Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label China. Show all posts
TSA
China CISA Cyber Security transport TSA

New TSA Rules to Boost Cybersecurity in Transport






The Transportation Security Administration recently unveiled a proposed rule that would permanently codify cybersecurity reporting requirements in certain segments of U.S. transportation, including pipelines and railroads. This change is set to be permanent after the agency introduced temporary reporting requirements for certain segments last year after a ransomware attack hit Colonial Pipeline, causing fuel shortages along the U.S. East Coast.


Locked In Securely

Since the Colonial Pipeline incident, the Transportation Security Administration has issued a number of temporary rules regarding cybersecurity risks in critical infrastructure. The new proposed rule would bring these temporary rules into permanence and codify a consistent approach throughout transportation on cybersecurity matters. As Administrator Pekoske pointed out, "TSA has been working extremely closely with industry partners to assist in enhancing the cybersecurity resilience of our nation's critical infrastructure."


Key Components of the Proposed Rule

This new law applies to a large scope of pipeline and railroad operators and places restrictions only on some bus companies. Its main emphasis is put on the implementation of cyber risk management plans that shall encompass:

  • Annual Cybersecurity Reviews: These reviews will require assessments and improvements in cyber defences.
  • Vulnerability Assessments: Conduct vulnerability assessments of security weaknesses that have not been remediated. Such assessments shall be conducted either by the covered entity's own personnel or a third party, but such personnel shall have no conflict of interest with respect to the covered entity.
  • Operational Cybersecurity Plans: They would describe the functions of personnel in a cybersecurity company, what is in place to protect critical systems, and procedures in identifying a threat to and responding to it.

Under these proposed regulations, operators would have to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) to receive faster response to and support of a threat.


Impact and Cost

The TSA estimated that the rulemaking would affect about 300 transportation operators-from pipelines, freight railroads, to public transportation agencies. These include 73 freight railroads, 34 public transportation systems, 71 over-the-road bus companies, and 115 pipeline facilities. Compliance and TSA oversight are estimated to cost the industry $2.1 billion over the next ten years.

The TSA attributed the regulations to the emerging threats of cyber attacks posed by nation-state actors and cybercriminals, who often target U.S. infrastructure in efforts to disrupt it and further inflict economic damage. Countries, according to the TSA, "such as Russia and China" were cited as frequent sources of cyberattacks on American critical infrastructure.

The agency's proposal underlines the need for uniform cybersecurity measures to be taken as soon as possible as cyber threats are becoming more advanced: they are now set to use artificial intelligence to deliver faster, undetectable attacks.


Industry Reaction and Flexibility

The proposal takes place on the grounds that the earlier directions were considered too elaborative by the transporters who had imparted them. The TSA will be more agile and results-driven now, allowing the companies to engage themselves in security solutions pertaining to the specific needs of each one.

The proposed rule will be open to comments from the industry until February 5 while reviewing all the responses the TSA will have before finalising the rule. The agency looks forward to providing enhanced cybersecurity and resilience within U.S. surface transportation systems by defeating the increasing cyber threats.


Read more »
Winos4.0
China Hackers malware Windows Winos4.0

Growing Use of Winos4.0 Toolkit Poses New Threat to Windows Users

 



Advanced hacking toolkit Winos4.0 spreads across the globe, security experts warn. Originally reported by Trend Micro, this new toolkit-just like known kits Cobalt Strike and Sliver-was connected to a string of recent cyber attacks in China, having initially spread through fake software downloads. This year, Fortinet reported that the toolkit is also disseminated through game-themed files, which now tends to expand and might pose a risk to a larger user base.


Attack Framework

Winso4.0 is a post-exploitation toolkit: after successfully gaining initial access to a system, the attackers use it for further invasion and domination. First, it was discovered inside the applications downloaded by users who considered it software in their interest, including VPNs or Google Chrome downloads for the Chinese market. Under the aliases Void Arachne or Silver Fox, the attackers entice users with these very popular applications full of malicious components designed to compromise their systems.

New strategies involve attackers using game applications, via which they have broadcasted Winos4.0, again targeting Chinese users mainly. This way, hackers change and utilise attractive downloads to penetrate devices.


Infection Stages

When one of such benign-looking files is downloaded by a victim, the Winos4.0 toolkit initiates a four-phase infection:

1. Stage 1: After installation, a DLL file you.dll, was retrieved from a remote domain. This file installed persistence on the device by setting values in the Windows Registry such that the malware would persist after the system restarts:.

2. Stage 2: At this step, the injected shellcode is loaded to download necessary APIs and communicate with a C2 server, which enables hackers to send commands and retrieve files from the infected device.

3. Stage 3: It fetches more encoded data from the C2 server in a second DLL file named上线模块.dll which saves to the Windows Registry to be used later, apart from updating server addresses to maintain an active link between the malware and its operators.

4. Final Stage: The last stage (login module.dll) will activate all main functions of the toolkit, including detailed system data gathering (like IP address and type of OS), detection of security tools, searching for crypto-wallets, and keeping a hidden backdoor. Through this backdoor connection, hackers can exfiltrate data, execute commands, and sustain their activity monitoring.

 

Evasion Techniques

Winos4.0 already has an inbuilt scanner for the detection of security products, including commercial products by Kaspersky, Avast, Bitdefender, and Malwarebytes. It will then change its behaviour to avoid detection or even quit if the toolkit finds itself running in an environment that is under surveillance. This versatility makes the tool very dangerous when it gets into cybercriminals' hands.

 

Emerging Menace

The fact that the toolkit Winos4.0 is still being used and fine-tuned points towards the growing importance of this toolkit in cyberattack strategies. As explained by Fortinet, it is a versatile and powerful framework "designed for remote control of compromised systems." Ongoing activity like this indicates that Winos4.0 is becoming a tool hackers like to use to gain control over Windows machines.


Preventive Actions

Always ready for downloading is a constant warning from the security experts to users, especially when it comes to free softwares or games which seem popular.

Avoid downloading applications and other forms of files from unknown sources. Even verifying if the software or file is coming from a legitimate source may also save it from infection. Moreover, one's security software must be updated frequently.

Knowing the threats of Winos4.0 would prevent many users from this malicious software by making them aware of this sophisticated malware.


