Chinese Hackers

How Chinese Hackers Are Targeting Corporate Networks and Government Systems

Chinese Hackers: Infiltrating Governments,

Infrastructure, and Corporate Networks Worldwide

The U.S. Department of Justice recently announced the crackdown of a Chinese Hackers government-backed hacker group that affected more than 200,000 devices worldwide. Experts believe that compared to government facilities with rich information security resources, hackers disguised as cyber criminals infiltrating civilian devices are more difficult to defend against.

The scope of the attack targets has expanded and deepened, and an organized operation mode has been formed

On September 18, FBI Director Christopher Wray said that federal law enforcement agencies have dismantled a large Chinese hacker group nicknamed “Flax Typhoon” and explained that the group’s ultimate goal is to invade water treatment plants, power grids and transportation systems across the United States. Its means are to use malware to infect a variety of consumer devices, including routers, cameras, digital cameras and network storage devices, in order to establish a huge “botnet,” or infected computer network.

The FBI said the group was backed by the Chinese government. “The botnet devices were influenced by Chinese-funded hackers working for the Beijing-based Integrity Technology Group,” the Justice Department said in a statement.

 Chinese Hackers Are Targeting
  Chinese Hackers 

On the same day, cyber officials from the United Kingdom, Canada, Australia and New Zealand also accused Yongxin Zhicheng Technology Group of being behind malicious cyber operations, saying that as of June this year, the organization had compromised more than 250,000 devices worldwide.

In response to the allegations, the Chinese Embassy in Washington issued a statement accusing U.S. law enforcement agencies of making baseless claims.

Lennon Chang, a professor at the School of Information Technology at Deakin University in Australia, pointed out that “Typhoon Flax” mainly controls defects by implanting malicious software, including computer lenses or some digital storage devices. In addition to government agencies, the targets of the attack also include important infrastructure such as media and schools, as well as non-infrastructure equipment or even personal devices.

He believes that what is more worrying is that most countries currently focus on the network security of critical infrastructure, and the information security protection and information security resilience of small and medium-sized enterprises appear to be relatively weak in resource allocation.

The boundary between cybercrime and cyber security is being exploited by China to take advantage of the situation.

“Such a distinction allows those with ulterior motives to disguise themselves through cybercrime, slowly infiltrate the target, and then launch a large-scale attack, such as planting a large amount of malware in Taiwan or some democratic countries, and then launching an attack when the right opportunity comes.”

Zhang Yaozhong said that Chinese hacker groups are becoming more and more adept at using this boundary to launch large-scale attacks on civilian units and to collect comprehensive information on democratic countries in order to more accurately analyze the current situation in various countries.

In an interview with VOA, Yu Xiaobin, former executive director of the Taiwan Institute for Information Industry, said it is normal for China to use hacker groups to conduct espionage against the United States, Taiwan or some democratic countries, and that China does have professional departments engaged in these activities, both in the physical world and in the cyber world.

Dr. Lee Chung-chih, a Taiwan-based IT security chief who holds an International Organization for Standardization certified information security management system lead auditor license, said that since entering the cyber world, Chinese regulatory authorities have invested a lot of manpower, funds, and R&D technology in “all” cyber operations. He pointed out that compared with the past, Chinese hackers’ espionage operations against democratic countries have produced several differences and have become a trend.

“The first is that the scope is wider, not just limited to government agencies, but also extends to some industries, such as high-tech, electronics, biotechnology, energy, or defense-related manufacturing. The second is that the scope is deeper, not just taking away the database of an organization, but even invading the operating system of the organization and hiding inside.”

Li Zhongzhi pointed out that Chinese hackers have also formed an organizational model.From the recently discovered backdoor programs or other traces, it can be known which hacker group is responsible for this attack. He said that hackers and information security protection are like “spear and shield”. Facing China’s comprehensive, advanced and uninterrupted cyber attacks, many countries have realized the importance of strengthening information security. For example, Taiwan, which was the first target of the attack, established the Information Security Bureau of the Executive Yuan Digital Development Department to respond to the crisis brought about by hacker actions.

Taiwan has been unable to adequately pass legislation to protect against cyberattacks due to political uncertainty

Microsoft said in August last year that “Typhoon Tamarin” has been active since mid-2021 and has targeted dozens of government agencies in Taiwan as well as computer systems in education, information technology, manufacturing and other fields, intending to conduct espionage activities and may maliciously attack or hack into the internal systems of government agencies to steal data.

Li Zhongzhi, chief security officer of a Taiwanese technology company, said that in the face of constant attacks from Chinese hackers, Taiwan does not have enough legal authority to respond in real time.

He said: “China’s online e-commerce services are now openly available on the streets of Taiwan; Taiwan’s ISPs are also acting as agents for China’s cloud e-commerce services, and are even co-marketing with Chinese venture capital funds.”

