Days Before a Report, Chinese Hackers Removed Malware From Infected Networks 28
An anonymous reader shares a report: Last month, security firm FireEye detected a Chinese hacking campaign that exploited a zero-day vulnerability in Pulse Secure VPN appliances to breach defense contractors and government organizations in the US and across Europe. The hacking campaign allowed the threat actors -- two groups which FireEye tracks as UNC2630 and UNC2717 -- to install web shells on Pulse Secure devices, which the attackers used to pivot to internal networks from where they stole internal network credentials, email communications, and sensitive documents.
But in a follow-up report published today, FireEye said it found something strange -- namely that at least one of the groups involved in the attacks began removing its malware from infected networks three days before its researchers exposed the attacks. "Between April 17th and 20th, 2021, Mandiant incident responders observed UNC2630 access dozens of compromised devices and remove webshells like ATRIUM and SLIGHTPULSE," researchers said on Thursday. The threat actor's actions are highly suspicious and raise questions if they knew of FireEye's probing.
But in a follow-up report published today, FireEye said it found something strange -- namely that at least one of the groups involved in the attacks began removing its malware from infected networks three days before its researchers exposed the attacks. "Between April 17th and 20th, 2021, Mandiant incident responders observed UNC2630 access dozens of compromised devices and remove webshells like ATRIUM and SLIGHTPULSE," researchers said on Thursday. The threat actor's actions are highly suspicious and raise questions if they knew of FireEye's probing.
Who'd have thought... (Score:2)
The level of espionage (Score:1)
The level active hostility the Chinese egnage in toward are interests is stagger. The fact they we even pretend we can or should haven normal trade and national relations with them just show how deeply corrupt our own leadership is.
Responsible government would have recalled all US citizens from Chinese territories, required the null routing of all Chines networks, expelled all Chinese nationals, and sanctioned all Chinese financials 15 years ago!
Re: (Score:3, Funny)
Re: (Score:1)
Much stagger. Very egnage. So haven normal trade! Never Chines networks.
I'm sure there is a dogecoin tie-in somewhere here. Maybe the attackers are running mining software on the compromised computers.
Re: (Score:2)
How stagger is it?
Stop trying to make `stagger' happen.
Re: (Score:2)
Stagger happens.
Try connecting via fiber.
Re:The level of espionage (Score:5, Interesting)
Your level broken Egnlish are also stagger.
Also, uh, what's with the China hate all of a sudden? I mean, I get it, but why now? Nothing has really changed in the past fifty years but now everyone is shocked SHOCKED that doing business with literal authoritarian communists hasn't magically transformed them into a docile vassal state. It's hilarious cluelessness from left to right, top to bottom.
Re:The level of espionage (Score:4, Insightful)
What has changed? Money.
There was a time when you could put in a modicum of effort [cheaply] for securing your network and still be relatively secure.
Now... It does not matter how small you are, it is insanely expensive to secure systems properly. "Properly" has always been a matter of debate, but whatever your definition, "properly" is a lot more expensive now than it was 10 years ago.
Re:The level of espionage (Score:4, Interesting)
But it has. In short, fifty years ago the Chinese wouldn't have bothered to make the effort. The dramatic increase in individual income in China (to over simplify) was supposed to lead to more a democratic form of government as the 'people' have more interest (i.e. property) to protect. That has been forestalled by the government which, to legitimize itself and stay in power, now has to accommodate this interest when setting policy. How well this works without direct electoral feedback is still tbd as their economy and society continue to rapidly evolve.
Re: (Score:2)
Nothing has really changed in the past fifty years
The Chinese motivations haven't changed, however, their ability to implement them has remarkably.
Re: (Score:2)
Re: (Score:2)
Bourbon Country.
Re: (Score:2)
I'm trying to figure out if your account has been hacked, or you've just stopped self-filtering your beliefs.
You used to be sorta off base.
but "racist propoganda", "toxic white males", "western pigs". it's like woke bingo, and I just won.
Re: (Score:2)
He's a white male who has lived in China for the past 25 years.
He took local citizenship. If he doesn't post this stuff, he won't have a high enough social score to access western media. And his Chinese isn't very good, so his world would shrink down to the size of his apartment.
Poor Americans... (Score:1, Troll)
Re: (Score:2)
In soviet russia, americans hack .... wait a tick ....
Re: (Score:2, Insightful)
It all seems very believable to me.
That's because you're credulous enough to believe in conspiracy theories, including the vast power and reach of the CIA, ("and/or NSA") but you're too dimwitted to also realize that they know what IQ tests are, and mostly hire smart people.
Instead, you presume that they've got all this power, but bumble around uselessly, tripping over their own feet. Because they can't possibly be any smarter or more capable than the nutcases you personally know who let you in the secrets.
The truth is out there. But you wou
Security firm FireEye detected Chinese hacking? (Score:1)
Is this the same FireEye that couldn't protect Equifax. I guess it took this long for them to come up with this cyber BS.
How FireEye and Equifax handles unhandled malware [cnmeonline.com]
FireEye has a mole (Score:1)
Re: (Score:1)
Re: (Score:1)