Massive, China-State-Funded Hack Hits Companies Around the World, Report Says (arstechnica.com) 99
An anonymous reader quotes a report from Ars Technica: Researchers have uncovered a massive hacking campaign that's using sophisticated tools and techniques to compromise the networks of companies around the world. The hackers, most likely from a well-known group that's funded by the Chinese government, are outfitted with both off-the-shelf and custom-made tools. One such tool exploits Zerologon, the name given to a Windows server vulnerability, patched in August, that can give attackers instant administrator privileges on vulnerable systems. Symantec uses the code name Cicada for the group, which is widely believed to be funded by the Chinese government and also carries the monikers of APT10, Stone Panda, and Cloud Hopper from other research organizations. The group has been active in espionage-style hacking since at least 2009 and almost exclusively targets companies linked to Japan. While the companies targeted in the recent campaign are located in the United States and other countries, all of them have links to Japan or Japanese companies.
The attacks make extensive use of DLL side-loading, a technique that occurs when attackers replace a legitimate Windows dynamic-link library file with a malicious one. Attackers use DLL side-loading to inject malware into legitimate processes so they can keep the hack from being detected by security software. The campaign also makes use of a tool that's capable of exploiting Zerologon. Exploits work by sending a string of zeros in a series of messages that use the Netlogon protocol, which Windows servers use to let users log into networks. People with no authentication can use Zerologon to access an organization's crown jewels -- the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network. Microsoft patched the critical privilege-escalation vulnerability in August, but since then attackers have been using it to compromise organizations that have yet to install the update. Both the FBI and Department of Homeland Security have urged that systems be patched immediately. Among the machines compromised during attacks discovered by Symantec were domain controllers and file servers. Company researchers also uncovered evidence of files being exfiltrated from some of the compromised machines.
The attacks make extensive use of DLL side-loading, a technique that occurs when attackers replace a legitimate Windows dynamic-link library file with a malicious one. Attackers use DLL side-loading to inject malware into legitimate processes so they can keep the hack from being detected by security software. The campaign also makes use of a tool that's capable of exploiting Zerologon. Exploits work by sending a string of zeros in a series of messages that use the Netlogon protocol, which Windows servers use to let users log into networks. People with no authentication can use Zerologon to access an organization's crown jewels -- the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network. Microsoft patched the critical privilege-escalation vulnerability in August, but since then attackers have been using it to compromise organizations that have yet to install the update. Both the FBI and Department of Homeland Security have urged that systems be patched immediately. Among the machines compromised during attacks discovered by Symantec were domain controllers and file servers. Company researchers also uncovered evidence of files being exfiltrated from some of the compromised machines.
Amazing (Score:1)
Re: (Score:1)
We get it. You're angry because he lost. It's fine, I guess... I just hope you can get over it before you stroke the fuck out.
You are essentially correct, just the fellow down in the bunker right now might not come up for a few years to sniff the air if the radiation drops enough. When he does he might catch a whiff of Winnie the Pooh and scurry right back down to see if he can still get his missiles or whatever up.
With the way relations are going with China because of that jerk it is no wonder the hacking is still going on. Not as if the Chinese don't know that we know what they are doing it, they seem to instead be poking the j
Re: (Score:2)
Re: (Score:2)
Yes we know, the GOP hope is that the mixed race VP will help you drive up out the racists who fear 'being replaced'. The idea that the former AG of California is some sort of black radial who will gain power and then enslave white people might seem like a stretch, but Republicans these days have a limited grasp on reality.
Based on her record as a DA and later AG it's clear that minorities have far more to fear.
https://www.nytimes.com/2019/0... [nytimes.com]
"Time after time, when progressives urged her to embrace criminal justice reforms as a district attorney and then the state’s attorney general, Ms. Harris opposed them or stayed silent. Most troubling, Ms. Harris fought tooth and nail to uphold wrongful convictions that had been secured through official misconduct that included evidence tampering, false testimony and the suppressi
Re: (Score:2)
Harris thinks only about Harris. If she thinks her electorate is a bunch of racists that want see innocent minorities do long prison sentences, she will deliver. If she thinks her electorate is a bunch of defund the police radicals who think they want law enforcement to to take knee while looters smash and burn their town because 'racial justice' she will deliver on that too.
Harris and Biden are actually cut from the same cloth in that regard they are ALWAYS willing set aside any personal convictions they
Re: (Score:2)
Should be entertaining watching all you winners run around like Charlie Sheen on a tiger blood bender when your house of mental cards comes falling down.