Read more »
Russia
China Cyber Attacks Hacking Netherlands Russia

Russia and China Up Their Cyberattacks on Dutch Infrastructure, Security Report Warns

 


Dutch security authorities have recorded growing cyber threats from state-affiliated Russian and Chinese hackers targeting organisations in the country. The attacks, mostly to gain access to the critical infrastructure, are seen as preparations for future sabotage and for gathering sensitive information, according to a recent report by the Dutch National Coordinator for Security and Counterterrorism (NCTV).


Rise of Non-State Hackers in Support of Government Agendas

The report says cyber attacks can no longer be considered the preserve of state actors: in fact, it turns out that non-state hackers in Russia and China increasingly are joining in. Of course, Russia: for some of the past year's cyber espionage and sabotage, hacktivists--independent hacking groups not officially communicating with the government are said to have conducted parts of this past year. At times, Russian state cyber actors work in conjunction with them, sometimes using their cover for their own operations, sometimes directing them to fit state goals.

China's cyber operations often combine state intelligence resources with academic and corporate collaborations. Sometimes, persons are performing dual roles: conducting research or scientific duties coupled with pushing forward China's intelligence goals. Such close cooperation treads the fine line between private and state operations, introducing an element of complexity to China's cyber strategy.


China's Advancing Sabotage Capabilities

For some years now, Chinese cyber campaigns focused on espionage, particularly those targeting the Netherlands and other allies, have been well known. Recent developments over the past year, however, have found China's cyber strategies getting broader in scope and quite sophisticated. The recent "Volt Typhoon" campaign, attributed to China, was an example of shifting toward actual sabotage, where critical U.S. infrastructure is the chief target. Although Europe is not currently under such threats from Volt Typhoon, the Netherlands remains vigilant based on China's rapid advancements in its cyber capabilities, which will potentially be implemented globally at a later stage.


Cyber/Disinformation Combined Threat

In the Netherlands, there is a national coordinator for security and counterterrorism, Pieter-Jaap Aalbersberg, who underscored that cyber threats frequently act as part of an integrated approach, which includes information operations. Coordinated actions are riskier because the cyber attack and digital influence operation come together to compromise security. Aalbersberg indicated that risks need to be balanced collectively, both from direct cyber threats and other consequences.


Recent Breach in Dutch Police Forces Concerns

Earlier this month, the Dutch national police announced a breach into officers' personal contact details with thousands of officers being involved, including names, telephone numbers, and email. The attackers behind this breach are unknown, although it is believed that this incident is "very likely" to be carried out by a state-sponsored group. Still, no country was indicated.

The Dutch government views such heightened cyber hostility as pushing a stronger defensive response from its measures about the cybersecurity fields, particularly since the threats from Russians and Chinese are still multiplying. This scenario now presents strong appeal in asking for added fortifications at international cooperation and greater action in stopping these mounting operations of said aggressive expansions through cyber warfare.


Read more »
Trafficking
AI generated Deepfake AI tools China Cyber Security Generative AI Pig Butchering Scamming Trafficking

AI Tools Fueling Global Expansion of China-Linked Trafficking and Scamming Networks

 

A recent report highlights the alarming rise of China-linked human trafficking and scamming networks, now using AI tools to enhance their operations. Initially concentrated in Southeast Asia, these operations trafficked over 200,000 people into compounds in Myanmar, Cambodia, and Laos. Victims were forced into cybercrime activities, such as “pig butchering” scams, impersonating law enforcement, and sextortion. Criminals have now expanded globally, incorporating generative AI for multi-language scamming, creating fake profiles, and even using deepfake technology to deceive victims. 

The growing use of these tools allows scammers to target victims more efficiently and execute more sophisticated schemes. One of the most prominent types of scams is the “pig butchering” scheme, where scammers build intimate online relationships with their victims before tricking them into investing in fake opportunities. These scams have reportedly netted criminals around $75 billion. In addition to pig butchering, Southeast Asian criminal networks are involved in various illicit activities, including job scams, phishing attacks, and loan schemes. Their ability to evolve with AI technology, such as using ChatGPT to overcome language barriers, makes them more effective at deceiving victims. 

Generative AI also plays a role in automating phishing attacks, creating fake identities, and writing personalized scripts to target individuals in different regions. Deepfake technology, which allows real-time face-swapping during video calls, is another tool scammers are using to further convince their victims of their fabricated personas. Criminals now can engage with victims in highly realistic conversations and video interactions, making it much more difficult for victims to discern between real and fake identities. The UN report warns that these technological advancements are lowering the barrier to entry for criminal organizations that may lack advanced technical skills but are now able to participate in lucrative cyber-enabled fraud. 

As scamming compounds continue to operate globally, there has also been an uptick in law enforcement seizing Starlink satellite devices used by scammers to maintain stable internet connections for their operations. The introduction of “crypto drainers,” a type of malware designed to steal funds from cryptocurrency wallets, has also become a growing concern. These drainers mimic legitimate services to trick victims into connecting their wallets, allowing attackers to gain access to their funds.  

As global law enforcement struggles to keep pace with the rapid technological advances used by these networks, the UN has stressed the urgency of addressing this growing issue. Failure to contain these ecosystems could have far-reaching consequences, not only for Southeast Asia but for regions worldwide. AI tools and the expanding infrastructure of scamming operations are creating a perfect storm for criminals, making it increasingly difficult for authorities to combat these crimes effectively. The future of digital scamming will undoubtedly see more AI-powered innovations, raising the stakes for law enforcement globally.
Read more »
Temu
China Cyber Security Indonesia Small Businesses Temu

Indonesian Government Asks Apple, Google to Block China's Temu to Safeguard Small Merchants

 

Indonesia has urged Alphabet's Google and Apple to remove Temu, a Chinese fast fashion e-commerce startup, from their app stores in the nation, a minister said earlier this week. 

The decision was intended to safeguard the nation's small and medium-sized businesses from low-cost products offered by PDD Holdings' Temu, communications minister Budi Arie Setiadi told Reuters, despite the fact that authorities are yet to find any transactions involving its residents on the platform.

Temu's quick expansion has drawn criticism from multiple countries for its low-cost business model of sending shipments to customers in China. 

Budi described Temu's business approach as "unhealthy competition," as it connects consumers directly with factories in China to significantly lower prices. "We're not here to safeguard e-commerce, but we do protect small and medium-sized businesses. "There are millions who must be protected," the minister stated.

If Temu makes such a move, Jakarta will likewise block its investment in local e-commerce, according to Budi, who added that he is unaware of any such plan. Additionally, Budi stated that the government intends to ask Shein, a Chinese online retailer, for a similar ban. Last year, Indonesia compelled China's ByteDance social media network TikTok to shut down its online shopfront in order to safeguard the privacy of local users and merchants.

