obama  was in office even  now they are getting it passed.

 

Treasury and Justice officials pushed for economic sanctions on China over commercial cybertheft

https://www.washingtonpost.com/world/national-security/2016/12/27/fc93ae12-c925-11e6-8bee-54e800ef2a63_story.html?noredirect=on&utm_term=.07307addc163

 

This same thing kind of thing was in the news in 2016,

[knowledge-Spammer]

4 minutes ago, steven36 said:

It was not CrowdStrike who said it this time they said it last time , This time  it was the DHS who said it and this gives the Government reason to  put more Hacking Sanctions on companies  in China . They been doing it all year were you been?

“I can tell you now unfortunately the Chinese are back," Dmitri Alperovitch, chief technology officer of U.S. cybersecurity firm CrowdStrike, said Tuesday at a security conference in Washington, D.C.

[steven36]

9 minutes ago, knowledge said:

“I can tell you now unfortunately the Chinese are back," Dmitri Alperovitch, chief technology officer of U.S. cybersecurity firm CrowdStrike, said Tuesday at a security conference in Washington, D.C.

Quote

 

Critical infrastructure sectors in the U.S. and abroad have been targeted by an active cyber-espionage campaign previously traced by private security researchers to China, the Trump administration said Wednesday.

 

The Department of Homeland Security warned that actors associated with an advanced persistent threat, or APT – a label applied to sophisticated, typically state-sponsored hacking groups – have set their sights on potential victims in the U.S. information technology, energy, healthcare, communications and critical manufacturing sectors.

 

Known by names such as APT10 and “MenuPass,” the group was the subject of a previous alert issued by DHS in April 2017 that warned of an emerging, sophisticated hacking campaign that had compromised victims including IT service providers, putting its perpetrators in place to possible leverage that access for subsequent attacks.

 

Eighteen months later, DHS said in a pair of advisories that the same hacking group is conducting an ongoing campaign specifically targeting global managed service providers (MSPs), or companies that offer online cloud-based services, and that it was actively using stolen credentials to “expand unauthorized access, maintain persistence and exfiltrate data from targeted organizations.”

 

“Given the increasingly important role that managed services providers play in supporting business processes and operations in today’s business environment, a threat affecting one entity can have cascading effects across many sectors,” said Christopher Krebs, the National Protection and Programs Directorate undersecretary in charge of NCCIC.

 

“These cyber threat actors are still active and we strongly encourage our partners in government and industry to work together to defend against this threat,” he said in a statement.

The campaign is being conducted specifically for the purposes of cyber espionage and intellectual property theft, and DHS is aware of a limited number of U.S. victims, the agency said.

According to DHS, APT10 hackers can remain undetected after breaching targets including global IT networks by using legitimate credentials to masquerade their activity. Once inside, the hackers can then implant malware or use other means to exfiltrate data.

 

“By using compromised legitimate MSP credentials (e.g., administration, domain, user), APT actors can move bidirectionally between an MSP and its customers’ shared networks,” said one of the advisories. “Bidirectional movement between networks allows APT actors to easily obfuscate detection measures and maintain a presence on victims’ networks.”

Following publication of the initial DHS report in 2017, security researchers for companies including Accenture, FireEye, PwC and BAE Systems connected the hacking group to China.

 

CrowdStrike, a Silicon Valley company that reached a similar conclusion, previously linked APT10 to the Chinese Ministry of State Security, a foreign intelligence agency akin to the U.S. National Security Agency.

 

https://www.washingtontimes.com/news/2018/oct/4/dhs-china-hackers-espionage-US-infrastructure/

crowdstrike linked a similar conclusion previously,  this time DHS reached it.

[knowledge-Spammer]

they cant be trusted crowd strike  or people like them or who work with them same with this bs site https://www.washingtonpost.com

that site is for money thing not much more then that

but it make change  its not russian named in this topic

[steven36]

4 minutes ago, knowledge said:

they cant be trusted crowd strike  or people like them or who work with them same with this bs site https://www.washingtonpost.com

that site is for money thing not much more then that

but it make change  its not russian named in this topic

I dont matter they said it before  because DHS, Accenture, FireEye, PwC , and  BAE Systems  said it as well.. really it dont matter what private companies say unless you trust the one that says it,  they not the government they have no pull in the Government  DHS is over all of  the USA's security the others are not .

