Quote:China’s communist regime is engaged in a worldwide campaign of cybercrime and leading experts believe that the United States is failing to respond swiftly enough to counter the threat.
“In the current era of cyber, it’s all about speed,” retired Army Col. John Mills told The Epoch Times.
“You have to presume a breach, and that the threat is inside. Looking at it from that perspective, it’s all about speed of identification, speed of ejection. The U.S. government is not good at that.”
All signs indicate that the Chinese Communist Party (CCP) and its proxies are engaged in a robust and global cybercrime campaign that aims to both destabilize the regime’s foes and position itself for a potential war with the United States.
“This is an extraordinary threat,” said Mr. Mills, who previously served as the director of Cybersecurity Policy, Strategy, and International Affairs at the Department of Defense.
A cache of leaked documents that surfaced in late February implicated the regime’s direct involvement in overseas cyber espionage.
The documents belonged to a criminal hacking group called I-Soon, which masquerades as a legitimate business in China, apparently with the regime’s blessing.
The leaked files revealed the group’s infiltration into government departments in India, South Korea, Thailand, Vietnam, and South Korea, as well as NATO organizations.
Files included product manuals, marketing materials, employee lists, chat records, financial information, and details about foreign infiltration efforts.
Some of the documents that were verified by the Associated Press show that the majority of the group’s clients are based within China’s regional security bureaus and the CCP’s Ministry of Public Security.
Mr. Mills said the revelation was “predictable,” and that CCP authorities have a long history of conducting illicit tasks in addition to their formal duties.
“The CCP and the government, which is one [and] the same thing, knew these people were moonlighting. This is part of the culture of corruption [in China],” Mr. Mills said.
The I-Soon leaks surfaced amid a wider flurry of CCP-backed cyber activity, in which the regime successfully infiltrated both U.S. critical infrastructure and the defense ministry of the Netherlands.
The documents belonged to a criminal hacking group called I-Soon, which masquerades as a legitimate business in China, apparently with the regime’s blessing.
The leaked files revealed the group’s infiltration into government departments in India, South Korea, Thailand, Vietnam, and South Korea, as well as NATO organizations.
Files included product manuals, marketing materials, employee lists, chat records, financial information, and details about foreign infiltration efforts.
Some of the documents that were verified by the Associated Press show that the majority of the group’s clients are based within China’s regional security bureaus and the CCP’s Ministry of Public Security.
Mr. Mills said the revelation was “predictable,” and that CCP authorities have a long history of conducting illicit tasks in addition to their formal duties.
“The CCP and the government, which is one [and] the same thing, knew these people were moonlighting. This is part of the culture of corruption [in China],” Mr. Mills said.
The I-Soon leaks surfaced amid a wider flurry of CCP-backed cyber activity, in which the regime successfully infiltrated both U.S. critical infrastructure and the defense ministry of the Netherlands.
Casey Fleming, CEO of the risk advisory firm BlackOps Partners, said that the Volt Typhoon initiative was part of the CCP’s strategy of unrestricted warfare through which it aims to secure military advantage over the United States through non-military means.
“The CCP is hyper-focused on weakening the U.S. from all angles to win the war without fighting,” Mr. Fleming told The Epoch Times.
“This is what World War 3 looks like. It’s the speed of technology, the stealth of unrestricted warfare, and no rules.”
Chinese-Made Spying Tools
Same Article Wrote:The more recent I-Soon leaks also shed light on the tools Chinese cybercriminals are deploying to infiltrate, undermine, and exploit the regime’s rivals.
Its services included a tool for infiltrating users’ accounts on social media platform X, including the ability to access phone numbers, email accounts, personal messages, and real-time activity even if users have enabled two-factor authentication.
Likewise I-Soon sold access to a custom suite of remote-access Trojans—malware capable of infecting Android, IOS, and Windows devices—which could, at times, alter registry files and collect GPS data, contacts, media files, and real-time audio recordings of conversations.
The Android version of the Trojan also had the capability of dumping all messages stored in major Chinese apps including QQ, WeChat, and Momo.