Months later, TikTok agreed to acquire a majority stake in Indonesian digital behemoth GoTo's e-commerce subsidiary in order to maintain its presence in Southeast Asia's largest e-commerce market. On Tuesday, Indonesian e-commerce company Bukalapak.com refuted news of an acquisition by Temu. 

According to an estimate by Google, Singapore state investor Temasek Holdings, and consultancy Bain & Co., Indonesia's e-commerce industry could grow to almost $160 billion by 2030, up from $62 billion in 2023.
Read more »
wiretapping
CALEA China Cybersecurity Data Breach Encryption Hackers Privacy surveillance Telecom wiretapping

China-backed Hackers Breach U.S. Telecom Wiretap Systems, Sparking Security Concerns

 

China-backed hackers infiltrated wiretap systems of multiple U.S. telecom and internet providers, reportedly seeking to collect intelligence on American citizens. This revelation has raised alarm in the security community.

Wiretap systems, required by a 30-year-old U.S. federal law, allow a small number of authorized employees access to sensitive customer data, including internet activity and browsing history. These systems, now compromised, highlight long-standing concerns about their vulnerability.

Security experts had long warned about the risks of legal backdoors in telecom systems. Many saw this breach as an inevitable outcome of such vulnerabilities being exploited by malicious actors. Georgetown Law professor Matt Blaze remarked that this scenario was “absolutely inevitable.”

According to the Wall Street Journal, the hacking group, Salt Typhoon, accessed systems used by major U.S. internet providers like AT&T, Lumen, and Verizon. The group reportedly collected large amounts of internet traffic, and a U.S. government investigation is now underway.

The hackers' goals remain unclear, but experts believe the breach could be part of a larger Chinese effort to prepare for potential cyberattacks in the event of conflict, possibly over Taiwan. The intrusion reinforces the dangers of security backdoors.

Riana Pfefferkorn, a Stanford academic, pointed out that this hack exposes the risks of U.S. wiretap systems, arguing that these measures jeopardize citizens’ privacy rather than protecting them. She advocates for increased encryption as a solution to these vulnerabilities.

The compromised wiretap systems are part of the Communications Assistance for Law Enforcement Act (CALEA), a law enacted in 1994 to help the government access telecom data through lawful orders. However, this system has become a target for hackers and malicious actors.

After 9/11, U.S. surveillance laws expanded wiretapping to collect intelligence, sparking an entire industry dedicated to facilitating these operations. Yet, the extent of government access to private data was only exposed in 2013 by whistleblower Edward Snowden.

Post-Snowden, tech giants like Apple and Google began encrypting customer data to prevent unauthorized access, even from government agencies. However, telecom companies have been slower to follow suit, leaving much U.S. phone and internet traffic vulnerable to wiretapping.

Governments worldwide continue to push for legal backdoors into encrypted systems. In the EU, for example, proposed laws aim to scan private messages for illegal content, raising security concerns among experts.

Signal, the encrypted messaging app, warned of the dangers of backdoors, pointing to the Chinese hacking incident as an example of why such measures pose severe cybersecurity risks. Meredith Whittaker, Signal’s president, stressed that backdoors cannot be restricted to just "the good guys."

Blaze called the CALEA law a cautionary tale, emphasizing the dangers of building security systems with inherent vulnerabilities.
Read more »
Salt Typhoon
China Cyber Attacks Cyberattack Cybersecurity Data Breach FBI Hacking internet providers Routers Salt Typhoon

Chinese Government-Linked Hackers Infiltrate U.S. Internet Providers in 'Salt Typhoon' Attack

 

Hackers linked to the Chinese government have reportedly breached several U.S. internet service providers, according to The Wall Street Journal. Investigators are calling the cyberattack "Salt Typhoon," which occurred just a week after the FBI dismantled another China-backed operation called "Flax Typhoon." That attack targeted 200,000 internet-connected devices such as cameras and routers.

In the Salt Typhoon incident, hackers infiltrated broadband networks to access sensitive information held by internet service providers. Sources close to the matter told WSJ that unlike past attacks focused on disrupting infrastructure, this one seems to be aimed at gathering intelligence. FBI Director Christopher Wray had warned at the Aspen Cyber Summit that China would persist in targeting U.S. organizations and critical infrastructure, either directly or through proxies.

Chinese cyberattacks have been ongoing, but their complexity and precision have escalated, intelligence officials told the WSJ. Earlier this year, Wray described China's hacking program as the largest in the world, surpassing all other major nations combined.

China has denied involvement in these attacks. Liu Pengyu, spokesperson for the Chinese embassy in Washington, accused U.S. intelligence agencies of fabricating evidence linking China to the Salt Typhoon breach.

The WSJ report revealed that investigators are focusing on Cisco Systems routers, though a Cisco spokesperson said there is no evidence of their involvement. Microsoft is also looking into the attack. Lumen Technologies, the parent company of CenturyLink and Quantum Fiber, recently detected malware in routers that could expose customers' passwords but did not specify which ISPs were affected.

Although there's no indication that individual customers’ data was the target, you can take basic precautions:

  • Change your passwords regularly—especially your Wi-Fi router's password.
  • Consider identity theft protection services, which monitor your credit and banking activity.
  • Review your credit reports regularly to catch any suspicious activity.
Read more »
Privacy
China Data Flow Data Governance Global Trade Privacy

EU’s Initiative to Define ‘Important Data’ in China: A Step Towards Global Data Governance


The flow of data across borders is often hampered by varying national regulations. One such challenge is China’s restrictive data export laws, which have left many international businesses grappling with compliance. The European Union (EU) is now stepping up efforts to address this issue, seeking to pin down China on its ambiguous definition of “important data.”

The Importance of Data in Global Trade

Data is a critical asset for businesses, enabling everything from supply chain management to customer relationship strategies. For multinational companies, the ability to transfer data seamlessly across borders is essential for operational efficiency and innovation. However, differing regulatory landscapes can create significant hurdles.

China’s data export laws, particularly the Cybersecurity Law and the Data Security Law, have introduced stringent requirements for data leaving its borders. These laws mandate security assessments and government approvals for the transfer of “important data,” a term that remains vaguely defined. This ambiguity has led to uncertainty and compliance challenges for foreign businesses operating in China.

