Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
China Security Encryption Hardware

Did A Chinese State-Sponsored Group Breach Taiwan's Semiconductor Industry? (arstechnica.com) 15

At the Black Hat security conference, researchers from the Taiwanese cybersecurity firm CyCraft revealed at least seven Taiwanese chip firms have been breached over the past two years, reports Wired: The series of deep intrusions — called Operation Skeleton Key due to the attackers' use of a "skeleton key injector" technique — appeared aimed at stealing as much intellectual property as possible, including source code, software development kits, and chip designs. And while CyCraft has previously given this group of hackers the name Chimera, the company's new findings include evidence that ties them to mainland China and loosely links them to the notorious Chinese state-sponsored hacker group Winnti, also sometimes known as Barium, or Axiom. "This is very much a state-based attack trying to manipulate Taiwan's standing and power," says Chad Duffy, one of the CyCraft researchers who worked on the company's long-running investigation...

The researchers found that, in at least some cases, the hackers appeared to gain initial access to victim networks by compromising virtual private networks, though it wasn't clear if they obtained credentials for that VPN access or if they directly exploited vulnerabilities in the VPN servers. The hackers then typically used a customized version of the penetration testing tool Cobalt Strike, disguising the malware they planted by giving it the same name as a Google Chrome update file. They also used a command-and-control server hosted on Google's or Microsoft's cloud services, making its communications harder to detect as anomalous....

Perhaps the most remarkable of those new clues came from essentially hacking the hackers. CyCraft researchers observed the Chimera group exfiltrating data from a victim's network and were able to intercept an authentication token from their communications to a command-and-control server. Using that same token, CyCraft's analysts were able browse the contents of the cloud server, which included what they describe as a "cheat sheet" for the hackers, outlining their standard operating procedure for typical intrusions. That document was notably written in simplified Chinese characters, used in mainland China but not Taiwan...

"It's possible that what they're seeing is just a small fragment of a larger picture," says the director of Kaspersky's Global Research & Analysis Team, who tells Wired the group has also attacked telecoms, tech firms, and a broad range of other Taiwanese companies.

But in the same article one of CyCraft's researchers argues the group could be looking for even more exploits. "If you have a really deep understanding of these chips at a schematic level, you can run all sorts of simulated attacks on them and find vulnerabilities before they even get released."
This discussion has been archived. No new comments can be posted.

Did A Chinese State-Sponsored Group Breach Taiwan's Semiconductor Industry?

Comments Filter:
  • Thank god, Betteridge prevented it.

  • I can't even imagine how access to that kind low level design info could be used for hacking (just a casual techie here). But what concerns me is how widespread any exploit could be. Shit you don't even think about. Everything is filled with chips these days....
    • Re:Kind of scary (Score:5, Insightful)

      by Shaitan ( 22585 ) on Saturday August 15, 2020 @03:08PM (#60404639)

      Used for hacking? More like used to provide a massive advantage to Chinese private and military interests. When will people get it through their skulls, Chinese industry and the Chinese state are one thing.

      They will use the info to help them replicate taiwan chip fabrication tech and to undermine the design advances of most of the world who was foolish enough to trust that Taiwan would be a safe place to send their sensitive IP. China will have a knockoff of every worthwhile chip design companies and engineers in your nation have designed now.

      China is at war with the rest of the world, especially the parts with some sort of concept of democracy, and they are most definitely hostile.

  • They also used a command-and-control server hosted on Google's or Microsoft's cloud services, making its communications harder to detect as anomalous....

    Keep things on your own servers: you control them and so can better trust them. See packets going elsewhere --- go & investigate. Yes: it might cost a little more, but how expensive is the loss of important data ?

    • That's what to expect when you run on inferior operating systems. So nice AD has a multiple password feature. IF MS was serious there would be a way to turn off debugging (Because it is rare that anyone actually has systems level debug knowledge), and harden the OS to report the skeleton calls, or immutable as in BSD. The cost of unhardened off-the-shelf kit is high. One assumes these serious systems programmer calls SHOULD have belts and braces program path execution protection, like MVS and BSD has. MS ha
  • by coastwalker ( 307620 ) <acoastwalker.hotmail@com> on Saturday August 15, 2020 @03:25PM (#60404663) Homepage

    Until a couple of months ago the whole world was benefiting from cheap goods from China. Unfortunately we also benefit from the State funded chip manufacturing TSMC foundry in the disputed territory of Taiwan which also makes most of our advanced electronics. Suddenly we care about all of this. The one thing I am not ok about is starting a cold war with China in order to change it. Blaming someone else for your own lack of insight and attacking them because of it is pathetic. Pay Intel or others to redress the balance but don't tell me we need another hot war to solve the issue.

    • by MikeMo ( 521697 )
      We've always cared about hacking and blatant, government-sponsored IP theft.
    • Re:Who cares (Score:4, Insightful)

      by 93 Escort Wagon ( 326346 ) on Saturday August 15, 2020 @03:42PM (#60404693)

      Suddenly we care about all of this.

      No, this didn't suddenly magically appear after Trump's inauguration. Concerns over China's theft of intellectual property - as well as coerced extraction of intellectual property - have been around for decades. Heck, I remember Microsoft complaining about it back in the Windows 95 days... and earlier.

      It's fine if you don't like the current administration's posture towards China*; but you can't pretend this is a made-up problem.

      *I am annoyed by the administration's approach - mainly because they completely reverse course the moment China or a Chinese company does something that benefits Trump.

  • Does this mean I'll be able to buy a cheap HeyEmDee Chyzen processor in the near future?

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...