I won't even pretend I can follow what you're saying.
What, exactly, are you on about?
C'mon Microsoft (Score:1)
Enough is enough. It's time to hire a ton of really experienced folks to rewrite most of the libs that were produced by your code campers over the last three decades. And while you're at it go ahead and pull the trigger on replacing the kernel sooner rather than later.
Please get serious about security, you're endangering the economic freedom of millions of people around the globe.
Re: (Score:2)
Extremely bias of slashdot? (Score:4, Interesting)
While slashdot quickly publish hacking reports that are "the most likely" funded by the Chinese government, it turns a blind eye [slashdot.org] to the the even more likely report of NSA hacking [datacenterdynamics.com]:
Reports in the Danish media allege that the United States National Security Agency (NSA) spied on Denmark’s government and companies [thedrive.com], including the Ministry of Finance, the Ministry of Foreign Affairs and its defense industry firm Terma, as well as other European defense contractors Eurofighter GmbH and Saab, in an attempt to gain information on its fighter acquisition program that was eventually won by the U.S.-made Lockheed Martin F-35. Allegedly, the NSA sought to conduct espionage [ab]using an existing intelligence-sharing agreement between the two countries. Under this agreement, it is said the NSA is able to wiretap fiber-optic communication cables passing through Denmark and stored by the Danish Defense Intelligence Service, or Forsvarets Efterretningstjeneste (FE). This occurred in light of highened scrutiny of the nation's internet and telecom infrastructures. In June, Denmark said it want to be able to exclude 5G technology suppliers from providing critical infrastructure in Denmark if they are not from countries considered security allies, apparently targeting Chinese telecom vendors Huawei and ZTE. “In order to protect Denmark and the Danes, we want to collaborate with someone with whom we already have alliances,” Minister of Defence Trine Bramsen told reporter.
Re:Extremely bias of slashdot? (Score:5, Insightful)
Is the U.S. currently facing some dire threat from Denmark that I am unaware of?
Re: (Score:2)
Huh. MY websites get these constantly, from worldwide addresses, mostly spoofed I'm sure. I'm almost ready to set fail2ban to 30 days, but they rotate so fast nothing really stops them, and the payloads change constantly.
And my mail servers get spam at ludicrous rates, though at about a million a month, now a tenth of what used to be normal. I have to read logs now, it all goes away so fast, but I'm not sure any burst of state-level attacking results in measurable increases. I'm suspicious that all the incr
Re: (Score:1)
Re: (Score:2)
No longer 'new'. And the old threats are sufficient to warrant responses.
Re:Extremely bias of slashdot? (Score:4, Insightful)
There is a huge difference between a government 'spying' for general protection of country vice directly passing information to companies that then have an advantage competing. The US government does not do espionage and turn that info over to US companies for the purpose of the companies having competitive edge over foreign companies. China does this as regular actions. If you don't understand the difference between this, then education has failed.
This has nothing to do with the security of the US, this is the NSA acting as an industrial espionage service provider for US defence companies by abusing intelligence sharing agreements with US allies. Denmark has posed no threat to the US other than that one time they injured Donald Trump's fragile ego and raised his blood pressure by telling him Greenland is not for sale.
Re: (Score:2)
"this is the NSA acting as an industrial espionage service provider for US defence companies by abusing intelligence sharing agreements with US allies"
And your evidence for this is what, exactly? Making shit up does not constitute a theory.
Re: (Score:2)
"this is the NSA acting as an industrial espionage service provider for US defence companies by abusing intelligence sharing agreements with US allies"
And your evidence for this is what, exactly? Making shit up does not constitute a theory.
I read the article the OP linked to, apart from hat this has been extensively reported in Scandinavian media:
https://www.thedrive.com/the-w... [thedrive.com]
https://www.nordschleswiger.dk... [nordschleswiger.dk]
https://www.dr.dk/nyheder/indl... [www.dr.dk]
Ignoring reality does not make embarrassing US intelligence failures disappear. Now feel free to tell us how this is all a false flag operation perpetrated by the deep state, financed by George Soros and instigated by the Lizard people.
Re:Extremely bias of slashdot? (Score:4, Insightful)
And? That's how the game is played. Of course I'm going to be angry when someone does unto us when we've been doing unto others. You call it hypocrisy. I call it realpolitik. Don't be naïve. One of the core purposes of the state of to look out for the wellbeing and prosperity of its citizens. That includes playing unfair with other nations. If you think for a second that your nation doesn't do it too, assuming you aren't an American, then you are wrong. And if you are an American, everyone does it, stop acting like we are the bad guys because we do it too. Its a fact of life and always has been.