Cross-Border Data Flow Communication Mechanism

In response to these challenges, the EU has launched the “Cross-Border Data Flow Communication Mechanism.” This initiative aims to engage with Chinese authorities to clarify the definition of “important data” and streamline the data export process for European companies. The goal is to ensure that businesses can continue to operate efficiently while adhering to regulatory requirements.

The mechanism focuses on several key sectors, including finance, pharmaceuticals, automotive, and information and communication technology (ICT). These industries are particularly data-intensive and heavily reliant on cross-border data flows. By addressing the specific needs of these sectors, the EU hopes to mitigate the impact of China’s data export restrictions.

The Challenges of Defining “Important Data”

One of the primary challenges in this endeavor is the lack of a clear and consistent definition of “important data.” China’s laws provide some examples, such as data related to national security, economic stability, and public health, but these categories are broad and open to interpretation. This vagueness creates a compliance minefield for businesses, as they must navigate the risk of inadvertently violating Chinese regulations.

The EU’s efforts to engage with China on this issue are crucial for providing much-needed clarity. By establishing a more precise definition of “important data,” businesses can better understand their obligations and take appropriate measures to comply with the law. This, in turn, will facilitate smoother data flows and reduce the risk of regulatory breaches.

Global Data Governance

The EU’s initiative is not just about resolving a bilateral issue with China; it also has broader implications for global data governance. As data becomes increasingly vital to economic activity, the need for harmonized and transparent regulations is more pressing than ever. The EU’s proactive approach sets a precedent for other regions to follow, encouraging international cooperation on data governance.

Moreover, this initiative highlights the importance of dialogue and collaboration in addressing complex regulatory challenges. By working together, countries can develop frameworks that balance the need for data security with the imperative of economic growth. This collaborative approach is essential for fostering a global digital economy that is both secure and innovative.

Read more »
Technology
China China Government Digital ID digital identification technology Digital Identity Digital system Technology

China’s National Digital ID System Trials Begin Across 80 Internet Service Applications

 

China has initiated trials for its new national digital identification system across more than 80 internet service applications. This move follows the release of draft rules on July 26, with a public review and comment period open until August 25. The proposed system marks a significant step toward enhancing digital security and privacy for Chinese internet users. Internet users can now apply for their national digital ID by logging onto a mobile app called National Web Identification Pilot Version, developed by China’s Ministry of Public Security (MPS). 

This digital ID, which displays the user’s name, a “web number,” and a QR code, requires users to complete several verification steps, including national ID card verification and facial recognition. The digital ID can currently be used on 81 different applications, encompassing 10 public service platforms and 71 commercial apps. Notable platforms participating in the trial include the popular social media provider WeChat, the online shopping service Taobao, and the online recruitment platform Zhaopin. This broad implementation aims to test the ID’s functionality across a diverse range of services, highlighting its potential to streamline user identification and enhance security across various online activities. 

The proposed digital ID, detailed in a draft provision released by the MPS and the Cyberspace Administration of China (CAC), aims to reduce the amount of personal information that internet platforms can collect from their users. The draft rules state that applying for the digital ID is voluntary, offering users the choice to opt-in to this new system. This initiative is part of a broader effort to address privacy concerns and reduce the risk of data leaks, which have been exacerbated by the misuse of the current real-name registration system by some internet platforms. The current real-name registration system has allowed internet platforms to accumulate excessive amounts of personal information, leading to heightened privacy risks. The proposed digital ID system seeks to mitigate these risks by limiting the data collected by platforms. 

By requiring only essential information for verification, the digital ID aims to provide a more secure and privacy-conscious way for users to interact online. In addition to improving privacy, the digital ID system also promises to enhance convenience for users. With a single digital ID, users can seamlessly access multiple services without repeatedly providing personal information. This streamlined process not only simplifies the user experience but also reduces the opportunities for data to be misused or leaked. The trial of the national digital ID system represents a significant step towards addressing privacy issues while streamlining the process of user identification online. By implementing a digital ID, China aims to create a more secure and privacy-conscious internet environment for its users. 

This initiative reflects a growing recognition of the need for robust digital security measures in an increasingly interconnected world. As the public review and comment period progresses, feedback from users and stakeholders will be crucial in refining the digital ID system. The insights gained from this trial will help shape the final implementation, ensuring that the system effectively balances security, privacy, and user convenience. China’s commitment to enhancing digital security and privacy through this national digital ID system sets a precedent that could influence similar initiatives worldwide.
Read more »
User Privacy
China Data protection Digital Rights Privacy User Privacy

From Smartphones to State Security: The Reach of China’s New Surveillance Laws


China’s New Law Expands State Surveillance, Raises Global Concerns

China has enacted new restrictions under its Counter-espionage Law, shocking the international world and raising severe concerns about privacy and human rights. These guidelines, which went into effect on July 1, 2024, provide state security officers broad rights to inspect and search electronic equipment such as smartphones and computers, presumably in the name of national security. 

The "Provisions on Administrative Law Enforcement Procedures of National Security Organs" mark a considerable increase in state monitoring capabilities. Under the new legislation, authorities can now collect "electronic data" from personal devices such as text messages, emails, instant messages, group chats, documents, photos, audio and video files, apps, and log records. This broad mandate effectively converts each citizen's smartphone into a potential source of information for state security authorities.

Loopholes: Easy Searches and Broad Definitions

One of the most concerning downsides to these new regulations is the ease with which state security agents can conduct searches. According to Article 40 of the regulations, law enforcement officers can undertake on-the-spot inspections by just producing their police or reconnaissance cards, with the agreement of a municipal-level state security organ head. In an emergency, these checks can even be conducted without warrants, weakening safeguards against arbitrary enforcement. 

The regulations' ambiguous and sweeping nature is particularly concerning. Article 20 specifies "electronic data" and "audio-visual materials" as evidence that can be utilized in investigations, while Article 41 defines the "person being inspected" as not just the device's owner, but also its holder, custodian, or linked unit. This broad term may subject a wide range of individuals and organizations to examination.

Potential for Abuse and Privacy Invasion

Also, the regulations empower authorities to order individuals and organizations to stop utilizing specific electronic equipment, facilities, and related programs. In circumstances when people refuse to comply with "rectification requirements," state security agencies may seal or seize the gadgets in question. This provision opens the door to possible abuse, allowing the state to effectively muzzle dissenting voices or impede the functioning of organizations it considers harmful. 