Notably, the I-Soon documents also revealed the existence of portable devices for “attacking networks from the inside,” including options to embed the malware in cellphone batteries, power strips, and circuit boards.
Similar devices could be outfitted with special equipment for operatives working abroad to establish safe communication with mainland China.
Mr. Mills said the regime is exploiting its advantage in the manufacturing domain to achieve dominance in cyberspace. China-based hackers are using manufacturing vulnerabilities in how devices connect and share data with one another.
And by smuggling malware into the United States with Chinese-made goods, he said, such devices could be used to penetrate the United States’ most critical infrastructure, as the Volt Typhoon malware was designed to do.
...
“The Internet of Things and critical infrastructure—that is still a very porous, vulnerable area,” Mr. Mills said.
“There’s a lot of industrial control systems and critical infrastructure. There’s a lot of obscure software programs and languages that are just not well understood, and they don’t scale as far as being able to secure them,” he added. “It’s very tailored and customized, which is inefficient and expensive, and that’s the reality of critical infrastructure.”
There are some indications that the Biden administration is beginning to tackle the issue of China-origin technology.
The Commerce Department announced on Feb. 29 that it intends to investigate and propose rules regarding vehicles with CCP-made technology.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
Quote:New Zealand’s Government Communications Security Bureau (GCSB) revealed on Monday that Chinese state-sponsored hackers attacked two computer systems used by the New Zealand Parliament in 2021.
GCSB said the hackers managed to access some data on the systems, but nothing of a “strategic or sensitive” nature.
The GCSB is New Zealand’s leading cybersecurity and signals intelligence organization. The agency revealed previously classified details of the 2021 Chinese cyberattack after sister agencies in the United States and United Kingdom disclosed details of similar attacks they have endured.
“This is the first time we have attributed state-sponsored malicious cyber activity to the People’s Republic of China, for intrusion into New Zealand government systems,” GCSB Director Andrew Clark said on Monday.
Clark explained that his agency detected malicious activity in two key computer networks used by Parliament in August 2021. GCSB linked the intrusion to China’s Ministry of State Security (MSS) and one of its many hacker groups, code-named APT40, with a high degree of confidence.
“This link has been reinforced by analysis from international partners of similar events in their own jurisdictions,” Clark said.
APT40 is classified as a Chinese state-linked hacker threat by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The group operates under various colorful aliases, including Bronze Mohawk, GreenCrash, and Kryptonite Panda.
APT40 has been active since at least 2009, targeting government, corporate, and academic computer systems in the U.S., Canada, Europe, the Middle East, and the South China Sea region. The group has a predilection for attacking industries that might compete with China’s Belt and Road Initiative (BRI). The U.S. Department of Justice (DOJ) indicted four members of APT40 for cyber espionage in July 2021.
The 2021 New Zealand intrusion was described in detail in a statement released by GCSB minister Judith Collins, who condemned China for targeting New Zealand’s Parliament and the UK Electoral Commission with “malicious cyber activity.”
The government of New Zealand summoned Chinese Ambassador Wang Xiaolong to lodge a complaint and ask China to desist from such cyber-espionage in the future. However, New Zealand stopped short of leveling punitive sanctions against Beijing.
“Foreign interference of this nature is unacceptable, and we have urged China to refrain from such activity in future,” said Foreign Minister Winston Peters.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
Quote:American and British officials on Monday [25th] announced criminal charges and punitive sanctions against a Chinese state-sponsored hacking group accused of victimizing millions of people in both countries over the past 14 years.
Prosecutors in the Eastern District of New York named the defendants as Ni Gaobin, Weng Ming, Cheng Fent, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong. All are Chinese nationals working for China’s Ministry of State Security (MSS) as part of a cyber threat group dubbed APT31, also known by the alias Zirconium.
APT31 became active sometime around 2010, engaging in a wide range of illegal activity, usually linked to geopolitical events of interest to the Chinese government. For example, APT31’s malicious activity surged during the 2019 Hong Kong pro-democracy protests.
