Tag Archive for: alleged

Britain summons Chinese charge d’affaires over alleged cyber hacking, ET Telecom


LONDON: Britain on Tuesday summoned the charge d’affaires of the Chinese Embassy in London after accusing Chinese state-backed hackers of stealing data from Britain’s elections watchdog and carrying out a surveillance operation against parliamentarians.

Britain said the Chinese hackers stole the voter registration data – mostly names and addresses – of about 40 million people from the Electoral Commission and tried to break into lawmakers’ emails.

“The (Foreign Office) set out the government’s unequivocal condemnation of Chinese state-affiliated organisations and individuals undertaking malicious cyber activity against UK democratic institutions and parliamentarians,” a spokesperson for Britain’s Foreign Office said in a statement.

A spokesman for Prime Minister Rishi Sunak said on Tuesday the government is close to finalising a new foreign influence registration system that would require anyone working undeclared for a foreign country in the so-called “enhanced tier” to declare their activity.

Under Britain’s new National Security Act, individuals, such as lawyers, a public relations company or an undercover spy working for a country in the “enhanced tier” would have to record their activity in a register or face prosecution.

British Deputy Prime Minister Oliver Dowden said on Monday that China’s alleged hacking of British democratic institutions meant there was a “strong case” for including the country in the enhanced tier.

China has denied the spying allegations. The Chinese embassy in London said on Monday the claims said the claims were ”completely fabricated” and it will make “a justified and necessary response”.

The British government has previously said it would be inappropriate to call China a “threat” because it is too simplistic to view relations with the world’s second biggest economy through a single word.

Source…

FACTBOX-What is Volt Typhoon, the alleged China-backed hacking group?


Networks controlled by a pervasive Chinese hacking group dubbed “Volt Typhoon” have been disrupted by a U.S. government operation, Reuters exclusively reported on Monday. The group has alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities, raising concerns that the hackers were working to hurt U.S. readiness in case of a Chinese invasion of Taiwan.

Here is what is known about Volt Typhoon and its potential threat: ‘FUTURE CRISES’

Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colourful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.” Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft Corp said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan. Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.

TAIWAN BOTNET Does this mean a group of destructive hackers is preparing to sabotage U.S. infrastructure in the event of a conflict over Taiwan?

Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group. It is now clear that Volt Typhoon has functioned by taking control of swathes of vulnerable digital devices around the world – such as routers, modems, and even internet-connected security cameras – to hide later, downstream attacks into more sensitive targets. This constellation of remotely controlled systems, known as a botnet, is of primary concern to security officials because they limit the visibility of cyber…

Source…

What is Volt Typhoon, the alleged China-backed hacking group?


This is AI generated summarization, which may have errors. For context, always refer to the full article.

Hacking group Volt Typhoon alarms intelligence officials, who say it is part of a larger effort to compromise Western critical infrastructure

Networks controlled by a pervasive Chinese hacking group dubbed “Volt Typhoon” have been disrupted by a US government operation, Reuters exclusively reported on Monday, January 29.

The group has alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities, raising concerns that the hackers were working to hurt US readiness in case of a Chinese invasion of Taiwan.

Here is what is known about Volt Typhoon and its potential threat:

‘Future crises’

Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colorful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.”

Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan. Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.

Taiwan botnet

Does this mean a group of destructive hackers is preparing to sabotage US infrastructure in the event of a conflict over Taiwan?

Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group.

It is now clear that Volt Typhoon has functioned by taking control…

Source…

Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security


Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker handles.

Aleksandr Ermakov, 33, of Russia. Image: Australian Department of Foreign Affairs and Trade.

The allegations against Ermakov mark the first time Australia has sanctioned a cybercriminal. The documents released by the Australian government included multiple photos of Mr. Ermakov, and it was clear they wanted to send a message that this was personal.

It’s not hard to see why. The attackers who broke into Medibank in October 2022 stole 9.7 million records on current and former Medibank customers. When the company refused to pay a $10 million ransom demand, the hackers selectively leaked highly sensitive health records, including those tied to abortions, HIV and alcohol abuse.

The U.S. government says Ermakov and the other actors behind the Medibank hack are believed to be linked to the Russia-backed cybercrime gang REvil.

“REvil was among the most notorious cybercrime gangs in the world until July 2021 when they disappeared. REvil is a ransomware-as-a-service (RaaS) operation and generally motivated by financial gain,” a statement from the U.S. Department of the Treasury reads. “REvil ransomware has been deployed on approximately 175,000 computers worldwide, with at least $200 million paid in ransom.”

The sanctions say Ermakov went by multiple aliases on Russian cybercrime forums, including GustaveDore, JimJones, and Blade Runner. A search on the handle GustaveDore at the cyber intelligence platform Intel 471 shows this user created a ransomware affiliate program in November 2021 called Sugar (a.k.a. Encoded01), which focused on targeting single computers and end-users instead of corporations.

An ad for the ransomware-as-a-service program Sugar posted by…

Source…