Security News Report: Chinese government is behind a decade of hacks on software companies

[LASER_oneXM]

Content source

https://arstechnica.com/information-technology/2018/05/researchers-link-a-decade-of-potent-hacks-to-chinese-intelligence-group/

Though sloppy at times, Winnti Umbrella remain advanced and extremely prolific.

Researchers said Chinese intelligence officers are behind almost a decade's worth of network intrusions that use advanced malware to penetrate software and gaming companies in the US, Europe, Russia, and elsewhere. The hackers have struck as recently as March in a campaign that used phishing emails in an attempt to access corporate-sensitive Office 365 and Gmail accounts. In the process, they made serious operational security errors that revealed key information about their targets and possible location.


Researchers from various security organizations have used a variety of names to assign responsibility for the hacks, including LEAD, BARIUM, Wicked Panda, GREF, PassCV, Axiom, and Winnti. In many cases, the researchers assumed the groups were distinct and unaffiliated. According to a 49-page report published Thursday, all of the attacks are the work of Chinese government's intelligence apparatus, which the report's authors dub the Winnti Umbrella. Researchers from 401TRG, the threat research and analysis team at security company ProtectWise, based the attribution on common network infrastructure, tactics, techniques, and procedures used in the attacks as well as operational security mistakes that revealed the possible location of individual members.

A decade of hacks

Attacks associated with Winnti Umbrella have been active since at least 2009 and possibly date back to 2007. In 2013, antivirus company Kaspersky Lab reported that hackers using computers with Chinese and Korean language configurations used a backdoor dubbed Winnti to infect more than 30 online video game companies over the previous four years. The attackers used their unauthorized access to obtain digital certificates that were later exploited to sign malware used in campaigns targeting other industries and political activists.

Also in 2013, security firm Symantec reported on a hacking group dubbed Hidden Linx that was behind attacks on more than 100 organizations, including the high-profile 2012 intrusion that stole the crypto key from Bit9 and used it to infect at least three of the security company's customers.

In later years, security organizations Novetta, Cylance, Trend Micro, Citizen Lab, and ProtectWise issued reports on various Winnti Umbrella campaigns. One campaign involved the high-profile network breaches that hit Google and 34 other companies in 2010.
"The purpose of this report is to make public previously unreported links that exist between a number of Chinese state intelligence operations," The ProtectWise researchers wrote. "These operations and the groups that perform them are all linked to the Winnti Umbrella and operate under the Chinese state intelligence apparatus."

 

[ForgottenSeer 58943]

China has no innovation. They steal everything and re-engineer it with cheap components and cut corners. They are the great pirates on the high seas of technology.

They use substandard caps in their products, artificially limiting lifespan. They added secondary spying channels to almost all products. For example one of the most popular Chinese smart-plugs on Amazon uses a legitimate AWS bucket for updates and app function, but also sends back to Chinese Military Intelligence with the same frequency.

China embeds spies in virtually every US industry and company, even small firms. China is FANTASTIC at convincing firms to utilize their R&D and Manufacturing, then every single schematic and die is readily stolen and utilized for their own substandard products.

Ubiquiti discovered that after their entire product line was stolen by a partially Chinese Govt. funded firm selling backdoored AP's to the world at 50% less than Ubiquiti. Everything was totally duplicated except some tiny changes to the form factor. Even the POE injector is a clone.

It's pretty pathetic really. You'd think US Corporations wouldn't be so stupid, but they are.. Even defense contractors have Chinese Nationals on staff, and we know where that is going to lead.

China is our enemy, and always has been, but we're probably just now waking up to it.

 

[ForgottenSeer 69673]

Years ago it was well know that US companies freely gave rocket tech to the Chinese and what we did not give them, they stole.

 

[dragongate888]

US government has banned several Chinese IT products last weeks or so. I suspect that majority of IT products manufactured (or partly)in China may post some degree of security threats, to name a few, US 's darling products---Apple family products; iphone, Mac PC etc.
Now the principal Apple partner IS allowed to set up a major beachfront factory in US soil, drawing millions gallons of fresh water DAILY from Great lakes. This sort of development is really troublesome. INDEED.

 

[ForgottenSeer 58943]

US government has banned several Chinese IT products last weeks or so. I suspect that majority of IT products manufactured (or partly)in China may post some degree of security threats, to name a few, US 's darling products---Apple family products; iphone, Mac PC etc.
Now the principal Apple partner IS allowed to set up a major beachfront factory in US soil, drawing millions gallons of fresh water DAILY from Great lakes. This sort of development is really troublesome. INDEED.

HIKVision was banned, the US Govt. is also warning consumers against HIK products.. So indeed, there is a growing list of banned Chinese Tech Imports. Not to get political, but previous administrations cow-towed the Chinese, this current administration knows what is going on and is willing to address it. If the globalists had won, it would be business as usual.

TAA restrictions are already in place for 'substantially' Chinese products as part of GSA procurement rules. As the noose tightens, so will those restrictions. Russia, China, India and Turkey aren't TAA compliant and there cannot be GSA certified suppliers unless products made there are substantially transformed. For example Fortinet can make chips in Taiwan (TAA compliant), Boards and Form Factor in China (Non-TAA), final assembly in California, which results in a full TAA compliant product for GSA procurement.

It's the cheap consumer crap that's being backdoored because it's fully manufactured in China with substantial Chinese parts and software.

 

[Daviworld]

This is pretty well known, so I'm not too surprised. Now a day's though everybody is spying on everybody and stealing secret's from everybody. One big game of playing spy

 

[HarborFront]

BTW, fir how many decades has the US spy agencies have access (or hack) to the software companies?