To date, the group has pumped out more than 10,000 malicious emails, targeting victims on several continents. Targets included government officials and their staffers, defense contractors, reporters, academics, and Chinese political dissidents.
Many of the virus-infested emails sent to Western politicians by the Chinese hackers were made to resemble legitimate messages from journalists. The U.S. indictment said APT31 gained illicit access to the records of millions of Americans by compromising thousands of government and corporate email and storage accounts.
The U.S. Treasury Department on Monday sanctioned Wuhan Xiaoruizhi Science and Technology Co., Ltd. (Wuhan XRZ), a front company operated by the MSS to cover the activities of the APT31 hackers.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick Garland said on Monday.
“These allegations pull back the curtain on China’s vast illegal hacking operation that targeted sensitive data from U.S. elected and government officials, journalists and academics; valuable information from American companies; and political dissidents in America and abroad. Their sinister scheme victimized thousands of people and entities across the world, and lasted for well over a decade,” said U.S. Attorney for the Eastern District of New York Breon Peace.
“These defendants were part of a Chinese government sponsored hacking group, targeting U.S. businesses and U.S. political officials for intrusion for over a decade as part of a larger, malicious global campaign. These charges are yet another example of hostile actions taken by the PRC to attack not only American businesses and infrastructure, but the security of our nation,” said FBI Assistant Director-in-Charge James Smith of the New York field office.
In the United Kingdom, APT31 perpetrated a major cyberattack that stole the voter registration data of tens of millions of British citizens and attempted to hack the email accounts of members of Parliament. The hackers do not appear to have taken any action with the stolen voter registration data, raising suspicions that the hack was just a dry run, testing the defenses of Britain’s election system.
“This is the latest in a clear pattern of hostile activity originating in China. Part of our defense is calling out this behavior,” Deputy Prime Minister Oliver Dowden said on Monday.
The leftist New York Times (NYT) contrasted the aggressive and unified response by U.S. and British officials on Monday to the Obama administration’s extreme reluctance to name China as the culprit behind the Office of Personnel Management (OPM) hack in 2015, also known as “Cyber Pearl Harbor” – arguably the most damaging data breach in the brief history of the Internet.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
Quote:FBI director Chris Wray said at a security conference on Thursday that China’s legion of state-sponsored hackers “considers every sector that makes our society run as fair game in its bid to dominate on the world stage.”
Wray said China’s plan is to “land low blows against civilian infrastructure to try to induce panic and break America’s will to resist.”
The FBI director was speaking at security conference called “Summit on Modern Conflict and Emerging Threats,” hosted by Vanderbilt University in Nashville. The 2024 edition of the summit was focused on “challenges China poses to the United States,” ranging from China’s dominance of critical supply chains to the fentanyl epidemic and cyberwar.
Wray called the audience’s attention to Volt Typhoon, the massive hacking operation linked to the People’s Republic of China (PRC) that penetrated an alarming number of critical infrastructure systems in the U.S., including water, power, oil, and transportation.
Volt Typhoon was detected and exposed by Microsoft cybersecurity technicians in May 2023. Microsoft said China’s state-sponsored hackers sought to develop “capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
Wray noted that China-sponsored hackers were “pre-positioned for potential cyberattacks against U.S. oil and natural gas companies way back in 2011.”
“When one victim company set up a honeypot – essentially, a trap designed to look like a legitimate part of a computer network with decoy documents – it took the hackers all of 15 minutes to steal data related to the control and monitoring systems,” he recalled.
Wray pointed out that in that incident, the hackers ignored “financial and business-related information,” which suggests “their goals were even more sinister than stealing a leg up economically.”
Honeypot systems are usually hardened to make cracking their core software extremely difficult, but the designers then camouflage the system to look much more vulnerable than it really is. A honeypot is a setup, and its administrators know they will be invaded, so for the invaders to quickly defeat the trap and penetrate the security of the rigged system is a remarkable achievement.
Volt Typhoon was a menacing example of a hacking technique known as “living off the land,” in which the hackers penetrate systems, deposit malware payloads, and then conceal their presence by exploiting and imitating normal system functions. The approach could be compared to a thief who takes a job as a bank teller and quietly works there for years before finally deciding to rob the bank.