[knowledge-Spammer]

to name crowd strike  is crazy if i was to post  a news post like that i will have not added the name crowd strike   y as much people will think like i do  cant trust them

https://amgreatness.com/2018/07/13/julian-assange-crowdstrike-and-the-russian-hack-that-wasnt/

[steven36]

16 minutes ago, knowledge said:

to name crowd strike  is crazy if i was to post  a news post like that i will have not added the name crowd strike   y as much people will think like i do  cant trust them

https://amgreatness.com/2018/07/13/julian-assange-crowdstrike-and-the-russian-hack-that-wasnt/

crowd strike is being sued for not letting  independent testers test there products they took the tester to court last year for testing there stuff and lost.  now they wrote  a bunch of stuff   in there toss were it hard to legally test . They go to a lot of trouble to not be tested so how could you trust them? They make products for enterprise and don't want tested. I don't trust no company from Silicon Valley they a bunch of  con artist in that town.  I trust them as about as much I trust Google  or Facebook ..

[knowledge-Spammer]

how the usa can stop this i am unsure

 

[steven36]

 

Quote

 

China's alleged tiny-chip spying on US tech giants was 'pretty amateurish,' says ex-Senate advisor

 

 

• The method allegedly used by China to view the networks of U.S. tech companies lacked complexity, according to Jamil Jaffer.
• He was responding to a Bloomberg report that some U.S. tech servers were embedded with Chinese spy chips. The companies strongly deny the report.
• "That's actually a pretty amateurish way to conduct a hack," says Jaffer, founder of the National Security Institute at George Mason University.

The method allegedly used by China to view the networks of some U.S. tech giants lacked complexity, according to Jamil Jaffer, a former senior advisor to the Senate Foreign Relations Committee.

 

"They're talking about putting a chip on a motherboard," said Jaffer, founder of the National Security Institute at George Mason University. "That's actually a pretty amateurish way to conduct a hack."

 

In a bombshell report Thursday, Bloomberg BusinessWeek said data center equipment run by Amazon Web Services and Apple may have been subject to surveillance from China via a microchip inserted during the manufacturing process of the hardware.

 

Apple and Amazon have strongly denied the report.

 

According to Bloomberg, the chips were used for gathering intellectual property and trade secrets from U.S. companies and may have been introduced by a Chinese server company called Super Micro.

 

In an interview Friday on CNBC's "Squawk Box," Jaffer said implanting a microchip would actually be quite unusual. Instead, the Chinese government could have manipulated software, which wouldn't be as obvious, he said.

 

"It was an odd sort of effort by the Chinese, [which] we know are pretty sophisticated," he said.

 

It's normal for another country to want to enter or gain access to another government's system, Jaffer said.

 

However, he added that the U.S. has gotten more aggressive with China over the years, causing China to narrow its cyber intrusions but "they are still conducting very focused efforts."

 

China is also under intense scrutiny from President Donald Trump, who has been using accusations of intellectual property theft by the Chinese as a core argument for tough trade restrictions on Beijing.

 

CNBC reported Monday that the Pentagon, amid intensifying tensions with China, canceled Defense Secretary James Mattis' visit to China that had been scheduled for later this month.

Source

 

 

[steven36]

5 hours ago, knowledge said:

how the usa can stop this i am unsure

Thing is I don't even see were the DHS even made such a statement  if you look at my post it says  Trump administration  said  it Wednesday. I see  the op posted on US state ran media voa news  https://www.voanews.com/a/us-warns-of-new-hacking-from-china-linked-group/4599186.html  and right winged news outlets  i dont see it posted on  main stream media.  voa news  is blocked in china  because they post propaganda for the US Government.

 

After the Trump administration  said that VP Pence accused China of  trying to hack the Election China said he was crazy and it made them mad .

 

 

After Pence slams China in new speech, Beijing says he's 'confusing right and wrong'

https://www.cnbc.com/2018/10/05/us-china-trade-war-beijing-lashes-out-at-vp-mike-pence-after-speech.html

 

Seems like Trump  has been reading about Intrusion Truth .  There like Wiki Leaks but there  exposing China’s Hacking Army

Quote

 

An anonymous group calling itself Intrusion Truth in August published a blog post about one of the most prolific suspected China-linked hacking groups tracked by cybersecurity researchers. It was the latest in a series of online messages and blog posts dating back to May 2017 that outlined two alleged Chinese hacking campaigns, including providing the names of suspected hackers. Separately, two of those named were later charged by U.S. authorities.

