Chinese Hackers

[kyonides]

US SOFTWARE & LAW FIRMS BREACHED BY CHINESE HACKERS

Chinese hackers breach US software and law firms amid trade fight, experts say

A team of suspected Chinese hackers has infiltrated US software developers and law firms in a sophisticated campaign to collect intelligence that could help Beijing in its ongoing trade fight with Washington, cybersecurity firm Mandiant said Wednesday.

The hackers have been rampant in recent weeks, hitting the cloud-computing firms that numerous American companies rely on to store key data, Mandiant, which is owned by Google, said. In a sign of how important China’s hacking army is in the race for tech supremacy, the hackers have also stolen US tech firms’ proprietary software and used it to find new vulnerabilities to burrow deeper into networks, according to Mandiant.

The FBI is investigating the intrusions and US officials are still trying to understand the full scope of the hacks, sources told CNN.

It’s a fresh five-alarm fire for the FBI’s cyber experts, who at any given time are investigating multiple sophisticated Chinese cyber-espionage campaigns aimed at US government and corporate secrets.

In some cases, the hackers have lurked undetected in the US corporate networks for over a year, quietly collecting intelligence, Mandiant said.

The disclosure comes after the Trump administration escalated America’s trade war with China this spring by slapping unprecedented tariffs on Chinese exports to the United States. The tit-for-tat tariffs set off a scramble in both governments to understand each other’s positions.

“The FBI is aware of this matter and we continue to work with our law enforcement and private sector partners,” a bureau spokesperson told CNN. “We encourage the public to contact their local field office or tips.fbi.gov, if they believe to be a victim.”

Mandiant analysts said the fallout from the breaches — the task of kicking out the hackers and assessing the damage — could last many months. They described it as a milestone hack, comparable in severity and sophistication to Russia’s use of SolarWinds software to infiltrate US government agencies in 2020.

The suspected Chinese hackers are “very active right now,” said Charles Carmakal, Mandiant’s chief technology officer. “We believe that there are many organizations that are actively compromised that don’t know about it.”

This is “the most prevalent [cyber] adversary in the United States over the past several years,” Carmakal said.

Beijing routinely denies US hacking allegations and accuses the US of conducting cyberattacks against China. Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, DC, told CNN he was not aware of the details of the Mandiant report. “China firmly opposes and combats all forms of cyber attacks and cybercrime,” Liu said in a statement.

Law firms are attractive espionage targets because of the role that they play in helping government and corporate clients navigate trade and national security disputes. Suspected Chinese hackers this summer breached the email accounts of attorneys at Washington, DC-based firm Wiley Rein, CNN previously reported.

The FBI has said that China’s cyber operatives outnumber all FBI agents by at least 50 to 1. For years, across Republican and Democratic administrations, US officials have tried to counter this numerical advantage by exposing the hackers’ tactics through indictments, sanctions and other measures. In rare cases, the FBI has taken Chinese operatives into custody.

Italian authorities in July arrested a Chinese man accused by US prosecutors of being part of a hacking team that stole coveted US research into a coronavirus vaccine on behalf of Chinese intelligence.

“He is one of the first hackers linked to Chinese intelligence services to be captured by the FBI,” the bureau’s Houston field office said at the time.

US law firm with major political clients hacked in spying spree linked to China

Suspected Chinese government-backed hackers have breached computer systems of US law firm Williams & Connolly, which has represented some of America’s most powerful politicians, as part of a larger spying campaign against multiple law firms, according to a letter the firm sent clients and a source familiar with the hack.

The cyber intrusions have hit the email accounts of select attorneys at these law firms, as Beijing continues a broader effort to gather intelligence to support its multi-front competition with the US on issues ranging from national security to trade, multiple sources have told CNN.

The hackers in this case used a previously unknown software flaw, coveted by spies because it allows for stealth, to access Williams & Connolly’s computer network, said the letter sent to clients this week and reviewed by CNN. The letter did not name the hackers responsible, but the source familiar with the hack told CNN that Beijing was the prime suspect.

“Given the nature of the threat actor, we have no reason to believe that the data will be disclosed or used publicly,” the letter said, in a hint that the intruder was focused on espionage rather than extortion.

CNN has reached out to the Chinese Embassy in Washington, DC for comment.

Liu Pengyu, a spokesperson for the embassy, told CNN in response to a separate hacking allegation last month: “China firmly opposes and combats all forms of cyber attacks and cybercrime.”

It was not immediately clear which Williams & Connolly attorneys or clients were affected by the hack.