“Living off the land” is an alarming tactic because most private hacker groups would not bother to hide for years after penetrating a system. Hackers are usually motivated to steal, vandalize, or hijack a system fairly soon after they gain entry, worried that their presence could be detected or their access to the system might be cut. They are typically eager to steal data for fun or profit.
As Wray explained at the Vanderbilt seminar, the major reason a group of highly skilled and coordinated hackers would lurk in a system for years is because they are planning massive acts of sabotage and waiting for their government handlers to tell them when the time is right to strike.
Wray said the Chinese Communist Party is driven by “aspirations to wealth and power,” which it hopes to realize by seizing control of “economic development in the areas most critical to tomorrow’s economy.”
Other speakers at the seminar highlighted Volt Typhoon as a new and dangerous type of cyberwar menace, including Gen. Timothy Haugh, head of the National Security Agency (NSA) and U.S. Cyber Command.
“What you see in Volt Typhoon is an example of how China has approached establishing access to put things under threat. There is not a valid intelligence reason to be looking at a water treatment plant from a cyber perspective,” he pointed out.
Haugh warned that Volt Typhoon sent “a pretty loud signal” about how China plans to “use cyberspace in a crisis,” such as a confrontation with the U.S. over Taiwan. He strongly recommended listening to that signal.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
Quote:Communist China is suspected of being behind a major hack of Britain’s Ministry of Defence in which over a quarter of a million military service personnel may have had their private details compromised.
All of Britain’s armed forces servicemen and women, including active members as well as reservists and veterans, amounting to an estimated 270,000 people may have been compromised in a hack of the Ministry of Defence’s payroll.
The MoD has established a crisis response unit over the past three days after the suspected hack. Although the government has yet to formally accuse Communist China, multiple media outlets, including Sky News, have cited government sources claiming that Beijing is believed to be behind the cyberattack.
According to The Sun, Britain’s largest-circulation newspaper, the MoD also plans to hire contractors to scan the dark web to monitor if any information contained in the hack begins appearing for sale.
Former chairman of the defence select committee, Conservative MP Tobias Ellwood suggested that the information gleaned could enable the communist country to exert pressure on members of the military to give up secrets in exchange for “financial gain — perhaps even unaware China sits behind this”.
For its part, the Chinese foreign ministry denied involvement, saying that Beijing “firmly opposes and fights all forms of cyber attacks” and “rejects the use of this issue politically to smear other countries”. This claim would be remarkable if true, given the frequency with which European governments accuse China and its agents of attempting to hack their computer databases.
The suspected Chinese hack comes just weeks after the British government publicly accused Beijing of the 2021 hack on the UK’s Electoral Commission, which reportedly compromised the personal details of up to 40 million voters in the country. The UK also claimed that China was behind “attempted reconnaissance activity” on four parliamentary accounts in a separate 2021 incident.
Former Tory leader and co-founder of the Inter-Parliamentary Alliance on China (IPAC) Sir Iain Duncan Smith, who has been personally sanctioned by China, told Sky News: “This is yet another example of why the UK government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.
“No more pretence, it is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.”
Executive Director of IPAC Luke de Pulford added: “This has to represent a turning point. These are actions suited to hybrid warfare, not the ‘mutual respect’ of which Beijing and London regularly boast.
“China under Xi Jinping is not a friend. Remove the blinkers. Our China strategy has failed. We need some realism fast.”
Despite the accusations of major hacks in Britain as well as the human rights violations in mainland China and the former British colony of Hong Kong, Prime Minister Rishi Sunak has refused to officially label the communist country a “threat” to the UK.
Sunak, who has long argued for closer trade ties with Beijing, has come under criticism for his ties to China, with the business of his wife’s family, Indian tech-giant Infosys, having significant operations within China.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
Quote:Sen. J.D. Vance (R-OH) on Friday sent a letter to a cybersecurity agency concerning vulnerabilities in critical American infrastructure and how the agency is responding to the Chinese government-sponsored state hacking group Volt Typhoon.