 

Security researchers say they don’t know who is behind Intrusion Truth. The group’s method of anonymously dumping information and targeting a foreign intelligence agency is something new, they say, and exposing alleged illegal activity could up the pressure on Chinese companies cooperating with state-sponsored hacking efforts.

 

U.S. officials and security researchers have linked Chinese hackers for years to government-backed computer intrusions into U.S. companies. China has denied involvement in hacking U.S. companies.

 

Intrusion Truth’s anonymity might itself be a clue to its identity. Some large corporations and security companies that employ researchers who track China’s hackers might be reluctant to release findings for fear of reprisals from China’s government, said Ben Read, who manages cyberespionage investigations at FireEye Inc.

 

Intrusion Truth named individual alleged culprits—unusual in the world of nation-state hacking research—posted photographs, dug up alleged hackers’ places of work and even revealed Uber receipts that appeared to link the individuals to particular addresses in China.

 

Cyberespionage Experts Want to Know Who’s Exposing China’s Hacking Army

https://www.wsj.com/articles/cyberespionage-experts-want-to-know-whos-exposing-chinas-hacking-army-1538478001

 

 

Intrusion Truth Blog

https://intrusiontruth.wordpress.com/

[knowledge-Spammer]

15 minutes ago, steven36 said:

Thing is I don't even see were the DHS even made such a statement  if you look at my post it says  Trump administration  said  it Wednesday. I see  the op posted on US state ran media voa news  https://www.voanews.com/a/us-warns-of-new-hacking-from-china-linked-group/4599186.html  and right winged news outlets  i dont see it posted on  main stream media.  voa news  is blocked in china  because they post propaganda for the US Government.

 

After the Trump administration  said that VP Pence accused China of  trying to hack the Election China said he was crazy and it made them mad .

 

 

After Pence slams China in new speech, Beijing says he's 'confusing right and wrong'

https://www.cnbc.com/2018/10/05/us-china-trade-war-beijing-lashes-out-at-vp-mike-pence-after-speech.html

 

so do it mean is fake news  if Apple and Amazon  say it was not hacked so then people like crowd strike  and so on is lies  again ?

[steven36]

16 minutes ago, knowledge said:

so do it mean is fake news  if Apple and Amazon  say it was not hacked so then people like crowd strike  and so on is lies  again ?

No it dont mean its fake news  they a group like Wiki Leaks  that's posting proof ,some think they from China outing what APt10 does  . China has a whistle blower problem.

https://intrusiontruth.wordpress.com/

 

DHS has said it before but not yesterday,   but every since the bloomberg reported  about the spy chip the Trump administration  have been attacking China in the News.

 

Apple says the Spy Chip is fake news

https://www.bbc.co.uk/news/technology-45757531

[knowledge-Spammer]

10 minutes ago, steven36 said:

No it dont mean its fake news  they a group like Wiki Leaks  that's posting proof ,some think they from China outing what APt10 does  . China has a whistle blower problem.

https://intrusiontruth.wordpress.com/

i no understand this  how cant be fake news if Apple and Amazon  say no hack i watched video on rt i posted above it seems crazytalks

[steven36]

1 hour ago, knowledge said:

i no understand this  how cant be fake news if Apple and Amazon  say no hack i watched video on rt i posted above it seems crazytalks

Because what BloomBerg reported is not what Intrusion Truth  reported  i dont see were Intrusion Truth  or anyone else said anything about Amazon are Apple before. All i know DHS  as not sent no statement about it Wednesday  .

 

What was said about Cloud Hopper before in 2017
 

Quote

 

Cloud Hopper uses a mixture of unique hacking tools and open-source software in attacks against service providers around the world. The campaign has logged attacks in nations including the U.S., Canada, South Korea, India, Thailand and Japan. It is linked to China through its use of internet addresses used by the well-established APT10 campaign. The report notes that the Cloud Hopper hackers work during the Chinese workday, including a midday break for lunch. 

 

The attacks, according to the report, "allow[ed] APT10 unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally."

 

PriceWaterhouseCooper and BAE have been observing the Cloud Hopper effort since late 2016.

 

https://thehill.com/policy/cybersecurity/327155-report-china-based-cloud-hopper-cyber-campaign-targeting-managed-it-and

 

It say nothing about spy chips  that's something theres no proof of, that's bloombrergs word against apples. 

 

PriceWaterhouseCooper and BAE have been watching Cloud Hopper for years and they never said nothing about no spy chips maybe a spook drooped that to bloomberg  to stir shit up  who knows?