Posted on 03/25/2020 1:06:56 PM PDT by Enlightened1
Earlier this year, state-backed Chinese hackers embarked on one of the most sweeping Chinese espionage campaigns FireEye has seen in years, according to new research the security firm published Wednesday.
The campaign, which lasted between January 20 and March 11, targeted 75 organizations ranging in nearly every economic sector: telecommunications, healthcare, government, defense, finance, petrochemical, manufacturing, and transportation. The campaign, believed to be run by APT41, targeted nonprofit, legal, real estate, travel, education, and media organizations as well.
“This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years,” researchers Christopher Glyer, Dan Perez, Sarah Jones, and Steve Miller said. “While APT41 has previously conducted activity with an extensive initial entry … this scanning and exploitation has focused on a subset of our customers, and seems to reveal a high operational tempo and wide collection requirements for APT41.”
APT41 zeroed in on victims by going after vulnerabilities in Citrix’s Application Delivery Controller (ADC), Cisco’s routers, and Zoho’s ManageEngine Desktop Central, according to FireEye.
The Citrix vulnerability was publicly revealed a month prior to APT41’s campaign, and a researcher only revealed code for a zero-day remote code execution vulnerability in ZohoManageEngine Desktop Central three days before the group took advantage, suggesting the group is interested in promptly taking advantages of reported flaws.
“This new activity from this group shows how resourceful and how quickly this group can leverage newly disclosed vulnerabilities to their advantage,” the researchers said.
FireEye does not have a copy of the malware deployed against the Cisco routers, but has reason to believe APT41 designed malware in-house to make its targeting a success, Glyer told CyberScoop.
“It is likely that APT41 had to develop custom malware to target Cisco routers because
(Excerpt) Read more at cyberscoop.com ...
Attacking during a pandemic...
Just shut them off
The ChiComs are really our friends. Just ask Joe and Hunter Biden.
Communists and Democrats, redundant — I know, never let a crisis go to waste.
Or the Clintons since the days of Charlie Trie.
I fear hey are working up to war.
Worst case?
Taiwan or a surprise takeout of a carrier group with surprise weapons?
If either, start by cutting off ALL food.
If that doesn’t work,
Then rods from god on Three Gorges Dam.
If that doesn’t work,
Then time for Russian collusion (”Hey, Vlad, this is Donald. Wanna nuke China with me?”)
and Bloomberg.
Ok, all Rats in general. We can hang that in them
If Earth is our home, the Chinese are its termites, cockroaches and bedbugs — all in one.
They’ve never been upset for a moment abut ChiCom interference in our elections. Nor the Soviets before them. Indeed, I look at their willingness to be upset over Russians to be an evidence that the Russians aren’t really communists anymore.
It is war. “Chinese hackers” are state actors. Inexplicably we don’t seem to have moved to bring critical medical and other supply manufacturing home, so that we don’t have to keep pretending otherwise.
Quite true
No, the socialists.
In this instance the ChiComs. Non communist Chinese are great.
Cisco devices have some capabilities built in that allow for branching traffic unbeknownst to other recipients that allow for spying to occur on traffic
Been there for years and well known in the Tech industry
I have nearly 20 years of Cisco Router configuration experience for some of the largest most well known financial institutions in the USA, the last company I was contracted with was a major energy company with a worldwide network of Cisco routers and switches.....
The one Cisco Router mentioned in the article was a RV320, which I had no knowledge of until I looked it up, the prices for one of these is usually under $300 which means it’s little more than a linksys router you could by a CompUsa or Office Depot store in the past...BTW, Cisco owns Linksys
I’m not trying to downplay this but I suspect the Chinese Group was targeting small companies and organizations who do not have the sophistication or money to harden or lock down these network devices...
Now look, just because this hacking cadre is based in China and made up entirely of Chinese hackers, doesn't mean calling it a Chinese hacking attack isn't racist. /sarc
Multi pronged attack plan. May have started last Nov (me) but triggered fully with trade sanctions. They won’t be able to cover this up too long.
Including political discussion? Maybe the source of the DOS attacks on FR a few weeks ago.
And as usual we do nothing to retaliate, which only invites even more attacks.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.