12-30-19 “Based on victim information the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues," said today Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft.
"Most targets were based in the U.S., as well as Japan and South Korea," Burt added. The Microsoft exec said that in many of these attacks the end goal was to infect victims with malware, such as KimJongRAT and BabyShark, two remote access trojans (RATs). Once installed on a victim's computer, this malware exfiltrates information from it, maintains a persistent presence and waits for further instructions," Burt said.
This is not the first time when Microsoft used a court order to hinder the operations of foreign government-backed hacking groups.
Microsoft used this approach 12 times against a Russian group known as Strontium (APT28, Fancy Bear), successfully taking down 84 domains -- the last time being in August 2018.
It also used a court order to seize 99 domains operated by Phosphorus (APT35), an Iran-linked cyber-espionage outfit. Microsoft also used court orders to disrupt the operations of Barium, a Chinese government-backed hacking group. https://www.zdnet.com/article/microsoft-takes-down-50-domains-operated-by-north-korean-hackers/
…………………….
Jan 2020 The malware used in the Dec. 29 attack, dubbed Dustman, contains multiple malicious files, including a wiper, which destroys data. Saudi authorities described Dustman as a variant of malware that had been used in data-wiping attacks against industrial organizations in the Middle East late last year. IBM, which uncovered that attack, attributed it to APT34, a hacking group associated with the Iranian government….
The Dustman malware is “consistent with Iranian capability and operations going back to 2012,” said Adam Meyers, vice president of intelligence at cybersecurity company CrowdStrike, referring to the 2012 attack on Saudi Aramco. “It’s the latest variant in a line of wiping tools that’s meant to cause data disruption and destruction.”…
Meyers compared Iran’s alleged data-destroying operations against Saudi organizations to the way Russian hackers conduct waves of cyberattacks on Ukrainian targets as a means of regional intimidation.
“It’s meant to have a psychological impact on the target,” he said. https://www.cyberscoop.com/saudi-arabia-iran-cyberattack-soleimani/
…………………….….
1-5-20 On June 28, 2019 Qingshan Li landed in Southern California on a flight from China. Li, a Chinese national visiting the US on a tourist visa, was scheduled to return home 10 days later. The day after he arrived, Li drove his rental car to a storage facility in the San Diego area. There he met up with an unidentified person named in court filings only as “AB,” from whom Li had arranged to purchase several pieces of sensitive military gear.
Li’s case, which has not been previously reported and is described in a federal charging document obtained by Quartz, is among the most recent incidents of Chinese civilians accused of spying on behalf of Beijing. While Li was apprehended by authorities, he represents the immediate—and increasing—threat China poses to US national security, say experts.
One of the items Li was allegedly after, a Harris Falcon III AN/PRC 152A radio, is designated as a defense article on the United States Munitions List, and subject to international arms trafficking regulations. This means the Falcon III, which provides US troops in the field with National Security Agency-certified encrypted communications, cannot leave the country without a special license issued by the State Department.
Li had agreed to pay AB a total of 50,000 renminbi, or roughly $7,200, for the radio. He knew AB was already under investigation for export-related crimes and believed AB “was attempting to get rid of the radio in light of AB’s entanglement with law enforcement,” according to court filings.
Li told AB he planned to drive with the Falcon III to Tijuana, Mexico—about 30 minutes by car from San Diego—and ship it to China from there. This, Li reportedly thought, would help him skirt American trafficking laws….Li, FBI soon discovered, had a second Harris Falcon III in his possession, several antennas, a digital memory card, and a map of the North Island Naval Air Station, a nearby military base home to two US aircraft carriers.
According to an FBI affidavit filed in the case, Li came clean during questioning, confessing he had been tasked with obtaining the Falcon III radio by a contact Li claimed was an officer in the Chinese People’s Liberation Army (PLA). He told the agents the PLA officer had given him a list of US military items to procure on his trip to the US, including the Falcon III.