Vance wrote his letter, which Breitbart News obtained, to Cybersecurity & Infrastructure Security Agency (CISA) Director Jen Easterly about how critical American infrastructure is “under attack” from the Chinese government “state-sponsored hacker group known as Volt Typhoon.” The Ohio senator said that the consequences of a Volt Typhoon attack on American infrastructure could be immense:
The impact from a full-scale Volt Typhoon attack on U.S. critical infrastructure would be devastating and could result in our nation being thrown into disarray at the exact time it is under military attack from foreign adversaries. The consequences of a Volt Typhoon attack would presumably include a threat to the U.S. military by disrupting power and water to our military facilities and critical supply chains.
...
Vance noted that Volt Typhoon has “compromised hundreds of thousands of devices since it was first publicly identified by Microsoft in May 2023.” In June 2023, the National Security Agency (NSA), CISA, FBI, and other international cybersecurity agencies issued a Cybersecurity Advisory (CSA) about Volt Typhoon’s capacity to attack critical infrastructure. In March 2024, CISA issued an advisory on best practices to harden its systems against Volt Typhoon.
Rob Ames, a staff threat researcher at SecurityScorecard, explained that Volt Typhoon typically uses more “hands-on keyboard techniques” than traditionally relying on activity exploited by malware.
“Critical infrastructure” sectors are particularly vulnerable to Volt Typhoon hacking. These sectors, which include communications systems, energy production, and government facilities, are “considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
Vance wrote about the threat that is Volt Typhoon:
Indeed, experts believe the group has targeted U.S. critical infrastructure since mid-2021 using malicious software that penetrates internet connected systems. On January 31, 2024, the FBI reported that it had disrupted some of Volt Typhoon’s operations by removing the group’s malware from some small office routers.
However, on February 7, 2024, CISA, the FBI, and other U.S. agencies along with the Five Eyes partners released a major advisory in which they warned that Volt Typhoon was pre-positioning on critical infrastructure networks to “enable disruption or destruction of critical services in the event of increased geopolitical tensions.”
To better understand the risk that is Volt Typhoon, Vance asked that Easterly provide answers to these questions:
1. What is CISA’s understanding of how Volt Typhoon became embedded in U.S. critical infrastructure?
2. What prompted CISA to go public earlier this year warning of the urgent risk posed by Volt Typhoon?
3. How many U.S. public or private critical infrastructure entities in the Communications, Energy, Transportation Systems, and Water and Wastewater Systems sectors are impacted by Volt Typhoon?
4. Are there other critical infrastructure sectors impacted by Volt Typhoon? If so, which sectors (beyond those named in response to question 3)?
5. According to reports, CISA has worked with sector risk management agencies to do outreach to each sector regarding Volt Typhoon. Which agencies specifically?
6. Which Information Sharing and Analysis Centers (ISACs) are aware of Volt Typhoon?
7. How many individual network devices in the U.S. are impacted or potentially impacted by Volt Typhoon?
8. What strategies have CISA and/or sector risk management agencies named in response to question 5 designed and/or implemented to mitigate the threat from Volt Typhoon?
9. How many calls to CISA’s 24/7 Operations Center regarding Volt Typhoon has the agency received since January 1, 2023?
American officials’ concerns became so immense that Nathaniel Fick, the State Department’s ambassador-at-large for cyberspace and digital policy, said in May that American and Chinese officials discussed the Volt Typhoon espionage campaign that targeted American critical infrastructure.
...
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
Chinese Hackers
![[Image: SP1-Scripter.png]](https://www.save-point.org/images/userbars/SP1-Scripter.png)
![[Image: SP1-Writer.png]](https://www.save-point.org/images/userbars/SP1-Writer.png)
![[Image: SP1-Poet.png]](https://www.save-point.org/images/userbars/SP1-Poet.png)
![[Image: SP1-PixelArtist.png]](https://www.save-point.org/images/userbars/SP1-PixelArtist.png)
![[Image: SP1-Reporter.png]](https://i.postimg.cc/GmxWbHyL/SP1-Reporter.png)