Re: (Score:2)
If it makes you angry then you're only hurting yourself.
It's also ridiculous to get angry about someone else doing something you're doing. You don't have any moral high ground, whether it makes sense to do it or not. If it makes sense for you, then it makes sense for them, and your anger is misplaced.
Re: (Score:2)
If it makes you angry then you're only hurting yourself.
It's also ridiculous to get angry about someone else doing something you're doing. You don't have any moral high ground, whether it makes sense to do it or not. If it makes sense for you, then it makes sense for them, and your anger is misplaced.
Never mind the fact that Denmark is an ally, an ally the US made an intelligence sharing agreement with which the US is now abusing in a pretty unintelligent and counterproductive way. The Danish and Norwegian F-35 sales have been a done deal for years, they've sunk far to much money into the development of that turkey to suddenly decide not to buy it at the last minute.
Re: (Score:2)
The Danish and Norwegian F-35 sales have been a done deal for years, they've sunk far to much money into the development of that turkey to suddenly decide not to buy it at the last minute.
I guess they're trapped in the sunk cost fallacy, then? It still makes more sense not to throw good money after bad, and while it's unlikely to admit a costly mistake, it was still conceivable that they would grow a spine.
Never mind the fact that Denmark is an ally, an ally the US made an intelligence sharing agreement with which the US is now abusing in a pretty unintelligent and counterproductive way.
Counterproductive, maybe. Unintelligent? Unintelligent is signing an intelligence sharing agreement with the US that permits the US to spy on your communications links.
Re: (Score:2)
I think you are missing my point entirely. Morals have nothing to do with it. Claiming a moral high ground only serves propaganda purposes. You want to make your actions look good to your own people of course because many, including yourself apparently don't get it. Diplomacy is a zero sum game in a universe with limited resources and entropy. There is no free lunch and a government's responsibility is ultimately to its citizens. All alliances are alliances of convenience. They only last as long as parties
Re: Extremely bias of slashdot? (Score:2)
"The goal of US foreign policy is to enrich the lives of Americans."
Yes, but in the long term shitting on the world means living in a shitty world. That doesn't serve American interests.
Re: (Score:2)
Denmark has posed no threat to the US other than that one time they injured Donald Trump's fragile ego and raised his blood pressure by telling him Greenland is not for sale.
This happened during the Obama administration.
Re: Extremely bias of slashdot? (Score:2)
Re: (Score:2)
Stop lying. I certainly looks like Donny will lose but there are 270 electors associated with states that have certified their elections and assigned said electors yet. The race isn't over and Biden's lead though very like insurmountable does continue to narrow.
Re:Extremely bias of slashdot? (Score:5, Interesting)
These Danes used the same lines they'd previously agreed to allow the US to tap at will. They used them to discuss the acquisition of front line fighter aircraft and took no precautions at all. Not spying on these idiots would mean we wouldn't know what our enemies were learning while they also spied on our bonehead, romper room 'allies.'
Literally the NSA's job and no apologies will be forthcoming from the US. At least not until Biden is in office.
Re: (Score:3)
Literally the NSA's job and no apologies will be forthcoming from the US. At least not until Biden is in office.
What the hell, you could say the same if the so called Chinese State Funded Hack was done by one of their intelligence agency. Simply it's part of their job.
True, but this is all part of the Trumpublican party's ongoing effort to dethrone baseball as the US national sport and replace it with shrill and high pitched whining about how everybody is being unfair to them.
Re: (Score:2)
Simply it's part of their job.
I do 'say' this. Why wouldn't I?
Re: (Score:1)
At least Biden will listen to the NSA rather than Putin like currently his Poodle.
Re: (Score:2)
These Danes used the same lines they'd previously agreed to allow the US to tap at will. They used them to discuss the acquisition of front line fighter aircraft and took no precautions at all. Not spying on these idiots would mean we wouldn't know what our enemies were learning while they also spied on our bonehead, romper room 'allies.'
Literally the NSA's job and no apologies will be forthcoming from the US. At least not until Biden is in office.