The new guidelines also permit the "extraction," collecting, and storage of electronic data for evidence, as well as the seizure of original storage media. This level of penetration into personal data raises major problems regarding the preservation of privacy and confidential information, specifically foreign companies working in China.

Distrust and Limiting Free Expression

While the Ministry of State Security has attempted to soothe concerns by saying that these regulations would target "individuals and organizations related to spy groups" and that "ordinary passengers would not have their smartphones inspected at airports," the provisions' broad language leaves plenty of room for interpretation and potential abuse. 

The adoption of these laws coincides with the Chinese government's wider drive to encourage residents to be watchful against perceived risks to national security, including keeping an eye out for foreign spies in their daily lives. This culture of distrust, combined with additional powers provided to state security institutions, is likely to limit free expression and international participation in China.

Protecting Digital Rights

China's new legislation, which give state security organizations broad rights to examine and confiscate electronic devices, constitute a huge increase in the state's surveillance capabilities and a serious danger to individual privacy and freedom of speech. As the digital dragnet tightens, the international community must remain watchful and push for the protection of fundamental human rights in the digital era. The long-term repercussions of these actions may reach beyond China's borders, establishing a frightening precedent for authoritarian governance in the digital age.

Read more »
Web Shell
China ThinkPHP Vulnerabilities and Exploits Web Shell

Attackers Exploit 2018 ThinkPHP Vulnerabilities to Install ‘Dama’ Web Shells

 

Chinese threat actors are exploiting CVE-2018-20062 and CVE-2019-9082 vulnerabilities in ThinkPHP applications to install Dama, a persistent web shell.

The web shell allows for further exploitation of the compromised endpoints, such as enlisting them as part of the perpetrators' infrastructure to avoid detection in future operations. 

The first indications of this activity date back to October 2023, but according to Akamai analysts tracking it, the malicious behaviour has lately expanded and intensified.

Targeting old flaws

ThinkPHP is a popular open-source framework for developing online appps, particularly in China.

CVE-2018-20062, which was resolved in December 2018, is a vulnerability identified in NoneCMS 1.3 that allows remote attackers to execute arbitrary PHP code by manipulating the filter parameter. 

CVE-2019-9082 affects ThinkPHP 3.2.4 and older, which is used in Open Source BMS 1.1.1. It is a remote command execution issue that was addressed in February 2019.

The two weaknesses are exploited in this campaign to allow attackers to execute remote malware, impacting the underlying content management systems (CMS) on the target endpoints. 

Specifically, the attackers exploit the vulnerabilities to download a text file called "public.txt," which is actually the obfuscated Dama web shell saved as "roeter.php.”

The payload is downloaded from hacked servers in Hong Kong, and the attackers gain remote server control after a simple authentication step with the password "admin." 

According to Akamai, the servers delivering the payloads are infected with the same web shell, implying that compromised systems are being used as nodes in the attacker's infrastructure. 

Mitigation 

Exploiting 6-year-old flaws serves as another reminder of the ongoing issue of inadequate vulnerability management, as attackers in this case use security vulnerabilities that were patched a long time ago. 

The recommended course of action for potentially impacted organisations is to upgrade to the most recent ThinkPHP version, 8.0, which is safe against known remote code execution flaws. 

Akamai further adds that the campaign's targeting reach is vast, including systems that do not use ThinkPHP, implying opportunistic goals.
Read more »
unauthorized disclosures
China cyber attack Cyber Security cyber threat Data Breach data incidents government data breaches MoD data breaches Russia UK national security unauthorized disclosures

400% Increase in MoD Data Breaches Sparks Fears of Cyber Threats from Russia and China

 

Data breaches within the Ministry of Defence (MoD) have surged nearly fivefold over the past five years, raising concerns about the UK's resilience against cyber threats from nations like Russia and China. MoD figures reveal 550 data incidents last year, up from 117 in 2017-18.

Ministers also disclosed that the Information Commissioner’s Office (ICO) is currently investigating three personal data incidents at the MoD. Both the Conservative and Labour parties have prioritized national security in their election campaigns amid global instability and threats from Russia, China, North Korea, and Iran.

Recent warnings suggest the upcoming UK general election could be targeted by cyber attacks and AI deep fakes from hostile states. Many breaches involve unauthorized disclosures by MoD staff, exacerbating concerns about security in a department recently hit by a suspected Chinese cyber attack.

Labour criticized the Conservative government for its “lax approach to cyber security,” promising that a Keir Starmer administration would prioritize the UK's security. However, Prime Minister Rishi Sunak countered by questioning Labour’s national security stance, highlighting Starmer’s past support for Jeremy Corbyn as a potential risk.

Earlier this month, it was revealed that the MoD’s payroll system, managed by contractor SSCL, suffered a major hack attributed to China. Deputy Prime Minister Oliver Dowden, in a letter to shadow Cabinet Office minister Pat McFadden, stated that the Government has enhanced security measures in its procurement processes following this breach.

In 2017-18, the MoD reported 117 data breaches, including unauthorized disclosures, lost equipment or documents, and insecure document disposal. By 2022-23, breaches had risen to 550, with unauthorized disclosures making up the majority. In 2023, the ICO fined the MoD £350,000 after 265 individuals' details were compromised in email breaches following the Taliban’s takeover of Afghanistan.

Defence Minister Andrew Murrison recently confirmed that the ICO has three ongoing investigations into personal data incidents at the MoD. Shadow Defence Secretary John Healey criticized the MoD’s worsening data security record, noting that breaches have tripled over five years, and vowed that a Labour government would enhance the UK’s cyber-security.

Defence Secretary Grant Shapps announced an urgent investigation into the recent MoD payroll cyber attack and a broader review of SSCL’s contracts with the MoD and other Whitehall departments. Dowden emphasized the importance of strengthening domestic cyber resilience to achieve national and international security goals. The Cabinet Office has implemented measures to ensure robust data security requirements in procurement contracts with third-party contractors across Whitehall.
Read more »
Privacy Concern
China Data collection Electric Vehicle Privacy Privacy Concern

Privacy and Security Risks in Chinese Electric Vehicles: Unraveling the Data Dilemma

Privacy and Security Risks in Chinese Electric Vehicles: Unraveling the Data Dilemma

The rapid rise of electric vehicles (EVs) has transformed the automotive industry, promising cleaner energy and reduced emissions. But as we enjoy this automotive transformation, we must also grapple with the intricate web of data collection and privacy concerns woven into these high-tech machines. 

