Chinese Hackers

[kyonides]

GOOGLE VS CHINESE HACKERS

Google Sues China-Based Hackers Over Text Message Phishing Scams
Fake ads, emails, or text messages alerted unsuspecting consumers to some type of problem with a delivery, an unpaid toll, or an e-commerce website.

Global technology giant Google is bringing legal action against an alleged international cybercriminal group that it claims has harmed Google’s reputation and its customers by stealing their personal and financial information through internet scams.

Although Google is still unaware of the true names of the defendants, the litigation indicates that they are based in China.

In a case filed on Nov. 12 in the U.S. District Court for the Southern District of New York, Google is seeking an injunction to stop the criminal group, referred to in the lawsuit as “DOES 1-25.” The lawsuit claims that the group swindled thousands of victims out of millions of dollars and also hurt Google through the unauthorized use of its trademarks and services.

The litigation describes the phishing attacks disguised as ads, emails, or text messages alerting unsuspecting consumers to some type of problem with a delivery, an unpaid toll, or an e-commerce website. The messages are actually fraudulent. Once customers click on the payment link, they lose not only their money but also all of their private information. The sites often mention a phony Google Pay option.

The lawsuit states that the defendants rely on a phishing software kit called “Lighthouse,” which offers users a “phishing for dummies” plan in exchange for a monthly licensing fee. The plan allegedly includes hundreds of templates for fake websites, domain setup tools, and other features to lure in consumers.

“The scale of Lighthouse phishing attacks is staggering,” the lawsuit states. “In a 20-day period, approximately 200,000 fraudulent websites created using Lighthouse were used to attract well over [1 million] potential victims in at least 121 countries.”

Google contends that as a result, up to 115 million credit cards may have been compromised in the United States alone. These Lighthouse-supported websites receive an average of 50,000 page visits daily.

Google claims that actions by the Lighthouse Enterprise and its group of cybercriminals have also caused both financial and reputational damage to the company and that it has been devoting “substantial resources” to investigate and deal with this criminal activity.

“Defendants have incorporated Google logos into spoofed websites that are used to solicit victims’ personal financial information in New York and throughout the United States,” the lawsuit states. It also describes the defendants’ activities as “intentional, wrongful and illegal.”

The litigation describes how each faction of the Lighthouse Enterprise functions to accomplish its elaborate phishing schemes. It identifies five specific groups: the developer group, which supplies the phishing software; the data broker group, which supplies the lists of potential targets; the spammer group, which sets up the tools to send the fraudulent messages in volume; the theft group, which helps to monetize stolen information; and the administrative group, which runs an online community for collaboration and recruitment of new members.

One of Lighthouse’s most popular game plans includes the “Fake Delivery Scheme,” in which scammers pretend to represent the U.S. Postal Service and request that consumers pay a fee in order to ensure delivery of their package.

A “Toll Scheme” involves a fake bill from toll collectors such as E-ZPass. “Financial Institution Schemes” aim to coax consumers to log into a phony website mimicking their bank to gain access to their account information. Another popular scam is the “E-Commerce Scheme,” which directs unsuspecting consumers to a fake website with bogus products.

“The Enterprise uses online advertising platforms—including Google Ads—to create ads that distribute links to their fraudulent e-commerce websites,” the lawsuit states. “Google has suspended Google Ads accounts that it has identified as being associated with the Enterprise.”

In addition to seeking damages from the defendants, Google is also petitioning for a restraining order against the defendants and their officers, agents, and employees, as well as anyone in active participation with them.

ANTHROPIC ON CHINESE HACKERS

Anthropic Says Chinese Hackers Used AI to Attack 30 Organizations

The company estimates that AI carried out 80 percent to 90 percent of the work during the cyberattacks.

Researchers at artificial intelligence company Anthropic said on Nov. 13 that they have uncovered the first use of AI in a cyberattack by a foreign government.

Anthropic, the San Francisco-based developer of AI chatbot Claude, stated in a blog post that it was highly confident that state-sponsored Chinese threat actors had used the company’s Claude Code tool to create an attack framework that, once put in play, required minimal human involvement.

Attackers manipulated Anthropic’s AI software to attack 30 global targets, including government agencies, technology and financial services companies, and chemical manufacturers, Anthropic said in a post on X. A small number of attacks were successful.

The multipronged attacks were first spotted in mid-September, and over the course of 10 days, Anthropic researchers mapped out the scope of the operation, notifying affected organizations and working in conjunction with regional authorities. The attacks were made possible because of rapid advancements in AI that did not exist just 12 months ago, the company stated.

In the first phase of the cyberattacks, threat actors identified targets and used Claude Code as an automated tool for execution. They bypassed Claude Code’s internal safeguards by positioning themselves as a cybersecurity defense employee and got the AI chatbot to execute the attacks by parsing them down into minor, seemingly innocuous tasks that didn’t raise any red flags.

Once it gained access, Claude Code began looking for high-value databases, as well as vulnerabilities in organizations’ cybersecurity systems. The AI chatbot wrote its own exploitation code, harvested usernames and passwords to access databases, and exfiltrated data with little human interaction. Lastly, Claude presented detailed summaries of its actions, including which systems were breached, the credentials it used, and back doors that were created.
Anthropic estimates that AI carried out between 80 percent and 90 percent of the work during the cyberattacks.

“The sheer amount of work performed by the AI would have taken vast amounts of time for a human team,” Anthropic stated in the blog post. “At the peak of its attack, the AI made thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match.

“To keep pace with this rapidly advancing threat, we’ve expanded our detection capabilities and developed better classifiers to flag malicious activity. We’re continually working on new methods of investigating and detecting large-scale, distributed attacks like this one.”

In early October, Anthropic said AI models had sufficiently developed to not only reproduce cyberattacks, but also outperform some human cyberdefense teams. The company advised AI developers to continue developing AI safeguards, as similar attacks are likely to be deployed in the future.

Chris Krebs, former director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said during a morning interview with CBS that the attack is likely a sign of things to come.

“We’ve been talking about events and attacks like this for close to a decade,” Krebs said. “To see it actually come into life like this ... is pretty chilling, and there’s a lot of work we have to do in the near future to stem the flow.”