To be perfectly honest the whole operation was completely unnecessary. It was born out of US paranoia and insecurity and nothing else. There was never the slightest chance that the RDAF or RNAF would buy anything other than the F-35. EADS eventually pulled out lf the competitions saying as much, i.e. that these competitions were basically political theatre aimed at convincing the Danish and Norwegian public that the F-35 purchase wasn't a foregone conclusion. Both countries had sunk far too much money into
Re: (Score:2)
It's so easy to spot the CCP sock puppet.
Disconnect (Score:3, Interesting)
Why don't we just start severing internet connectivity to China ? Granted there are multiple paths but some blocking might at least send a message.
Re: (Score:3, Interesting)
Re:Disconnect (Score:4, Insightful)
lol. China has been stealing IP and hacking everything they can reach for decades. We were just too dumb to recognize them for the enemy.
Re: (Score:1, Flamebait)
Re:Disconnect (Score:5, Insightful)
Before this bullshit trade war Slashdotters almost universally bemoaned the US spreading their godawful IP laws across the planet.
That's primarily about copyright, and software patents.
What a difference one demagogue and a willing media horde can make.
We were having these same arguments under several prior administrations.
According to Slashdot these days the Chinese are too useless to invent anything,
It's not just these days, and China hasn't independently invented anything of consequence in literally millennia. They may have put the finishing touches on some things, but e.g. Huawei is well-known for industrial espionage. Once you become known for cheating, no one will ever believe again that you aren't doing it constantly.
FFS, every second engineer and scientist working in America is fucking Chinese you dopey racist fucks.
It's not about race, tiger. It's about culture and government. They're not unable to invent things independently because of their genetic background. They're hamstrung by a system that hammers down what sticks up. Their government long ago reached the "self-perpetuation by any means" stage. This is known to be harmful to creativity, a critical problem-solving skill.
Re: Disconnect (Score:2)
If they had solved covid a long time ago they wouldn't have recently had to test an entire major city.
Their solution was anything but novel, as well. It was obvious and straightforward, but fascist-level authoritarianism. It has been reasonably effective as a stopgap, but did not actually solve the problem.
Re: (Score:2)
Re: (Score:2)
China has been our enemy since the 1950's. People are only now realizing it again.
Re: (Score:2)
Solution (Score:2)
Re: (Score:1)
Don't use a system that has DLLs.
You would think that Microsoft would have learned their lesson with the fiasco of activex controls, xp and their servers, but no the concept of a communications sandbox is beyond their current capabilities.
Re: (Score:3)
Re: (Score:2)
Statically link all the things!
Instead of 15 GB, Win 10 would be 15 TB on disk and require 4 TB of RAM.
Re: (Score:2)
Re: (Score:2)
I wonder if our species is far enough along on the road to Idiocracy to ...
Idiocracy? Not far at all. Just look at the elections...
Re: (Score:2)
Okay Donald Jr., stop drinking the Kool-Aid, try coffee.
The Operating System for Business (Score:2)
It never ceases to amaze me that, with so many examples of this nature before them, hacks, ransomware, viruses, on and on and on some more, and people still consider Microsoft operating systems to be suitable for business purposes.
I question if it's suitable for any purpose, actually, but businesses depend on this stuff. Really? In what universe is this supposed to make any sense at all?
Re: (Score:1)
your right - but name an alternate to MS Office?
including calendars, email, AD, etc
nothing is out there - seriously.
Re: (Score:2)
I'm on a Mac, I never felt the need to have all my crapola centralized and packaged for MS's enjoyment. The only time I use the abomination called Word is when some higher up relies upon it. It's always a clusterfuck to get a document to look correct. Excel is another pile of rat droppings. Exchange...ack, I'd rather eat a broom.
Not sure about AD, but I doubt centralizing like it does is anything more than presenting a honey pot for the black hats.
Re: (Score:2)
I'm on a Mac, I never felt the need to have all my crapola centralized and packaged for MS's enjoyment.
What does that mean? What relevance could it conceivably have? Microsoft Office is bundled and packaged for M$' profit, but it's a shockingly reasonable thing to do given that so many businesses use the whole stack of apps.
[various complaints about office apps]
They're not perfect for sure, but they do have their benefits. Excel in particular is much more pleasant to use than Calc, because of basic interface behaviors. Calc may be much more capable, but it's also much more irritating. Word peaked IMO around 5.1 (back when it was just a word proc
Re: (Score:2)
I'm inclined to agree, but I guess a lot of shops start out "to small for anyone to care about" and then gradually get bigger - and keep their crappy Windows systems as they do so. By the time they realise, they absolutely are big enough for someone to think it worth trying to extort them, or to steal their data, but they didn't make the switch to a half way sane OS.
