Cybersecurity

cross-posted from: https://lemmy.sdf.org/post/50660067

Archived

[...]

Rehearsing attacks on critical infrastructure offers China a potential advantage by allowing cyber operations to be planned and practiced in advance rather than improvised in real time.

[...]

The existence of such a platform, focused on offensive rather than defensive operations, raises questions about repeated claims by Chinese officials that their government does not conduct cyberattacks.

[...]

The platform was developed by a company called CyberPeace (赛宁网安), which celebrates extensive links to the country’s government and military on its website. CyberPeace did not respond to a request for comment, sent in both English and Chinese, when contacted about this article.

The documents do not identify which state authority commissioned the company to build Expedition Cloud. There are numerous independent agencies — from units of the People’s Liberation Army (PLA) to regional bureaus of the Ministries of Public Security and State Security — who could have been initially responsible, said several independent experts consulted by Recorded Future News. The experts also suggested that CyberPeace could have sold the platform to multiple customers.

The specialist researchers told Recorded Future News they regarded the find as extraordinary, and said there was no possible alternative to the Chinese state’s involvement. “This was created to meet the needs of a state customer. We don’t see the purchase order, but we see what they built,” said Dakota Cary, a specialist on China for cybersecurity company SentinelOne.

[...]

Mei Danowski, a cyberthreat intelligence professional and the co-founder of Natto Thoughts, described the documents as “really valuable,” noting they provided an unprecedented amount of detail about China’s use of cyber ranges.

“The Chinese Communist Party wants to be seen as promoting peace and not as an aggressor,” added Cary. “Their public statements reflect that. Their observable actions do not.”

[...]

cross-posted from: https://lemmy.sdf.org/post/50538405

Archived

Here is the report: National Threat Assessment (pdf)

[...]

The Norwegian government has accused the Chinese-backed hacking group known as Salt Typhoon of breaking into several organizations in the country.

In a report published on Friday, the Norwegian Police Security Service said the hacking group, believed to be working for the Chinese government, targeted vulnerable network devices to conduct espionage.

Norway is the latest country to confirm a Salt Typhoon-related intrusion.

Salt Typhoon [...] has for years stealthily hacked into the networks of critical infrastructure organizations around the world, including telecom providers in Canada and the United States, where they allegedly intercepted the communications of senior politicians. This series of breaches put pressure on telcos to improve their security.

The report did not provide many details about the hacking campaign targeting the country. A spokesperson for Norway’s embassy in the U.S. did not immediately respond to a request for comment.

[...]

cross-posted from: https://lemmy.sdf.org/post/50394868

The exposed Elasticsearch cluster, which contained over 160 indices, held billions of primarily Chinese records, ranging from national citizen ID numbers to various business records. The massive leak is among the largest single Elasticsearch exposures ever recorded.

Archived

• Cybernews researchers discovered 8.7 billion exposed Chinese records on an unsecured Elasticsearch cluster, one of history's largest data leaks.
• The leaked data includes national ID numbers, home addresses, plaintext passwords, and social media identifiers, creating severe identity theft risks.
• The exposed database remained publicly accessible for over three weeks before being closed, giving attackers ample time to scrape data.
• Researchers believe the dataset was intentionally aggregated on bulletproof hosting, suggesting data broker activity or malicious intent.

[...]

According to the team, the exposed data aggregates personal identifiers, contact information, government-style identifiers, online account references, and credentials at an unprecedented scale.

The geographic distribution of the leaked records is limited, predominantly focusing on mainland China, with regional metadata spanning multiple Chinese provinces and cities.

[...]

Personally Identifiable Information (PII):

• Full names
• Mobile phone numbers
• National ID numbers
• Home addresses
• Date and place of birth
• Gender and demographic attributes

Account and platform data:

• Messaging and social media identifiers
• Email addresses
• Usernames
• Platform-specific account references

Authentication data:

• Plaintext and weakly protected passwords in multiple datasets

Corporate and Business Records:

• Company registration details
• Legal representatives
• Business contact information
• Registration addresses and licensing metadata

Largest Chinese data leak: What are its implications?

Even though the 8.7 billion-record-strong dataset is no longer accessible, it was open for over three weeks, giving malicious actors ample time to scrape it. Our researchers believe attackers could utilize the data for multiple purposes.

For one, the exposed records included plaintext credentials, some with poorly protected passwords. This type of data is extremely useful for account takeovers, with cybercriminals accessing additional user details. Password information enables cybercrooks to carry out credential stuffing attacks, as users often reuse the same passwords for multiple accounts.

Another major risk for individuals is identity theft. Since the dataset included tremendous amounts of PII, together with national identifiers, malicious actors may attempt to set up fraudulent accounts. ID numbers are often the key metric that organizations and businesses demand upon setting up accounts.

[...]