One particular area of interest is Chinese-made EVs, which dominate the global market. This blog post delves into the privacy and security risks associated with these vehicles, drawing insights from a recent investigation.

The Cyber Angle

In 2022, Tor Indstøy purchased a Chinese electric vehicle for $69,000 to accommodate his growing family.

Indstøy had an ulterior motivation for purchasing an ES8, a luxury SUV from Shanghai-based NIO Inc. The Norwegian cybersecurity specialist wanted to investigate the EV and see how much data it collects and transmits back to China.

He co-founded Project Lion Cage with several industry acquaintances to examine his SUV and release the findings.

Since its inception in July 2023, Indstøy and his crew have provided nearly a dozen status reports. These have largely consisted of them attempting to comprehend the enormously complex vehicle and the operation of its numerous components.

The $69,000 Chinese Electric Vehicle Under Scrutiny

In a fascinating experiment, Norwegian cybersecurity researcher Tor Indstøy purchased a $69,000 Chinese electric vehicle—an ES8 luxury SUV manufactured by Shanghai-based NIO Inc. His motive? To dissect the vehicle, uncover its data practices, and shed light on potential risks. 

The project, aptly named “Project Lion Cage,” aims to answer critical questions about data privacy and security in EVs.

The Complexity of EVs: A Data Goldmine

Electric cars are not mere transportation devices; they are rolling data centers. Unlike their gas-powered counterparts, EVs rely heavily on electronic components—up to 2,000 to 3,000 chips per vehicle. 

These chips control everything from battery management to infotainment systems. Each chip can collect and transmit data, creating a vast information flow network within the vehicle.

However, studying EVs is also a challenge. Traditional cybersecurity tools designed for PCs and servers need to improve when dealing with the intricate architecture of electric cars. Researchers like Indstøy face unique challenges as they navigate this uncharted territory.

Privacy Concerns: What Data Lies Beneath?

Indstøy and his team have identified potential areas of concern for the NIO ES8, but no major revelations have been made.

One example is how data gets into and out of the vehicle. According to the researchers, China received over 90% of the communications, which contained data ranging from simple voice commands to the car to the vehicle's geographical location. Other destinations included Germany, the United States, the Netherlands, Switzerland, and others.

Indstøy suggests that the ambiguity of some communications could be a source of concern. For example, the researchers discovered that the car was regularly downloading a single, unencrypted file from a nio.com internet address, but they have yet to determine its purpose.

The Geopolitical Angle

China’s dominance in the EV market raises geopolitical concerns. With nearly 60% of global EV sales happening in China, the data collected by these vehicles becomes a strategic asset. 

Governments worry about potential espionage, especially given the close ties between Chinese companies and the state. The Biden administration’s cautious approach to Chinese-made EVs reflects these concerns.

Read more »
Vulnerabilities and Exploits
China Exploit Hacker Groups Ivanti security flaws Researchers Security Vulnerabilities and Exploits

Researchers Uncover Numerous Chinese Hacker Collectives Exploiting Ivanti Security Vulnerabilities

 

Several threat actors with connections to China have been identified as responsible for exploiting three security vulnerabilities affecting Ivanti appliances. These vulnerabilities are identified as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893.

Mandiant, a cybersecurity firm, has been monitoring these clusters of threat actors, identifying them under the names UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Among them, UNC3886, a Chinese hacking group, has been previously known for exploiting zero-day bugs in Fortinet and VMware systems to infiltrate networks.

Financially motivated actors have also been observed exploiting CVE-2023-46805 and CVE-2024-21887, likely for cryptocurrency mining purposes.

UNC5266 overlaps in part with UNC3569, a China-nexus espionage actor that has been observed exploiting vulnerabilities in Aspera Faspex, Microsoft Exchange, and Oracle Web Applications Desktop Integrator, among others, to gain initial access to target environments," Mandiant researchers said

Post-exploitation activities by these threat actors often involve deploying malicious tools such as the Sliver command-and-control framework, WARPWIRE credential stealer variant, and a new backdoor named TERRIBLETEA, which comes with various functionalities like command execution and keylogging.

UNC5330 has been combining CVE-2024-21893 and CVE-2024-21887 to target Ivanti Connect Secure VPN appliances, leveraging custom malware like TONERJAM and PHANTOMNET for further actions. These include reconnaissance, lateral movement, and compromising LDAP bind accounts for higher privileges.

UNC5337, another China-linked group, has been using CVE-2023-46805 and CVE-2024-218 to infiltrate Ivanti devices since January 2024, deploying a custom malware toolset known as SPAWN. This toolset includes components like SPAWNSNAIL, SPAWNMOLE, SPAWNANT, and SPAWNSLOTH, designed for stealthy and persistent backdoor access.

Mandiant assesses with medium confidence that UNC5337 and UNC5221 might be the same group, highlighting the sophistication of their tools aimed at avoiding detection.

UNC5221 has also been associated with various web shells and a Perl-based web shell called ROOTROT, which is embedded into legitimate files to evade detection. Successful deployment of these shells leads to network reconnaissance and lateral movement, potentially compromising vCenter servers with a Golang backdoor named BRICKSTORM.

Finally, UNC5291, likely associated with another group called UNC3236, has been targeting academic, energy, defense, and health sectors, focusing on Citrix Netscaler ADC initially before shifting to Ivanti Connect Secure devices.

These findings emphasize the ongoing threat posed by edge appliances, with threat actors utilizing a combination of zero-day vulnerabilities, open-source tools, and custom backdoors to evade detection and maintain access to networks for extended periods. access to target systems.
Read more »
UK
China Cyber Attacks data security Digital Personal Data Protection NHS UK

Safeguarding the NHS: Protecting Against Potential Cyber Attacks from China

 

Recent concerns have surfaced regarding the vulnerability of the NHS to cyberattacks, particularly from China. Reports indicate that Beijing-backed actors exploited software flaws to access the personal details of millions of Britons. As experts in cybersecurity, it's crucial to address these fears and provide insights into safeguarding against potential cyber threats. 

The prospect of a cyber attack on the NHS by hostile actors underscores the critical importance of robust cybersecurity measures. With the personal details of 40 million Britons potentially compromised, the stakes are high, and proactive steps must be taken to protect sensitive data and preserve public trust in the healthcare system. 

One of the primary concerns raised by these reports is the exploitation of software flaws to gain unauthorized access to personal information. Vulnerabilities in software systems can provide entry points for cybercriminals to launch attacks, compromising the integrity and security of sensitive data stored within NHS databases. 