Of course, the lesson really is that anyone is "big enough" because the cost of attack is very low. Any issues with your systems or data will c
Vague, unconfirmed supposition and suspicion (Score:3, Insightful)
...most likely from... both off-the-shelf and custom-made tools...Cicada... widely believed... APT10, Stone Panda, and Cloud Hopper...
While I don't doubt that the Chinese government funds hackers, the above is vague and unconfirmed, and could well be done by anyone using a VPN. In fact, I'm really surprised they are not using a VPN, I thought that was hacking 101.
There seems to be a push to paint Chinese hackers as uniquely bad, but I know that almost every government runs hacking teams these days. For example, we all know for a fact that the Australian government hacks the computers of allies in order to get advantage for Australian companies and multi-nationals who have an office in Australia (Woodside is a name that springs to mind). They also run child porn sites, selectively ignore terrorists based on the colour of their skin and imprison journalists who report on war crimes. Yet that is somehow seen as fine while Chinese hackers are beyond the pale.
Accountability is gone so governments can do what they like to their people, while Western nations have decided that there are no moral or legal boundaries any more so they can do anything outside their borders with impunity. The rest of the world is following. Why are we surprised? Is the Chinese government doing anything that the US, Australia or UK is not doing right now?
Re: (Score:1)
is China really behind this ? (Score:1)
And by that, I mean do these groups really have the backing of the government ?
It's certainly possible, but it seems just as likely that these are simply criminal crackers doing crime.
And with the US executive branch unable to tell the truth about anything, I'm kind of wondering what the independent verification is that the government of China is actually behind these groups.
Also, how much of this sort of thing is going on _against_ China with the backing of the CIA (or NSA) ? You know they have to be invo
Re: (Score:2)
most likely? most likely? (Score:2)
Re:most likely? most likely? (Score:4)
" people are rightly skeptical of news sources " I don't think so. Western news organizations are fairly good at adhering to the truth. The alleged administration on the other hand wants to discredit those organizations because they cannot stand adult oversight.
Re: (Score:2)
Western news organizations are now torn between political activism and a desire for profit. They don't care much about truth anymore. But then, from my experience, very few people in the West still care about truth. So I guess we just have the news organizations that we deserve.
Re: (Score:2)
"The hackers, most likely from a well-known group that's funded by the Chinese government". people are rightly skeptical of news sources these days, this isn't helping. would it have killed you to verify the information before posting? by all means report a hack,it's good information, but let's not go crazy and promote suspicions as fact. that's how these things start. how exactly are we identifying it was a chinese government source? as in, how?
They included the words "most likely", most likely after comparing attack types/signatures from known proven APTs. This isn't exactly difficult to technically deduce beyond mere politics.
And would it have killed you to understand your own words when you say "by all means report a hack"? I understand your point to an extent, but let's not go crazy and start accusing others of promoting suspicion when you demand the info by all means. That would most likely mean they'll do the best they can to validate in
Why (Score:2)
Re: (Score:2)
"We"? I don't recall having much of a voice in how companies source their supply chains. Now the U.S. could try to mandate they relocate them. But the R's in Congress have an aversion to forcing companies to follow government dictates and this smacks of a centrally planned economy.
One could always go the trade war route. Except the alleged administration is trying, but that seems to amount to paying U.S. farmers for their lost exports to China. So the taxpayers are funding the trade war. I don't see the all
Re: (Score:2)
Re: (Score:2)
Because the US consumer likes to buy cheap televisions, computers, and other things. Whether they last till you get them unpacked is not as material as the cost point. When another country provides cheap enough skilled labor and plant guarantees or outright building the plants to get business and similiar shipping costs along with stability (no revolutions or threat of unexpected loss of plant fixed costs to government takeover), manufacturing will move there without politicians needing to do much of anythi
Huawei (Score:2)
But yeah, sure, let's allow Huawei's 5G networking equipment to be deployed in the UK. What could possibly go wrong?
I guess trade deals with China are a bad idea (Score:3)
So, I guess the first thing China does when you enter a trade deal with them is to export some kind of virus back to you.
Re: (Score:2)
China's version of "free trade" (Score:2)
Nice counter-point to the other China article in today's /. newsfeed, posted less than an hour later than this...
"China's Xi Jinping Warns Against Protectionism in Apparent Swipe at US"
We're in a cyber war with many nations (Score:1)
CUCK FHINA (Score:1)