According to the U.S. Department of Justice, the Chinese intelligence officers recruited hackers and insiders to hack aerospace and tech firms. US DoJ accuses the Chinese intelligence to have recruited hackers and insiders to steal confidential information from companies in aerospace and tech companies. US intelligence believes that the cyber espionage operation was under the control of Zha Rong and Chai Meng, two intelligence officers working for the Jiangsu Province Ministry of State Security (JSSD) in the Chinese city of Nanjing. According to U.S. authorities, the operation was coordinated by Zha Rong and Chai Meng, intelligence officers working for the Jiangsu Province Ministry of State Security (JSSD) in the Chinese city of Nanjing. “Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years. The conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbofan engine used in commercial airliners.” reads the press release published by the DoJ. “The charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu Province Ministry of State Security (“JSSD”), headquartered in Nanjing, which is a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (“MSS”).”
The Jiangsu Province Ministry of State Security (JSSD) is a foreign intelligence unit that is coordinated by China’s Ministry of State Security (MSS), the agency that is tasked for non-military foreign intelligence and domestic counterintelligence operations. The intelligence duo recruited five hackers (Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi) to hack the companies involved in the design of a turbofan engine used in commercial airliners in Europe and the United States. The turbofan engine was manufactured by a French aerospace company, which also had offices in the Jiangsu province with a U.S.-based firm. The operation aimed at stealing industrial secrets for a Chinese-state company, according to the indictment, ten Chinese nationals were involved in the cyber espionage activities, including two spies, six hackers and two insiders. “Members of the conspiracy targeted, among other things, data and information related to a turbofan engine used in commercial jetliners.” states the DoJ indictment. “At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.” The Chinese spies also targeted companies involved in the manufacturing of components for the jet engine, including US-based firms. The campaign was carried out at least from January 2010 to May 2015.
The cyberspies used spear phishing, watering hole attacks, and domain hijacking to deliver various malware families, including Sakula and IsSpace, to the target organization. A JSSD officer provided malware to insiders, two of which is Tian Xi and Gu Gen, to plant the malicious code in the organization. According to the indictment, the hackers hired by the Chinese intelligence were also involved in cybercriminal activities, a circumstance that highlights the thin line between nation-state hacking and cybercrime. The choice of recruiting hackers from cybercrime underground is strategic because makes it hard for an investigator to attribute the operations to a specific government. “State-sponsored hacking is a direct threat to our national security. This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” declared U.S. Attorney Adam Braverman. “The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”
https://securityaffairs.co/wordpress/77526/intelligence/chinese-intelligence-espionage.html
Hackers accessed to personnel files and that it was the subject of an extortion attempt. Austal reported the data breach to the Australian Securities Exchange (ASX) on Thursday evening, it also notified affected “stakeholders”. “Austal Limited (ASX:ASB) advised that its Australian business has detected and responded to a breach of the company’s data management systems by an unknown offender.” reads the data breach notification published by the company. “Austal Australia’s Information Systems and Technology (IS&T) team have restored the security and integrity of the company’s data systems and have implemented, and continues to implement, additional security measures to prevent further breaches. A small number of stakeholders who were potentially directly impacted have been informed.
”Australian Cyber Security Centre (ACSC) and the Australian Federal Police have launched an investigation on the security breach. According to the company the security breach has had no impact on ongoing operations, experts also pointed out the Austal’s business in the United States was not affected by the incident because it leverages on a separate IT infrastructure. Austal claimed that the breach doesn’t expose information affecting national security or the commercial operations of the company. “No company wants to lose control of its information, but there is no evidence to date to suggest that information affecting national security nor the commercial operations of the company have been stolen: ship design drawings which may be distributed to customers and fabrication sub-contractors or suppliers are neither sensitive nor classified.” continues the notification.
