Become a fan of Slashdot on Facebook


Forgot your password?
Security China Crime Privacy United States

Security Firms Say Chinese Hackers Behind US Ransomware Attacks ( 40

An anonymous reader writes: According to four leading security firms, some of the recent ransomware attacks against U.S. companies have been performed by hacking groups working at the behest of China's government. From the report, "Security firms Attack Research, InGuardians and G-C Partners, said they had separately investigated three other similar ransomware attacks since December. Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China."
This discussion has been archived. No new comments can be posted.

Security Firms Say Chinese Hackers Behind US Ransomware Attacks

Comments Filter:
  • >> ransomware attacks against U.S. companies they get cash money for being a nuisance.

    >> hacking groups working at the behest of China's government's for the communist Chinese government (the evil "ChiComs!!!"), because they what? Hate businesses? Need money? Isn't it more likely that ransom software that delivers money to specific criminals is being used by...mere criminals?
    • I'm going to put out a blog post soon to give more detail, but essentially it is private contractors who used to work with the PLA and are now under-employed trying to make money on the side. At least that is my theory.
  • ...How many of these "security research companies" are little more than one or two guys with a blog?

    • That is a valid question, and often the case. In our case however we are 11 full time and another 6 or so part time people. We have a building, and locations in several states. You can, for example, look up our papers published by blackhat, defcon, etc. to see more than just what we post on our blog. Here is one of my old favorites: [] I know at least one of the other companies, InGuardians, is roughly similar in size, and many of its people were foundational contributors to
      • by rtb61 ( 674572 )

        So in order to validate the claim the government of China is behind those attacks, you have proof that you obtained via conducting criminal espionage activities in China, in which case good luck with that. The other claim is down to IP address and IP address alone with no idea who or how many are involved or even whether the IP was spoofed. Now to turn that around the US government is guilty of every crime committed by a government employee and the US government should be criminally prosecuted for all those

        • Sorry, accidentally clicked in the wrong spot and caused a down-mod. I'm hoping this post undoes the mod. Apologies if it doesn't.

    • Hey, wanna start a security and research company?
  • by Anonymous Coward

    Who benefits most from escalating cyberwarfare/diplomatic tensions in this area?

    Most people don't understand how impossible attribution is in the case of cyber-warfare. It is trivial to include cultural references/grammar patterns from a foreign language in the code to indicate national affiliation(to say nothing of VPN/Tor exit node location).

    The best you can hope for is to infiltrate the attacker PC with a RAT/keylogger and attempt to make conclusions about the nationality of the attacker, but this ignore

  • I've seen a 30x increase in emails with malicious payloads since the 1st. And that's after blackholes and the usual filtering.

    These are messages that have been dropped for having known malware, or attachments that are blacklisted (Anything executable, many office file types, pass-worded zips, etc)

    I'm pretty close to blacklisting zip files alltogether.

  • The poor cybersecurity stance of US firms puts information that is proprietary to their Chinese trading partners as risk, and thus affects the security of the Chinese state. But what can the Chinese government do about that? Call up the US government and say, "Make those clowns get their act together!"? The US government is paralyzed by even bigger clowns.

    So what you do is pick out some of the worst offenders and shake them down. Not for so much money that they go out of business -- they are after al you

  • by Anonymous Coward
    So 3 security firms told Reuters that this is the work of Chinese hackers, but for the past 2 years, all other cyber-security firms were saying that ransomware came from Russia. Nice job Reuters... now go back to politics and leave security news to the pros.
  • by Anonymous Coward

    Over the last few years, there's been an absolute ton of progress made on the hacking side of things (especially cryptoware style viruses), and not really any meaningful defensive measures other than "block all attachments." Corporate AV only seems effective a few days after the virus launches, but that's way too slow.

    For example, a client got hit with Feb 16th's locky virus, which managed to get past the firewall AV scanner (Fortigate), the mail server AV scanner (Sophos), the local workstation AV (TrendM

  • If you feel insecure because of your lock system, please feel free to call us and we will be there to help you feel secured. We render mobile locksmith services for Pacific Beach, Mission Beach and La Jolla efficiently and have gained people’s appreciation.
  • "... Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China."

    They can't be positive and concluded this? Where are the proofs?

Each honest calling, each walk of life, has its own elite, its own aristocracy based on excellence of performance. -- James Bryant Conant