Williams & Connolly is known for its politically influential clientele and a storied bench of courtroom lawyers. The firm has represented Bill and Hillary Clinton; corporate clients, including tech, health care and media companies; and white-collar criminal defendants like Theranos founder Elizabeth Holmes.

A Williams & Connolly spokesperson declined to answer questions on who was responsible for the hack.

The hackers are “believed to be affiliated with a nation-state actor responsible for recent attacks on a number of law firms and companies,” Williams & Connolly said in a statement to CNN. “We have taken steps to block the threat actor, and there is now no evidence of any unauthorized traffic on our network.”

Another prominent US law firm hit by suspected Chinese hackers is Wiley Rein, CNN reported in July. With clients that span the Fortune 500, Wiley Rein is a powerful player in helping US companies and the government navigate the trade war with China.

The suspected Chinese hackers have been rampant in recent weeks, also hitting the cloud-computing firms that numerous American companies rely on to store key data, experts at Google-owned cybersecurity firm Mandiant have told CNN. In a sign of how important China’s hacking army is in the race for tech supremacy, the hackers have also stolen US tech firms’ proprietary software and used it to find new vulnerabilities to burrow deeper into networks, according to Mandiant.

The Chinese government routinely denies allegations that it conducts hacking operations, often pointing to alleged US operations targeting Chinese entities and accusing Washington of a “double standard.”

At any given time, the FBI has multiple investigations open into China’s elite hacking teams, which US officials consider the biggest state-backed cyber threat to American interests.

CNN has requested comment from the FBI.

“Law firms are prime targets for nation-state threat actors because of the complex, high-stakes issues they handle,” said Sean Koessel, co-founder of cybersecurity firm Volexity, which has investigated Chinese digital spying campaigns.

“Intellectual property, emerging technologies, international trade, sanctions, public policy, to name a few,” Koessel told CNN. “In short, they hold a wealth of sensitive, non-public information that can offer significant strategic advantage.”

CHINESE HACKERS USING TAIWAN AS SPRINGBOARD?

Leaked Chinese data shows Taiwan potential 'hacker springboard': NICS

Taipei, Oct. 7 (CNA) A recent major leak of surveillance data from China shows Beijing could use Taiwan as a "springboard" for hackers to launch cyberattacks, according to the National Institute of Cyber Security (NICS) under Taiwan's Ministry of Digital Affairs, which urged the public to remain cautious and reduce risks when logging onto Chinese social media.

According to an analysis report released Tuesday by NICS, the leaking of 600GB of data linked to the Great Firewall of China demonstrates that Beijing not only conducts domestic cyber surveillance but also exports such surveillance technologies to foreign countries.

In mid-September, what is being described as the largest leak linked to the Great Firewall of China was posted online with materials reportedly containing source codes, internal communications, work logs, and technical documentation from groups believed to be involved in setting up and maintaining the surveillance system.

Commenting on the data leaks from China, NICS President Lin Ying-der (林盈達) said Chinese online surveillance efforts include the use of virtual private networks (VPN), which are used as network virtualization to extend a private network across a public network, instant messaging services and social media, which can monitor email exchanges, measure data flows and even plant malware to launch cyberattacks.

China has also exported such cyberattack skills to countries such as Cambodia, Pakistan, Ethiopia and Kazakhstan, he claimed.

While these cyberattack skills currently have had limited impact on the everyday life of people in Taiwan, the NISC report said, Taiwan has been targeted by China as a springboard for hackers to launch their attacks. NISC added people in Taiwan should be aware of such risks.

The NISC said when individual Taiwanese log onto popular Chinese social media such as Little Red Book or Xiaohongshu (小紅書), TikTok (抖音) and Weibo (微博), it is possible that other related Chinese social media will connect with these popular apps to obtain the personal data of Taiwanese users which could result in those users being harassed.

When local individuals take trips to any foreign countries with high cybersecurity risks, they should avoid sharing sensitive information and closely follow multi-factor authentication requirements, the NISC added.

When using unfamiliar devices, the NISC said, Taiwanese should limit personal data exposure and permission settings to reduce the risk of identity verification or tracking.

Taiwanese enterprises should also carefully evaluate possible cybersecurity risks faced by their overseas operations and take into account cybersecurity when engaged in cross-border cooperation, to prevent leaks of their technology, the NCIS said.

International news media reported the leaked 600GB of internal files dumped online exposed the inner workings of China's internet censorship and surveillance infrastructure.