|
2020-03-26 China-Japan-Koreas
|
|
Chinese Hackers Attacked Foreign Health Care, Military, Oil Networks as Coronavirus Hit China
|
[DefenseOne] In January, the ‘widespread’ assault targeted a vulnerability in virtual desktops, cloud computing, and network applications, FireEye announced.
As the coronavirus epidemic reached crisis level in Wuhan, China, in January, a known group of state-backed cyber hackers launched attacks at healthcare companies and other key industries outside the country, according to cybersecurity company FireEye.
FireEye announced their findings on the attacks Wednesday morning, calling it “one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years.
The Chinese hackers, a group known as APT41, are affiliated with the government but also conduct financial crimes for personal gain. FireEye reports that they targeted a specific known vulnerability in the national vulnerabilities database (CVE-2019-19781 affecting Citrix Application Delivery Controllers) on Jan. 20. The vulnerability could allow attackers to exploit virtual desktop, cloud computing, and networking applications to steal data. The group also hit military installations and oil and gas targets, FireEye said, without naming where or in which countries to protect the identity of their clients.
FireEye says there was a dropoff in the group’s cyberattacks five days later, around the Chinese New Year, which occurred on Jan. 25, which is common among China-based threat groups. China began to implement very strict quarantine measures in Hubei province on Jan. 23 suggesting that the activity was going on as the pandemic picked up momentum. There was another drop off between Feb. 2 and 19.
“While it is possible that this reduction in activity might be related to the COVID-19 quarantine measures in China, APT41 may have remained active in other ways which we were unable to observe with FireEye telemetry,” they write in a blogspot posted Wednesday. Defense One is unable to independently verify their claims.
Activity picked up again shortly after Feb. 19, they report. The current wave of attacks “seems to reveal a high operational tempo and wide collection requirements for APT41.”
The unprecedented level of remote working and living during the coronavirus pandemic has also seen an increase in cyberattacks, most notably phishing attacks targeting individuals with phony links and emails, according to cybersecurity company CrowdStrike. Attackers are coming from, but are not limited to sources inside China.
“We’re seeing this from both nation-state actors, notably groups in China we track under PANDA designations, as well as criminal groups,” Robert Sheldon, CrowdStrike director of Government Technology Strategy, said in an email to reporters on Monday. PANDA is how CrowdStrike designates advanced persistent threat groups from China.
The Pentagon has been worried about increased cyberattacks in light of increased telework. On March 16, during a “virtual town hall, Essye Miller, DOD’s principal deputy chief information officer, said that adversaries are “already taking advantage of the situation and the environment that we have on hand.”
On Tuesday, Defense Secretary Mark Esper reminded Defense Department personnel in another virtual town hall that working from home carried its own risks.
“If you’re teleworking, if you’re doing anything that involves the networks and IT, be very, very careful of IT vulnerabilities. We are a little bit more exposed when we’re doing telework,” he said. 
|
Posted by 3dc 2020-03-26 00:00||
||
Front Page|| [11135 views ]
Top
File under: Commies
|
|
Posted by g(r)omgoru 2020-03-26 03:19||
2020-03-26 03:19||
Front Page
Top
|
|
Posted by Woodrow 2020-03-26 09:03||
2020-03-26 09:03||
Front Page
Top
|
|
11:40 swksvolFF
11:11 HeavyG
11:10 Angstrom
11:07 HeavyG
11:07 Angstrom
11:06 DarthVader
11:05 HeavyG
10:58 alanc
09:43 Mullah Richard
09:27 Warthog
09:11 Mercutio
09:07 AlmostAnonymous5839
08:52 Matt
08:24 Matt
08:20 SteveS
07:43 Procopius2k
07:42 BrerRabbit
07:42 Procopius2k
07:39 Procopius2k
07:36 Procopius2k
07:35 Procopius2k
07:34 trailing wife
07:31 Procopius2k
07:30 NN2N1
|