Hackers gained access to the personnel email addresses and mobile phone numbers, attackers purported to offer them for sale online and “engage in extortion”. “Following the breach the offender purported to offer certain materials for sale on the internet and engage in extortion. The company has not and will not respond to the extortion attempts.” continues the note. Australia’s department of defence declared it “can confirm that no compromise of classified or sensitive information or technology has been identified so far.” Austal has manufactured over 260 vessels for more than 100 operators in its 28-year history, it has won a contract to build littoral combat ships for the US Navy. Defence contractors are a privileged target for hackers, stolen information could be used in targeted attacks or can be resold on the cybercrime underground. Recently experts from the Italian cyber security firm Yoroi uncovered a mysterious hacking campaign aimed at Italian Naval industry companies.
https://securityaffairs.co/wordpress/77600/data-breach/austal-security-breach.html
The Jiangsu Province Ministry of State Security (JSSD) is a foreign intelligence unit that is coordinated by China’s Ministry of State Security (MSS), the agency that is tasked for non-military foreign intelligence and domestic counterintelligence operations. The intelligence duo recruited five hackers (Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi) to hack the companies involved in the design of a turbofan engine used in commercial airliners in Europe and the United States. The turbofan engine was manufactured by a French aerospace company, which also had offices in the Jiangsu province with a U.S.-based firm. The operation aimed at stealing industrial secrets for a Chinese-state company, according to the indictment, ten Chinese nationals were involved in the cyber espionage activities, including two spies, six hackers and two insiders. “Members of the conspiracy targeted, among other things, data and information related to a turbofan engine used in commercial jetliners.” states the DoJ indictment. “At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.” The Chinese spies also targeted companies involved in the manufacturing of components for the jet engine, including US-based firms. The campaign was carried out at least from January 2010 to May 2015.
The cyberspies used spear phishing, watering hole attacks, and domain hijacking to deliver various malware families, including Sakula and IsSpace, to the target organization. A JSSD officer provided malware to insiders, two of which is Tian Xi and Gu Gen, to plant the malicious code in the organization. According to the indictment, the hackers hired by the Chinese intelligence were also involved in cybercriminal activities, a circumstance that highlights the thin line between nation-state hacking and cybercrime. The choice of recruiting hackers from cybercrime underground is strategic because makes it hard for an investigator to attribute the operations to a specific government. “State-sponsored hacking is a direct threat to our national security. This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” declared U.S. Attorney Adam Braverman. “The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”
https://securityaffairs.co/wordpress/77526/intelligence/chinese-intelligence-espionage.html
Hackers accessed to personnel files and that it was the subject of an extortion attempt. Austal reported the data breach to the Australian Securities Exchange (ASX) on Thursday evening, it also notified affected “stakeholders”. “Austal Limited (ASX:ASB) advised that its Australian business has detected and responded to a breach of the company’s data management systems by an unknown offender.” reads the data breach notification published by the company. “Austal Australia’s Information Systems and Technology (IS&T) team have restored the security and integrity of the company’s data systems and have implemented, and continues to implement, additional security measures to prevent further breaches. A small number of stakeholders who were potentially directly impacted have been informed.
”Australian Cyber Security Centre (ACSC) and the Australian Federal Police have launched an investigation on the security breach. According to the company the security breach has had no impact on ongoing operations, experts also pointed out the Austal’s business in the United States was not affected by the incident because it leverages on a separate IT infrastructure. Austal claimed that the breach doesn’t expose information affecting national security or the commercial operations of the company. “No company wants to lose control of its information, but there is no evidence to date to suggest that information affecting national security nor the commercial operations of the company have been stolen: ship design drawings which may be distributed to customers and fabrication sub-contractors or suppliers are neither sensitive nor classified.” continues the notification.
Hackers gained access to the personnel email addresses and mobile phone numbers, attackers purported to offer them for sale online and “engage in extortion”. “Following the breach the offender purported to offer certain materials for sale on the internet and engage in extortion. The company has not and will not respond to the extortion attempts.” continues the note. Australia’s department of defence declared it “can confirm that no compromise of classified or sensitive information or technology has been identified so far.” Austal has manufactured over 260 vessels for more than 100 operators in its 28-year history, it has won a contract to build littoral combat ships for the US Navy. Defence contractors are a privileged target for hackers, stolen information could be used in targeted attacks or can be resold on the cybercrime underground. Recently experts from the Italian cyber security firm Yoroi uncovered a mysterious hacking campaign aimed at Italian Naval industry companies.
https://securityaffairs.co/wordpress/77600/data-breach/austal-security-breach.html
No comments :
Post a Comment