Li Chongzhi pointed out that hacker attacks must be blocked, sources traced, evidence collected, and the scope of infection tracked in the first place. These require strong legal authorization and law enforcement agencies. However, due to the majority of opposition parties in Taiwan’s Legislative Yuan and their relatively pro-China stance, relevant legislation such as the Technology Detection and Prevention Act, the Homeland Security Act, and the Anti-Terrorism Act have not been passed.

Yu Xiaobin, former CEO of the Taiwan Institute for Information Industry, said that in fact, in terms of technology, strengthening simple measures can play a role in network defense. He pointed out that the method of “Typhoon Flax” is relatively complex, but not special. He pointed out that from the Microsoft report, the hacker group is using known vulnerabilities, and the technology they use is not a unique special tool, which means that if each target organization has patched these vulnerabilities and updated its firewalls and network threat intelligence, it will not be damaged for the time being.

Zhang Yaozhong, a professor at the School of Information Technology at Deakin University in Australia, said that Taiwan has always been an important target of China’s cyber attacks and has accumulated a lot of defensive experience, including combating false information and gray warfare activities.

He said: “Taiwan actually has a lot to learn from democratic countries. Democratic countries should not be affected by China’s pressure and affect cooperation with Taiwan in regional joint defense, cyber attacks, or even cyber warfare.”

Artificial intelligence will be the new tool for hackers in the future

Last year, the FBI first identified the first Chinese Communist Party-backed hacker group, Volt Typhoon, and in February this year said it had dismantled the group, saying the network targeted critical public infrastructure such as water treatment plants and transportation systems at the request of China. Regarding the operation to dismantle Volt Typhoon, Director Wray said: “This is just one round in a longer battle.”

Mr. Yang, a Taiwanese engineer who has worked in the Silicon Valley technology industry for a long time, told VOA that generally speaking, countries do not make a high-profile announcement when they uncover espionage activities, because keeping a low profile gives them a better chance of catching more spies. He was curious about whether there was any special purpose behind the high-profile announcement of the “Linen Typhoon” by the U.S. Department of Justice. Mr. Yang said that perhaps this was a pre-emptive move for the government to pass certain bills.

In this regard, a senior Taiwanese technology executive who was not allowed to be named due to his position said that if the incident was sorted out, it would be found that the case was very interesting. He pointed out that the FBI said that “Flax Typhoon” was the mastermind behind the “Yongxin Zhicheng Technology Group”, and pointed out that the group was highly related to the Chinese government. Then it was pointed out that “Flax Typhoon” invaded a large number of devices around the world, and said that the functions of those low-level networked devices themselves were not affected, but “Flax Typhoon” used “zombie networks” to attack specific websites. The FBI also said that it seized control of the zombie network of “Flax Typhoon” through the Internet, and also took the opportunity to repair the security vulnerabilities of many controlled network devices through the “zombie network”, and then claimed that “Flax Typhoon” seemed to have abandoned the “zombie network”, and the FBI had won a major victory. He believes that the whole routine can’t help but make people doubt the purpose of the United States’ high-profile disclosure.

Chinese Hackers

Zhang Yaozhong, a professor at the School of Information Technology at Deakin University in Australia, said that unlike in the past, this time the United States, Australia and other countries have clearly pointed out the connection between the Chinese government and hacker groups, which has indeed played a big role in regional joint defense.

He said: “Explicitly naming cyber attacks from totalitarian countries such as China or Russia may not necessarily have any clear results, nor will it necessarily lead to these named countries actively assisting and cooperating, but it can make the public more clear about which countries are supporting hacker attacks, and it will also have a clearer direction for the selection of targets for regional joint defense.”

Yu Xiaobin, former CEO of the Taiwan Institute for Information Industry, believes that the capabilities of Chinese hacker groups should be far greater than that of “Typhoon Flax”, but there are still many actions that have not been discovered or cracked. He said that China will adopt artificial intelligence in network operations and may have made progress, which will greatly enhance their ability to conduct network attacks and defenses.

Li Zhongzhi, the chief information security officer of a Taiwanese technology company, believes that artificial intelligence is indeed an important tool for hackers in the future. He said: “Chinese hackers can use generative AI (artificial intelligence) to quickly produce and deform backdoor software, invade databases, interfere with algorithms to achieve set effects, synthesize fake news images, push specific information, and engage in cognitive warfare, and even directly destroy the cooling mechanism of hardware to cause paralysis, create false alarms for the Internet of Things, etc.”

He pointed out that based on the laws of cost and competition, only by providing layers of protection to increase the cost of hacker intrusion can defense be effectively improved.

follow us for more : https://trendwatchdaily.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top
Verified by MonsterInsights