Furthermore, the involvement of state-backed actors adds a layer of complexity to the threat landscape. Nation-state cyber-attacks are often sophisticated and well-coordinated, making them particularly challenging to defend against. As such, healthcare organizations must remain vigilant and adopt comprehensive security measures to detect and deter potential threats. To defend against potential cyber attacks from China or any other threat actor, the NHS must prioritize cybersecurity at every level. 

This includes implementing robust security protocols, conducting regular risk assessments, and investing in advanced threat detection and response capabilities. Additionally, healthcare professionals and staff members must receive comprehensive training on cybersecurity best practices to recognize and respond to potential threats effectively. By fostering a culture of security awareness and vigilance, the NHS can strengthen its defenses against cyber attacks and mitigate the risk of data breaches. 

Collaboration and information sharing are also essential components of an effective cybersecurity strategy. By partnering with government agencies, cybersecurity experts, and industry stakeholders, the NHS can stay ahead of emerging threats and leverage collective intelligence to bolster its security posture. 

While the prospect of a cyber attack on the NHS is concerning, it's essential to approach these threats with a proactive and informed mindset. By implementing robust cybersecurity measures, fostering a culture of security awareness, and collaborating with relevant stakeholders, the NHS can enhance its resilience against potential cyber threats and safeguard the personal data of millions of Britons.
Read more »
United States
China Confidential Data Cyber Crime cyber espionage Data Leak United States

Former Google Employee Charged with Stealing AI Secrets

 

A former Google software engineer has been charged with stealing the company's artificial intelligence trade secrets while surreptitiously working for two Chinese companies, the Justice Department announced Wednesday. 

Linwei Ding, a Chinese national, was arrested in Newark, California, for four charges of federal trade secret theft, each punishable by up to ten years in prison. 

Attorney General Merrick Garland announced the case against Ding, 38, at an American Bar Association conference in San Francisco. Garland, along with other law enforcement leaders, has repeatedly warned about the threat of Chinese economic surveillance as well as the national security concerns posed by developments in artificial intelligence and other novel technologies.

“Today’s charges are the latest illustration of the lengths affiliates of companies based in the People’s Republic of China are willing to go to steal American innovation,” FBI Director Christopher Wray noted in a statement. “The theft of innovative technology and trade secrets from American companies can cost jobs and have devastating economic and national security consequences.” 

Google said it came to the conclusion that the employee had stolen "numerous documents" and had referred the case to law enforcement. 

“We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets,” Google spokesman Jose Castaneda explained. “After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement. We are grateful to the FBI for helping protect our information and will continue cooperating with them closely.”

Artificial intelligence is the primary battleground for high-tech competitors, and who dominates can have far-reaching commercial and security repercussions. In recent weeks, Justice Department leaders have warned that foreign foes may use AI technologies to target the United States. 

Deputy Attorney General Lisa Monaco stated in a speech last month that the administration's multi-agency Disruptive Technology Strike Force would prioritise AI enforcement, and Wray told a conference last week that AI and other novel technologies had made it easier for attackers to try to interfere with the American political process. 

The indictment, unsealed Wednesday in the Northern District of California, alleges that Ding, who was hired by Google in 2019 and had access to sensitive information regarding the firm's supercomputing data centres, began uploading hundreds of files to a personal Google Cloud account two years ago. 

According to prosecutors, Ding was offered the post of chief technology officer at an early-stage technology business in China that advertised its use of AI technology and gave him a monthly salary of around $14,800, plus an annual bonus and company stock, just weeks after the theft started. The indictment says Ding travelled to China to attend investor meetings and seek funding for the company. 

In January, the FBI filed a search warrant at Ding's house and seized his electronic equipment, followed by an additional warrant for the contents of his personal accounts, which contained more than 500 distinct files of classified data that investigators claim he stole from Google.
Read more »
Vulnerability management
China Cyber Security Cyber Threats Cybersecurity Dutch intelligence espionage FortiGate devices Malware Detection RAT Threat actors Vulnerability management

China Caught Deploying Remote Access Trojan Tailored for FortiGate Devices

 

The Military Intelligence and Security Service (MIVD) of the Netherlands has issued a warning regarding the discovery of a new strain of malware believed to be orchestrated by the Chinese government. Named "Coathanger," this persistent and highly elusive malware has been identified as part of a broader political espionage agenda, targeting vulnerabilities in FortiGate devices.

In a recent advisory, MIVD disclosed that Coathanger was employed in espionage activities aimed at the Dutch Ministry of Defense (MOD) in 2023. Investigations into the breach revealed that the malware exploited a known flaw in FortiGate devices, specifically CVE-2022-42475.
Coathanger operates as a second-stage malware and does not exploit any novel vulnerabilities. 
Unlike some malware that relies on new, undisclosed vulnerabilities (zero-day exploits), Coathanger operates as a second-stage malware and does not exploit any novel vulnerabilities. However, the advisory emphasizes that it could potentially be used in conjunction with future vulnerabilities in FortiGate devices.

Described as stealthy and resilient, Coathanger evades detection by concealing itself through sophisticated methods, such as hooking system calls to evade detection. It possesses the capability to survive system reboots and firmware upgrades, making it particularly challenging to eradicate.

According to Dutch authorities, Coathanger is just one component of a larger-scale cyber espionage campaign orchestrated by Chinese state-sponsored threat actors. These actors target various internet-facing edge devices, including firewalls, VPN servers, and email servers.

The advisory issued by Dutch intelligence underscores the aggressive scanning tactics employed by Chinese threat actors, who actively seek out both disclosed and undisclosed vulnerabilities in edge devices. It warns of their rapid exploitation of vulnerabilities, sometimes within the same day they are made public.

Given the popularity of Fortinet devices as cyberattack targets, businesses are urged to prioritize patch management. Recent reports from Fortinet highlighted the discovery of two critical vulnerabilities in its FortiSIEM solution, emphasizing the importance of prompt patching.

To mitigate the risk posed by Coathanger and similar threats, intelligence analysts recommend conducting regular risk assessments on edge devices, restricting internet access on these devices, implementing scheduled logging analysis, and replacing any hardware that is no longer supported.
Read more »
Three Brotherhood Alliance
China Cyber Scams Cyber Security Myanmar Online Scams Pig Butchering rebel groups Three Brotherhood Alliance

Myanmar Rebels Take Authority of ‘Pig Butchering’ Scam City Laukkaing


Well known for being a hub for online scams near the border with China, Laukkaing is presently under the authority of a coalition of rebel groups in Myanmar.

