The Patriot Files Forums  

Go Back   The Patriot Files Forums > Warfare > Cyber

Post New Thread  Reply
Thread Tools Display Modes
Old 03-25-2020, 05:48 AM
Boats's Avatar
Boats Boats is offline
Senior Member

Join Date: Jul 2002
Location: Chicago, IL
Posts: 15,179
Arrow Chinese Hackers Attacked Foreign Health Care, Military, Oil Networks as Coronavirus H

Chinese Hackers Attacked Foreign Health Care, Military, Oil Networks as Coronavirus Hit China
By: Patrick Tucker - Technology Editor - Defence One News - 03-25-20

In January, the ‘widespread’ assault targeted a vulnerability in virtual desktops, cloud computing, and network applications, FireEye announced.

As the coronavirus epidemic reached crisis level in Wuhan, China, in January, a known group of state-backed cyber hackers launched attacks at healthcare companies and other key industries outside the country, according to cybersecurity company FireEye.

FireEye announced their findings on the attacks Wednesday morning, calling it “one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years.

The Chinese hackers, a group known as APT41, are affiliated with the government but also conduct financial crimes for personal gain. FireEye reports that they targeted a specific known vulnerability in the national vulnerabilities database (CVE-2019-19781 affecting Citrix Application Delivery Controllers) on Jan. 20. The vulnerability could allow attackers to exploit virtual desktop, cloud computing, and networking applications to steal data. The group also hit military installations and oil and gas targets, FireEye said, without naming where or in which countries to protect the identity of their clients.

FireEye says there was a dropoff in the group’s cyberattacks five days later, around the Chinese New Year, which occurred on Jan. 25, which is common among China-based threat groups. China began to implement very strict quarantine measures in Hubei province on Jan. 23 suggesting that the activity was going on as the pandemic picked up momentum. There was another drop off between Feb. 2 and 19.

“While it is possible that this reduction in activity might be related to the COVID-19 quarantine measures in China, APT41 may have remained active in other ways which we were unable to observe with FireEye telemetry,” they write in a blogspot posted Wednesday. Defense One is unable to independently verify their claims.

Activity picked up again shortly after Feb. 19, they report. The current wave of attacks “seems to reveal a high operational tempo and wide collection requirements for APT41.”

Esper to DOD: Expect to Telework for ‘Weeks For Sure, Maybe Months’
Defense Industry to DOD: If We Send Workers Home, Will You Penalize Us?
Thermal Camera Market Explodes as Coronavirus Spreads

Receive daily email updates:

Subscribe to the Defense One daily.

Be the first to receive updates.

Enter your email
The unprecedented level of remote working and living during the coronavirus pandemic has also seen an increase in cyberattacks, most notably phishing attacks targeting individuals with phony links and emails, according to cybersecurity company CrowdStrike. Attackers are coming from, but are not limited to sources inside China.

“We’re seeing this from both nation-state actors, notably groups in China we track under PANDA designations, as well as criminal groups,” Robert Sheldon, CrowdStrike director of Government Technology Strategy, said in an email to reporters on Monday. PANDA is how CrowdStrike designates advanced persistent threat groups from China.

The Pentagon has been worried about increased cyberattacks in light of increased telework. On March 16, during a “virtual town hall, Essye Miller, DOD’s principal deputy chief information officer, said that adversaries are “already taking advantage of the situation and the environment that we have on hand.”

On Tuesday, Defense Secretary Mark Esper reminded Defense Department personnel in another virtual town hall that working from home carried its own risks.

“If you’re teleworking, if you’re doing anything that involves the networks and IT, be very, very careful of IT vulnerabilities. We are a little bit more exposed when we’re doing telework,” he said.

About this writer: Patrick Tucker is technology editor for Defense One. He’s also the author of The Naked Future: What Happens in a World That Anticipates Your Every Move? (Current, 2014). Previously, Tucker was deputy editor for The Futurist for nine years.

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

sendpm.gif Reply With Quote
Sponsored Links

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 11:42 PM.

Powered by vBulletin, Jelsoft Enterprises Ltd.