The Chinese regime is using criminal contract hackers as part of its state-backed cyberattacks against targets around the world, senior Biden administration officials said on July 18.
Article by Frank Fang from our news partners at The Epoch Times.
China’s Ministry of State Security (MSS), the regime’s chief intelligence agency, is behind the deployment of these hackers, the officials added. And their targets include managed service providers, semiconductor companies, defense corporations, universities, and medical institutions, according to a U.S. government cybersecurity advisory.
“These cyber operations support China’s long-term economic and military development objectives,” the advisory explained.
The Chinese Communist Party (CCP) has set out different policies and industrial road maps with the goal of achieving “socialist modernization” by 2035 and becoming a “global leader in innovation.”
Some of the cyberattacks are ransomware operations, which involve malicious actors encrypting victims’ data and making it inaccessible. The actors then demand ransom in exchange for decryption. According to the officials, some private companies were asked to pay millions of dollars after being hit with China’s ransomware operations.
The new revelations on China’s long track record of malicious cyber activities drew joint condemnation from multiple countries, including the United Kingdom, Australia, Canada, Japan, New Zealand, and Japan, as well as from the European Union and NATO.
“We’re making it clear to China that for as long as these irresponsible, malicious cyber activities continue, it will unite countries around the world who are all victims to call them out, promote network defense and cybersecurity working together in that way,” said Biden administration officials.
In response to China’s new cyberthreats, the officials explained the Five Eyes countries, Japan, the EU, and NATO, would work together on information sharing and expanding diplomatic engagement to “strengthen our collective cyber resilience and security cooperation.” They expect more countries to join the cooperation in the coming weeks.
It marks the first time that NATO has publicly condemned China’s cyber activities, the Biden officials explained, as the transatlantic alliance adopted a new cyber defense policy in June. It states that a cyberattack against a NATO member is considered an attack against all members, and actions will be considered accordingly to respond.
The senior officials also said that they had “high confidence” that the Chinese regime was responsible for the cyberattack against Microsoft, saying that “malicious cyber actors” affiliated with the MSS exploited zero-day vulnerabilities in the U.S. tech giant’s Exchange Server software, compromising tens of thousands of systems globally.
In March, Microsoft announced that Hafnium, a state-sponsored hacking group operating from China, was responsible for hacking into its email and calendar server. Security experts estimated at the time that at least 30,000 organizations in the United States were hacked.
“We’ve raised our concerns about both the Microsoft incident and the PRC’s [People’s Republic of China] broader malicious cyber activity with senior PRC government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace,” the senior U.S. officials said.
“The U.S. and our allies and partners are not ruling out further actions to hold the PRC accountable.”
Beijing has previously rejected Microsoft’s claims, saying that companies and media should not “make groundless accusations.”
China’s Cyber Tactics
The cybersecurity advisory outlined Beijing’s tactics and techniques, and provided recommendations on how to shore up computer systems.
“By exposing the PRC’s malicious activity with allies and partners, we’re continuing the administration’s efforts to inform and empower system owners and operators to act at home and around the world,” the senior U.S. officials said.
China’s state-sponsored cyber actors are known to mask their identities through virtual private servers, as well as evading detection by using small office and home office (SOHO) broadband routers.
These actors “consistently scan target networks for critical and high vulnerabilities within days of the vulnerability’s public disclosure,” according to the advisory. They have sought to exploit flaws in applications including Microsoft products, Apache, F5 Big-IP, and Pulse Secure.
In April, California-based cybersecurity firm FireEye issued a report saying that Chinese hackers had exploited Pulse Secure’s virtual private network in order to gain access to government agencies and companies in the United States and Europe. The hackers were suspected to be working for the Chinese regime and had ties to APT5, one of the Chinese advanced persistent threat groups.
Among the different Microsoft products targeted include Microsoft 365, Outlook Web Access, and the Exchange Offline Address Book.
These actors are also known to be carrying out spearphishing campaigns—sending out infected emails with a malicious link or attached files—in order to gain control of the victim’s device.
The advisory offers several mitigation choices, including using a network intrusion detection and prevention system, and monitoring common ports and protocols for command and control activity.
Follow Frank on Twitter: @HwaiDer
New Conservative Network Seeks Crowdfunding Help
They say we have to go big or go home. We’re trying to go big and bring the patriotic truth the the nation, but we need help.
Readers may or may not realize that over the past year, we’ve been bringing more conservative news and opinion outlets under our wing. Don’t take our expansion as a sign of riches; all of the “acquisitions” have been through sweat and promises of greater things to come for all involved. As a result, we’ve been able to bring together several independent media sites under a unified vision of preventing America from succumbing to the progressive, “woke,” Neo-Marxist ideologies that are spreading like wildfire across America.
The slow and steady reopening of America is revealing there was a lot more economic hardship brought about from the Covd-19 lockdowns than most realize. While we continue to hope advertising dollars on the sites go up, it’s simply not enough to do things the right way. We are currently experiencing a gap between revenue and expenses that cannot be overcome by click-ads and MyPillow promos alone (promo code “NOQ” by the way).
To overcome our revenue gap and keep these sites running, our needs fluctuate between $3000-$7000 per month. In other words, we’re in the red and hemorrhaging.
The best way you can help us grow and continue to bring the truth to the people is by donating. We appreciate everything, whether a dollar or $10,000. Anything brings us closer to a point of stability when we can hire writers, editors, and support staff to make the America First message louder. Our Giving Fuel page makes it easy to donate one-time or monthly. Alternatively, you can donate through PayPal as well.
As the world spirals towards radical progressivism, the need for truthful journalism has never been greater. But in these times, we need as many conservative media voices as possible. Please help keep NOQ Report and the other sites in the network going.
Thank you and God Bless,
Yes, We Need Your Help
I hate being “that guy” who asks people to donate because I think our conservative news network is so crucial, but here I am…
When I left my cushy corporate job in 2017, I did so knowing that my family would have to make sacrifices. But I couldn’t continue to watch the nation slip into oblivion and was inspired by President Trump’s willingness to fight the good fight even at his own personal expense. What I didn’t realize then is that conservative media would be so heavily attacked, canceled, and defunded that the sacrifices would be extreme.
Many in this nation are struggling right now even though we weren’t struggling just a few years ago. I’m not alone. But I wake up every morning and operate the sites we’ve been able to build because there’s really no other choice. I refuse to be beholden to Big Tech like so many other conservative news outlets, which is why you won’t see Google ads here. With that said, it’s often challenging to pay the bills and it’s even harder to expand so we can get the America First message out to a wider audience.
The economic downturn has forced me to make a plea for help. Between cancel culture, lockdowns, and diminishing ad revenue, we need financial assistance in order to continue to spread the truth. We ask all who have the means, please donate through our new GiveSendGo. Your generosity is what keeps these sites running and allows us to expand our reach so the truth can get to the masses. We’ve had great success in growing but we know we can do more with your assistance.
We currently operate:
- NOQ Report
- Conservative Playlist
- Uncanceled News
- Based Underground
- Truth Based Media
- Five other conservative news sites
I would even be willing to entertain investments and partnerships at this stage. I’ve turned them down in the past because editorial purity is extremely important. I’ll turn them down again if anyone wants us to start supporting RINOs or avoid “taboo” topics like voter fraud, vaccines, or transgender supremacy. But I’d talk to fellow America First patriots who want to help any (or all) of our 10 news sites. Hit me up at jdrucker (at) substack (dot) com if you’re interested.
For those who have the means and just want to help keep the mission of spreading a conservative, Christian message to the nation, please consider a generous donation.