The Chinese regime is using criminal contract hackers as part of its state-backed cyberattacks against targets around the world, senior Biden administration officials said on July 18.
Article by Frank Fang from our news partners at The Epoch Times.
China’s Ministry of State Security (MSS), the regime’s chief intelligence agency, is behind the deployment of these hackers, the officials added. And their targets include managed service providers, semiconductor companies, defense corporations, universities, and medical institutions, according to a U.S. government cybersecurity advisory.
“These cyber operations support China’s long-term economic and military development objectives,” the advisory explained.
The Chinese Communist Party (CCP) has set out different policies and industrial road maps with the goal of achieving “socialist modernization” by 2035 and becoming a “global leader in innovation.”
Some of the cyberattacks are ransomware operations, which involve malicious actors encrypting victims’ data and making it inaccessible. The actors then demand ransom in exchange for decryption. According to the officials, some private companies were asked to pay millions of dollars after being hit with China’s ransomware operations.
The new revelations on China’s long track record of malicious cyber activities drew joint condemnation from multiple countries, including the United Kingdom, Australia, Canada, Japan, New Zealand, and Japan, as well as from the European Union and NATO.
“We’re making it clear to China that for as long as these irresponsible, malicious cyber activities continue, it will unite countries around the world who are all victims to call them out, promote network defense and cybersecurity working together in that way,” said Biden administration officials.
In response to China’s new cyberthreats, the officials explained the Five Eyes countries, Japan, the EU, and NATO, would work together on information sharing and expanding diplomatic engagement to “strengthen our collective cyber resilience and security cooperation.” They expect more countries to join the cooperation in the coming weeks.
It marks the first time that NATO has publicly condemned China’s cyber activities, the Biden officials explained, as the transatlantic alliance adopted a new cyber defense policy in June. It states that a cyberattack against a NATO member is considered an attack against all members, and actions will be considered accordingly to respond.
The senior officials also said that they had “high confidence” that the Chinese regime was responsible for the cyberattack against Microsoft, saying that “malicious cyber actors” affiliated with the MSS exploited zero-day vulnerabilities in the U.S. tech giant’s Exchange Server software, compromising tens of thousands of systems globally.
In March, Microsoft announced that Hafnium, a state-sponsored hacking group operating from China, was responsible for hacking into its email and calendar server. Security experts estimated at the time that at least 30,000 organizations in the United States were hacked.
“We’ve raised our concerns about both the Microsoft incident and the PRC’s [People’s Republic of China] broader malicious cyber activity with senior PRC government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace,” the senior U.S. officials said.
“The U.S. and our allies and partners are not ruling out further actions to hold the PRC accountable.”
Beijing has previously rejected Microsoft’s claims, saying that companies and media should not “make groundless accusations.”
China’s Cyber Tactics
The cybersecurity advisory outlined Beijing’s tactics and techniques, and provided recommendations on how to shore up computer systems.
“By exposing the PRC’s malicious activity with allies and partners, we’re continuing the administration’s efforts to inform and empower system owners and operators to act at home and around the world,” the senior U.S. officials said.
China’s state-sponsored cyber actors are known to mask their identities through virtual private servers, as well as evading detection by using small office and home office (SOHO) broadband routers.
These actors “consistently scan target networks for critical and high vulnerabilities within days of the vulnerability’s public disclosure,” according to the advisory. They have sought to exploit flaws in applications including Microsoft products, Apache, F5 Big-IP, and Pulse Secure.
In April, California-based cybersecurity firm FireEye issued a report saying that Chinese hackers had exploited Pulse Secure’s virtual private network in order to gain access to government agencies and companies in the United States and Europe. The hackers were suspected to be working for the Chinese regime and had ties to APT5, one of the Chinese advanced persistent threat groups.
Among the different Microsoft products targeted include Microsoft 365, Outlook Web Access, and the Exchange Offline Address Book.
These actors are also known to be carrying out spearphishing campaigns—sending out infected emails with a malicious link or attached files—in order to gain control of the victim’s device.
The advisory offers several mitigation choices, including using a network intrusion detection and prevention system, and monitoring common ports and protocols for command and control activity.
Follow Frank on Twitter: @HwaiDer
New Conservative Network Seeks Crowdfunding Help
They say we have to go big or go home. We’re trying to go big and bring the patriotic truth the the nation, but we need help.
Readers may or may not realize that over the past year, we’ve been bringing more conservative news and opinion outlets under our wing. Don’t take our expansion as a sign of riches; all of the “acquisitions” have been through sweat and promises of greater things to come for all involved. As a result, we’ve been able to bring together several independent media sites under a unified vision of preventing America from succumbing to the progressive, “woke,” Neo-Marxist ideologies that are spreading like wildfire across America.
The slow and steady reopening of America is revealing there was a lot more economic hardship brought about from the Covd-19 lockdowns than most realize. While we continue to hope advertising dollars on the sites go up, it’s simply not enough to do things the right way. We are currently experiencing a gap between revenue and expenses that cannot be overcome by click-ads and MyPillow promos alone (promo code “NOQ” by the way).
To overcome our revenue gap and keep these sites running, our needs fluctuate between $3000-$7000 per month. In other words, we’re in the red and hemorrhaging.
The best way you can help us grow and continue to bring the truth to the people is by donating. We appreciate everything, whether a dollar or $10,000. Anything brings us closer to a point of stability when we can hire writers, editors, and support staff to make the America First message louder. Our Giving Fuel page makes it easy to donate one-time or monthly. Alternatively, you can donate through PayPal as well.
As the world spirals towards radical progressivism, the need for truthful journalism has never been greater. But in these times, we need as many conservative media voices as possible. Please help keep NOQ Report and the other sites in the network going.
Thank you and God Bless,
Join fellow patriots as we keep Americans informed and advance the cause of conservatism.
All ORIGINAL content on this site is © 2021 NOQ Report. All REPUBLISHED content has received direct or implied permission for reproduction.
With that said, our content may be reproduced and distributed as long as it has a link to the original source and the author is credited prominently. We don’t mind you using our content as long as you help out by giving us credit with a prominent link. If you feel like giving us a tip for the content, we will not object!
JD Rucker – EIC