Tag Archive for: government

China hack on MPs worse than government admitted with at least 30 targeted


A Chinese cyber-attack on British MPs was more widespread than the UK Government initially revealed, i has learned.

Oliver Dowden, the deputy prime minister, announced on Monday that a group of three MPs and one peer had been targeted.

The MPs, including China hawk Iain Duncan Smith, say they were privately reassured in a briefing by Parliament’s head of security that only a small number of parliamentarians had been effected.

But it has now emerged email accounts belonging to over 30 MPs, peers, and their parliamentary staff were targeted by the same cyber hack, which was in the form of a phishing email.

Mr Duncan Smith told i: “They completely screwed up the other day. They told us that there are only three or four of us that apparently had these emails – it’s complete bollocks.

“Parliament is just a joke when it comes to security, a joke.”

The identified targets were email accounts of members of the Inter-Parliamentary Alliance on China (Ipac), a global group of parliamentarians with hawkish views on China.

It is unclear at this stage why the full effect of the hacking attack was not revealed by Mr Dowden, but sources told i the latest analysis showed around 30 individuals were effected.

Parliamentarians in the group were sent infected emails from an account posing as a democracy-focused news website under the domain nropnews.com.

The emails contained spyware hidden within the images in a spear-phishing campaign using pixel technology capable of sending personal information to an unauthorized third-party server in order to steal private data from users, i can reveal.

The same false domain was used to hack a Belgian MP during the same period. Last year, Samuel Cogolati, also an Ipac member, was named by Belgian intelligence as the victim of an identical APT31 attack during the same period, leading to questions as to how the attack on UK parliamentarians has taken so long to emerge. Parliamentary security officers are now looking into the domain linked to the emails.

Mr Dowden on Monday said British intelligence concluded it was “almost certain” that Chinese state affiliated hacking group ‘APT31’ had conducted the “malicious cyber campaign”. The Deputy Prime…

Source…

Chinese Hackers Indicted in New York for Targeting Government


(TNS) — A band of hackers sent a years-long barrage of malicious e-mails to U.S. politicians, government officials, and private companies as part of a Chinese espionage and intelligence operation, federal prosecutors in Brooklyn said.

The feds on Monday announced the indictment of seven members of a Chinese state-run hacking operation, known in the cyber security community as Advanced Persistent Threat 31, running out of Wuhan since 2010. The indicted suspects all live in China, and have not been arrested by U.S. law enforcement agents.

The group sent tens of thousands of phishing e-mails to government and political officials in the U.S., as well as their family members and other contacts, usually pretending to be from prominent American journalists, according to the indictment.


The e-mails had links to what looked like real news articles, but opening the e-mail would activate a tracking link, sending location, device and network data back to a server controlled by the hackers.

They’d then use that info to target home routers and electronic devices, the feds allege.

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies,” Attorney General Merrick Garland said Monday.

The targets included White House officials and their spouses, officials with the departments of Justice, Commerce, Treasury and State, and senators from both parties across 10 states. The hackers also tried their e-mail schemes on defense contractors, political strategists, commentators and advocates, according to the feds.

In May 2020, the hackers targeted staffers for a presidential campaign — the indictment wouldn’t say which campaign — and sent out tracking e-mails to more political campaigns that November, the feds allege.

Dissidents critical of the Chinese government and their supporters also found themselves in the hackers’ crosshairs, the feds said.

They also used custom malware and “zero-day exploits,” so named because they take…

Source…

Government facilities were third largest ransomware target in 2023, FBI says


Government facilities were the third largest critical infrastructure sector targeted by ransomware attacks in 2023, according to cybercrime statistics released Wednesday by the FBI.

The agency’s Internet Crime Complaint Center, or IC3, unveiled the findings in its annual report that unpacks complaints, financial losses and other metrics used to determine the severity of cybercrime activities reported to federal authorities.

Of the 1,193 complaints IC3 received from organizations belonging to U.S.-designated critical infrastructure sectors, government facilities came in third place with 156 complaints, while critical manufacturing and healthcare centers took the second and top spots, respectively.

“Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least 1 member that fell to a ransomware attack in 2023,” the report adds.

LockBit, ALPHV/BlackCat, Akira, Royal and Black Basta were the top ransomware gangs tied to those critical infrastructure complaints, the report added. ALPHV, which recently claimed responsibility for its attack on Change Healthcare that has caused widespread logjams in the prescription drug market, reportedly staged a takedown after hauling away a $22 million ransom payment from the company.

Ransomware operatives targeted companies around the world last year, with the number of firms targeted reaching an all-time high compared to findings in previous years, according to a January Check Point analysis.

The U.S. has been working with international partners to take a firm stance against ransom payments, though experts have not agreed on a single policy.

“The FBI does not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that an entity’s files will be recovered,” IC3 says.

The IC3 report also found $350 million were lost from scams in which hackers impersonated government officials attempting to collect money. Older adults are overwhelmingly targeted in such scams, according to the data.

A total of 14,190…

Source…

U.S. Government Disrupts Botnet People’s Republic Of China Used To Conceal Hacking Of Critical Infrastructure


FBI News:

A December 2023 court-authorized operation has disrupted a botnet of hundreds of U.S.-based small office/home office (SOHO) routers hijacked by People’s Republic of China (PRC) state-sponsored hackers.

The hackers, known to the private sector as “Volt Typhoon”, used privately-owned SOHO routers infected with the “KV Botnet” malware to conceal the PRC origin of further hacking activities directed against U.S. and other foreign victims.

These further hacking activities included a campaign targeting critical infrastructure organizations in the United States and elsewhere that was the subject of a May 2023 FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and foreign partner advisory.

The same activity has been the subject of private sector partner advisories in May and December 2023, as well as an additional secure by design alert released recently by CISA.

The vast majority of routers that comprised the KV Botnet were Cisco and NetGear routers that were vulnerable because they had reached “end of life” status; that is, they were no longer supported through their manufacturer’s security patches or other software updates. The court-authorized operation deleted the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.

“The Justice Department has disrupted a PRC-backed hacking group that attempted to target America’s critical infrastructure utilizing a botnet,” Attorney General Merrick B. Garland said. “The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people.”

“In wiping out the KV Botnet from hundreds of routers nationwide, the Department of Justice is using all its tools to disrupt national security threats – in real time,” Deputy Attorney General Lisa O. Monaco said.  “Today’s announcement also highlights our critical partnership with the private sector – victim reporting is key to fighting cybercrime, from home offices to our most critical…

Source…