Posted on 03/25/2020 1:06:56 PM PDT by Enlightened1
Earlier this year, state-backed Chinese hackers embarked on one of the most sweeping Chinese espionage campaigns FireEye has seen in years, according to new research the security firm published Wednesday.
The campaign, which lasted between January 20 and March 11, targeted 75 organizations ranging in nearly every economic sector: telecommunications, healthcare, government, defense, finance, petrochemical, manufacturing, and transportation. The campaign, believed to be run by APT41, targeted nonprofit, legal, real estate, travel, education, and media organizations as well.
“This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years,” researchers Christopher Glyer, Dan Perez, Sarah Jones, and Steve Miller said. “While APT41 has previously conducted activity with an extensive initial entry … this scanning and exploitation has focused on a subset of our customers, and seems to reveal a high operational tempo and wide collection requirements for APT41.”
APT41 zeroed in on victims by going after vulnerabilities in Citrix’s Application Delivery Controller (ADC), Cisco’s routers, and Zoho’s ManageEngine Desktop Central, according to FireEye.
The Citrix vulnerability was publicly revealed a month prior to APT41’s campaign, and a researcher only revealed code for a zero-day remote code execution vulnerability in ZohoManageEngine Desktop Central three days before the group took advantage, suggesting the group is interested in promptly taking advantages of reported flaws.
“This new activity from this group shows how resourceful and how quickly this group can leverage newly disclosed vulnerabilities to their advantage,” the researchers said.
FireEye does not have a copy of the malware deployed against the Cisco routers, but has reason to believe APT41 designed malware in-house to make its targeting a success, Glyer told CyberScoop.
“It is likely that APT41 had to develop custom malware to target Cisco routers because
(Excerpt) Read more at cyberscoop.com ...
And as usual we do nothing to retaliate, which only invites even more attacks.
The ChiComs are really our friends. Just ask Joe and Hunter Biden.
**********************************************
You can also ask the Bushiest, Obamy, Cankles, Bill Clinton & crew.
I’m not trying to downplay this but I suspect the Chinese Group was targeting small companies and organizations who do not have the sophistication or money to harden or lock down these network devices...
*************
Regardless, this kind of attack deserves a response. What good is having such capabilities if we never use them?
A couple of thoughts....
How do you know we haven’t responded, if we did China is certainly not going to admit it and neither will we...
The other things, after the Russia, Russia, Russia complaints since 2016 and the claim that Russia hacked the DNC when there is not evidence they did...I have serious doubts about any claim that a nation state was behind this alleged attack...
How do you know we haven’t responded, if we did China is certainly not going to admit it and neither will we...
China is a bad virus.
We seem to tolerate lots of abuse as a country, from China in particular which is pretty well documented.
When we do respond to provocations its usually in a pretty light fashion.
We want everyone to like us. I would rather we be respected.
I hear you, but you and I have no idea if we responded and if we did to what degree was that response....and the public will never know if we did respond, which is how it should be....
But to assume we just sit back and do nothing is naive.
They’re several fairly well know cases where we did respond although we have never acknowledge being involved.
If you have never heard the term Stuxnet, google it and read about it...it was a joint Israeli, USA malware that was released into Iran and took down and damaged quite a few of the nuclear centrifuges....
The other was when the Navy Seals killed Bin Laden, the power in that area was supposedly out, was that just a coincidence or not, the public will never know for sure...
#NukeChina
Again, APT41 has been “in business” for at least five years and right now there is no reason to believe that their state sponsored attacks will end anytime soon.
I think you would agree that China has stolen us blind through their aggressive cyber espionage and hacking for a long time. Whatever we have been doing to protect ourselves and/or retaliate has, in my opion, not been sufficient. They seem to be undeterred.
With respect to the two cases you cited, while they were effective measures against Iran and Pakistan, those two countries are nowhere close to being the existential threat to us that China is. And until we deter China’s aggressive cyber activities they will continue eating our lunch.
So far they do not seem to be getting the message to back off.
I would be willing to say most if not a huge majority of the information that China has stolen from us was not done via a cyber attack...
It was done from forced technology transfers to China, unbelievable reverse engineering and old fashioned espionage.......
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.