Chinese technology companies have been linked to targeting governments and critical networks with malicious cyber attacks since 2021.
Working with 12 international partners, GCHQ’s National Cyber Security Centre (NCSC) has made public links between three China-based technology companies and the global cyber campaign.
Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology have been named in the latest NCSC advisory.
The NCSC worked on the advisory with counterparts in the US, Australia, Canada, New Zealand, Czechia, Finland, Germany, Italy, Japan, the Netherlands, Poland and Spain.
The advisory said the malicious campaign has targeted organisations in sectors including government, telecommunications, transportation and military infrastructure globally, since at least 2021, adding that a “cluster of activity” has been observed in the UK.
The NCSC said data stolen could allow the Chinese intelligence services to identify and track targets’ communications and movements, and that attackers have had success taking advantage of common weaknesses rather than relying on bespoke malware or zero-day vulnerabilities.
“Organisations of national significance in the UK are encouraged to proactively hunt for malicious activity and implement mitigative actions, including ensuring that edge devices are not exposed to known vulnerabilities and implementing security updates,” advised the NCSC.
Concerning behaviour
NCSC CEO Richard Horne said the organisation is “deeply concerned” by the “irresponsible behaviour of the named commercial entities”.
“It is crucial organisations in targeted critical sectors heed this international warning about the threat posed by cyber actors, who have been exploiting publicly known – and so therefore fixable – vulnerabilities,” he added.
“In the face of sophisticated threats, network defenders must proactively hunt for malicious activity, as well as apply recommended mitigations based on indicators of compromise and regularly review network device logs for signs of unusual activity.”
John Hultquist, chief analyst at Google Threat Intelligence Group, said: “Though there are many Chinese cyber espionage actors regularly targeting the sector, this actor’s familiarity with telecommunications systems gives them a unique advantage, especially when it comes to evading detection.
“Many of the highly successful Chinese cyber espionage actors we encounter have deep expertise in the technologies used by their targets, giving them an upper hand.”
He said an ecosystem of contractors, academics and other facilitators are at the heart of Chinese cyber espionage. “Contractors are used to build tools and valuable exploits as well as carry out the dirty work of intrusion operations,” said Hultquist. “They have been instrumental in the rapid evolution of these operations and growing them to an unprecedented scale.”
In April, the NCSC and partners issued advisories alerting individuals considered to be of interest to the Chinese intelligence services to two spyware variants, dubbed Moonshine and BadBazaar.
The spyware variants both employ a technique known as trojanising, whereby they hide their malicious functionality inside apparently legitimate applications to access device functions such as microphones and cameras, location data, messages and photos.
Last year, the NCSC and its counterpart, Five Eyes, accused a China-based company acting as a front for the state of running a massive botnet comprising over 250,000 internet-connected devices, about 8,500 of them located in the UK.
The compromised devices include enterprise network and security tools such as routers and firewalls, and internet of things (IoT) products such as CCTV cameras and webcams. Unbeknownst to their owners, they are being used to conduct coordinated cyber attacks, including distributed denial of service attacks and malware delivery.
Source link
