Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label China Cyber Security. Show all posts

Why are Western Cyber Attacks Less Heard of?


Camaro Dragon, Fancy Bear, Static Kitten and Stardust Chollima – these are some of the most notorious hacking group around the world. These cyber teams have been under the radar for hacking, stealing information and causing trouble allegedly on the orders of their governments.

Marketers of these companies have been pin pointing locations these groups are originating from, warning users of these ‘advanced persistent threat’ groups (APTs). The groups have majorly been tracked back to Russia, China, North Korea and Iran.

Cyber Defenders Under Attack

Russia’s most popular cyber company Kaspersky were made to investigate its own employees when several staff members’ mobile phones begin distributing their information to some shady parts of the internet.

"Obviously our minds turned straight to spyware but we were pretty sceptical at first[…]Everyone's heard about powerful cyber tools which can turn mobile phones into spying devices but I thought of this as a kind of urban legend that happens to someone else, somewhere else," said chief security researcher Igor Kuznetsov.

Igor came to the conclusion that his intuition had been correct and that they had in fact discovered a sizable sophisticated surveillance-hacking effort against their own team after painstakingly analyzing "several dozen" infected iPhones. Apparently, the attackers had found a way to infect iPhones by simply sending an iMessage, that after installing malware to devices, deleted itself from the device.

In the operation to tackle the issue, the victims’ phone contents were tracked back to the hackers at regular intervals. This included messages, emails, pictures, and even access to cameras and microphones.

Once the issue was solved, on being asked, Kaspersky did not tell the origin of the attack, saying they are not interested “in from where this digital espionage attack was launched.”

The incident raised concerns of the Russian government. Russian security agencies released an urgent advisory the same day Kaspersky reported their discovery, claiming to have "uncovered a reconnaissance operation by American intelligence services carried out using Apple mobile devices.”

The bulletin even accused Apple of being involved in the campaign, however the conglomerate denied the accusation. Neither did the firm in question, the US National Security Agency (NSA), comment on the accusations.

In addition to this, the US Government issues a statement with Microsoft last month, confirming that the Chinese state-sponsored hackers have been found “lurking inside energy networks in US territories”.

In response to this, China denied the accusations saying the "story was a part of a disinformation campaign" from the Five Eyes countries – the UK, Australia, Canada and New Zealand.

Chinese Foreign Ministry official Mao Ning added China's regular response: "The fact is the United States is the empire of hacking."

But as with Russia, China now appears to be taking a more assertive stance in criticizing Western hacking.

According to China Daily, China’s official news source, the foreign government-backed hackers are currently the biggest threat to the nation's cyber security.

Additionally, the Chinese company 360 Security Technology included a statistic with the warning, stating that it has found "51 hacker organizations targeting China." Requests for comments from the business received no response.

China also charged the US with hacking a government-funded university in charge of space and aviation research last September.

While many would brush off the accusation of China, there might could be some truth to it.

According to researchers, there are reasons why the western hacking groups never come to light. We are listing some of these reasons below: 

  • The US is the only tier-one cyber power in the world, based on attack, defence and influence. Its is also labelled as ‘World’s top cyber power,’ by National Cyber Power Index, compiled by researchers at the Belfer Centre for Science and International Affairs. 
  • Western cyber-security companies fail to track western cyber activities, since they do not have customers in the rival countries. It could also be that the companies put less effort in investigating western groups, since many cyber security companies gain major chunk of revenue from the UK or US state-backed lucrative contracts.
  • Another factor contributing to the lack of information about Western cyberattacks is that they are frequently more covert and result in less collateral damage.

Chinese Hackers Targeted Indian State Power Grid

 

Chinese state-sponsored malicious actors launched “probing cyberattacks” on Indian electricity distribution centers near Ladakh thrice since December 2021. On Wednesday a report by private intelligence firm Recorded Future confirmed the attack. 

The hackers targeted seven Indian state centers responsible for carrying out electrical dispatch and grid control near a border area contested by the two nuclear neighbors, the report added. This attack came to light while the military standoff between the two countries in the region had already deteriorated the relationship. However, the government sources affirmed that the attacks were not successful. 

''In recent months, we observed likely network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh," the group said. 

The hackers employed the trojan ShadowPad, which the experts claimed has been developed by contractors for China's Ministry of State Security, thereby concluding  that it was a state-sponsored hacking effort. 

"In addition to the targeting of power grid assets, we also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group," Recorded Future said.

The US did not invite Russia and China to an online conference on combating cybercrime

The US National Security Council organized virtual meetings this week to discuss countering ransomware operators. In total, 30 countries were invited to the conference, including Ukraine, Mexico, Israel, Germany, and the UK, however, Russia and China were not invited to the discussion.

The cyber threat posed by ransomware is increasingly worrying people at the highest level. The ransoms have already reached over $400 million in 2020 and $81 million in the first quarter of 2021.

US President Joe Biden announced in early October that representatives from more than 30 countries will work together to fight back against cybercriminals distributing ransomware. This initiative was the result of very dangerous and large-scale attacks by ransomware operators that recently hit Colonial Pipeline and Kaseya.

It is interesting to note that recently Russian Deputy Foreign Minister Sergei Ryabkov made it clear that Moscow is interested in discussing the problem of ransomware viruses with Washington, but does not want contacts to be limited only to this topic. “American colleagues are still trying to focus all their work on what interests them,” he complained at the time.

Despite the previously announced cooperation in the field of cybersecurity between Moscow and Washington, no one expected Russian official representatives at the meetings. The organizers of the meetings did not invite China and Russia.

Perhaps the reason lies in a misunderstanding that arose at a certain stage. The United States has repeatedly asked Russia to take measures against ransomware operators located in the country. White House Press Secretary Jen Psaki even promised that Washington itself would deal with these cyber groups if the Kremlin could not.