…The charge carries a possible $1 million fine and 20 years in prison.
William Evanina, who has led the National Counterintelligence and Security Center, a government agency under the aegis of the Office of the Director of National Intelligence, since 2014—
“China is number one,” Evanina said in a 2018 podcast interview with former deputy CIA director Michael Morell. “Existentially, long term, they’re the largest threat to our national security, bar none—it’s not even close.”
There has been a marked increase in non-traditional intelligence collection efforts, Evanina said. “Those out-of-embassy jobs where they send over engineers, businessmen, students to do the same type of collection, recruitment, co-opting of information…at mass scale,” he said.
The Chinese intelligence services possess practically unlimited financial resources, and use this wealth freely, said Janosh Neumann, a former counterintelligence officer with Russia’s Federal Security Service (FSB)…The US, as the undisputed leader in innovation and advanced technology, is the world’s top target for scientific and technical espionage of foreign intelligence services.
Neumann, who defected to the US in 2008, describes the Li case as a classic exampl… of the way China operates, using voluminous numbers of agreeable civilians as freelance agents, as well as private companies, to further its geopolitical aims…..
Nicholas Eftimiades, who spent 34 years as a senior official with, variously, the CIA, the Defense Intelligence Agency and the State Department’s Bureau of Diplomatic Security who is considered one of the country’s foremost experts on Chinese espionage, told Quartz that Li’s tasking from the PLA was a “very focused collection operation.”…If China were to successfully acquire a military-grade Falcon III, it could directly endanger US troops on the battlefield. “What you’d want to do is take it apart and understand the guts of it,” Eftimiades said. “It also has uploadable software. Were I a bad guy, I would want to know exactly how and where the software is uploaded, because it’s probably done from some central point. If I can get into that supply chain, I could theoretically upload software that may allow me access to [encrypted top secret] communications.”
Dan Grazier, a former US Marine Corps tank commander, relied on the Falcon III regularly during tours of duty in Iraq and Afghanistan.
“This is the handheld unit used by our forward air controllers on the ground,” Grazier told Quartz. “I would have a forward air controller with my tank company, and he would use this kind of radio to talk to aircraft, to guide close air support missions. So, this is an important system. It’s certainly something that we would not want to fall in the hands of a potential adversary. The military works hard to control these sensitive items,” Grazier continued. “When I was the officer of the day for the tank battalion, I had to check to make sure that the vaults were locked, I had to sign the sheet to show that I checked it. If it gets out and if it gets off base, then it becomes really difficult to keep track of these things.”.
In a 2018 op-ed for The New York Times Paul Moore, a former China analyst for the FBI, explained the technique, which is also known as a “mosaic” or “thousand grains of sand” method….Chinese citizens benefit in two ways from this arrangement. Beijing’s spymasters pay well for valuable information, and a large number of individuals and companies are willing to work with the government. This has to do not only with any immediate financial rewards but also the promise of increased future earnings in one’s regular life, as well.
…the American counterintelligence apparatus is overdue for an update, Eftimiades said. For starters he believes the federal government must start partnering with industry much more closely than it does now. The FBI, as well as the Department of Homeland Security and the Department of Commerce are making attempts to strengthen ties with the commercial sector, but this sort of outreach is expensive and time-consuming, said Eftimiades. Agents get taken off the street to conduct industry briefings, which Eftimiades says doesn’t typically impart much usable information anyway. Equally important, Eftimiades said, the US needs to strengthen laws on intellectual property and the Foreign Agents Registration Act (FARA)…
“I testified before Congress a couple of times in the ‘90s and I told them ‘Do something about this problem now, because if not, in 20 years you’re going to be calling me back crying: How did it get this bad? Eftimiades said. “And you know what happened? They didn’t do anything about it.” https://qz.com/1779627/chinese-tourists-are-being-recruited-to-spy-on-the-us/
…….......................…
No comments:
Post a Comment