On Thursday, the Three Brotherhood Alliance, which had conducted a surprise attack in Shan state, on the country's northern border, in late October, took over the city from the military administration of Myanmar. The rebel organization claims that the military has given up control over the Kokang region, which is about the size of Lebanon.

Since the beginning of the campaign, the coalition has indicated its plans to deal with the organized scams that have emerged under the watch of militias loyal to the ruling junta. 

“To eradicate telecommunications fraud, fraud dens and their protective umbrellas across the country, including the China-Myanmar border areas, our three coalition forces decided to jointly carry out this military operation,” the coalition stated upon the launch of the offensive.

The rebel groups' emphasis on the flourishing scam sector is probably an attempt to win over China, which has grown weary of seeing its citizens targeted into the compounds to conduct scams, or worse, targeted by so-called 'pig butchering scams.'

Over last weekend, junta leader Senior Gen. Min Aung Hlaing met with Chinese Vice Foreign Minister Sun Weidong in Naypyidaw to discuss border security and organized crime.

“The two sides will jointly maintain peace and stability on the China-Myanmar border, cooperate to combat cross-border criminal activities such as telecommunications fraud, and jointly promote regional peace, tranquillity, development and prosperity,” stated the Chinese Foreign Ministry in the meeting.

As per a state media outlet China Daily, Wang Xiaohong, Minister of Public Security also attended a virtual meeting with Myanmar’s Home Affairs Minister, Lt. Gen. Yar Pyae, where they both agreed to strengthen law enforcement to protect security and stability in border areas, especially by stepping up efforts to deal with online and telecom fraud.

According to a UN report from August 2023, around 120,000 individuals were coerced into scamming operations in Myanmar. In most cases, pig butchering scams entail a con artist establishing a rapport with a victim via social media, dating services, or messaging apps.

On January 5, Chinese state media reported that 41,000 individuals implicated in telecom fraud in Myanmar were turned over to Chinese police in the previous year. The number of people that were taken into custody who were trafficked is unknown.

Observers have cautioned that despite the crackdown in northern Myanmar, activities might easily move to criminal areas elsewhere in the nation, particularly near the borders with Thailand and Laos.  

Read more »
Security incidents
China China Government China's MIIT Color-coded contingency plan Cyber Security MIIT Security incidents

China’s MIIT Proposes Color-coded Contingency Plan for Security Incidents


On Friday, China proposed a four-tier classification system, in an effort to address data security incidents, underscoring concerns of Beijing in regards to the widespread data leaks and hacking incidents in the country. 

This emergency plan comes when the country is facing increased geopolitical tensions with the United States and its allies and follows an incident last year where a threat actor claimed to have gained access to a massive amount of personal data belonging to over a billion Chinese individuals from the Shanghai police.  

China’s Ministry of Industry and Information Technology (MIIT) released a detailed document outlining the procedures that local governments and businesses should follow in evaluating and handling issues of data leaks.  

The plan, which is currently seeking public input, suggests a four-tiered, colour-coded system based on the extent of harm done to the economy, a company’s online and information network, or the running of the economy. 

As per the plan, data breach incidents that involve losses worth a billion yuan ($141 million) or more, and affect the "sensitive" information of over 10 million people will be classified as "especially grave". These will be incidents that must issue a red warning, according to the plan.

MIIT released a 25-page document, where it classified all instances of data being unlawfully accessed, leaked, destroyed, or altered into four hierarchical tiers, based on the extent and severity of the harm inflicted. The classification is as follows: 

  • Red (“especially significant”): This level signifies that the disturbance and shutdown of operations lasted for more than 24 hours, with economic loss of more than 1 billion yuan, or the personal data of more than 100 million people being compromised, or sensitive data of more than 10 million people.
  • Orange (“significant”): This suggests that the interruption lasted for more than 12 hours, with a financial loss between 100 million and 1 billion, or the compromise of personal data of over 10 million people, or sensitive data of more than 1 million people.
  • Yellow (“Yellow”): It implies that the interference lasted for more than 8 hours, with an economic loss ranging between 50 million yuan and 100 million yuan, or affected the personal information of over 1 million people, or sensitive data of more than 100,000 people.
  • Blue (“General”): Incidents involved in this category are comparatively minor, with interruption lasting less than eight hours, with financial compromise of less than 50 million yuan, or affected personal data of less than 1 million people, or sensitive data of less than 100,000 people.

The plan stipulates, among other things, that in the event of red or orange warnings, the concerned companies and the local regulatory authorities shall set up a 24-hour work schedule to handle the situation and notify MIIT of the data breach within 10 minutes of the incident occurring.

A statement by MIIT reads, "If the incident is judged to be grave... it should be immediately reported to the local industry regulatory department, no late reporting, false reporting, concealment or omission of reporting is allowed.”  

Read more »
transport
China Data Breaches geographic Military Safety Security transport

China Issues Alert on Geographical Information Data Breaches Impacting Transportation and Military

 

 China has recently issued a stern warning regarding the use of foreign geographic software, expressing serious concerns about the potential leakage of critical information related to its essential infrastructure and military. The Ministry of State Security, while refraining from directly attributing blame, has asserted that the identified software is equipped with "backdoors," designed to facilitate deliberate and unauthorized access to sensitive data.

This cautionary move comes at a time of heightened global tensions, with China prioritizing the reinforcement of security measures within key industries. This focus on security has been particularly accentuated amid increased saber rattling towards Taiwan and continued assurances from the United States to the island nation.

There is a growing suspicion that China may be involved in a series of recent cyberattacks aimed at probing the infrastructure of the United States. The alleged objective is to develop a comprehensive attack playbook, presumably in anticipation of potential hostilities between the two superpowers.

In response to these concerns, the United States has taken proactive steps to secure the domestic production of semiconductors, earmarking substantial investments under the CHIPS Act. The objective is to establish semiconductor manufacturing facilities across the country, a move considered essential for national security.

This strategic initiative by the United States is underscored by the perceived risk of Chinese espionage associated with the current reliance on semiconductor imports from production hubs in East Asia. The investment in domestic semiconductor production is thus framed as a crucial measure to mitigate vulnerabilities and safeguard national interests in the face of evolving geopolitical dynamics..
Read more »
Subscribe to: Posts (Atom)