Companies are advised to constantly update their apps and software, and patch known network vulnerabilities to prevent such attacks:
A ransomware group called "Ghost" is exploiting the network vulnerabilities of various organizations to gain access to their systems, according to a joint advisory issued by multiple U.S. federal agencies.
"Beginning early 2021, Ghost actors began attacking victims whose internet-facing services ran outdated versions of software and firmware," the Cybersecurity and Infrastructure Security Agency (CISA) said in the Feb. 19 joint advisory. "Ghost actors, located in China, conduct these widespread attacks for financial gain."
The attacks have targeted schools and universities, government networks, critical infrastructure, technology and manufacturing companies, health care, and several small and mid-sized businesses.
[...] The criminals use publicly available code to exploit "common vulnerabilities and exposures" of their targets to secure access to servers. They leverage vulnerabilities in servers running Adobe ColdFusion, Microsoft Exchange, and Microsoft SharePoint.
Also at BleepingComputer.
Related:
- Chinese Salt Typhoon Hackers 1st Spotted on Federal Networks Under Another Name
- U.S. Treasury Confirms It Was Breached by China-Backed Hackers
- A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says
- U.S. Officials Urge Americans to Use Encrypted Apps Amid Unprecedented Cyberattack
- T-Mobile Hacked in Massive Chinese Breach of Telecom Networks, WSJ Reports
« Seagate's Fraudulent HDD Scandal Expands: Ironwolf Pro Hard Drives Reportedly Also Affected | Software Engineering Job Openings Hit 5-Year Low Amid Industry Shift »
Related Stories
T-Mobile's network was among the systems hacked in a damaging Chinese cyber-espionage operation that gained entry into multiple US and international telecommunications companies, The Wall Street Journal reported on Friday citing people familiar with the matter:
Hackers linked to a Chinese intelligence agency were able to breach T-Mobile as part of a monthslong campaign to spy on the cellphone communications of high-value intelligence targets, the Journal added, without saying when the attack took place.
[...] It was unclear what information, if any, was taken about T-Mobile customers' calls and communications records, according to the WSJ report.
[...] On Wednesday, The Federal Bureau of Investigation (FBI) and the US cyber watchdog agency CISA said China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies.
Earlier in October, the Journal reported that Chinese hackers accessed the networks of US broadband providers, including Verizon Communications, AT&T and Lumen Technologies and obtained information from systems the federal government uses for court-authorized wiretapping.
Previously: U.S. Wiretap Systems Targeted in China-Linked Hack
Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers.
The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country's telecommunications systems free of interlopers. Officials had told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.
A spokesperson for the Chinese Embassy in Washington did not immediately respond to a request for comment.
In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications.
"Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said.
The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts.
The scope of the telecom compromise is so significant, Greene said, that it was "impossible" for the agencies "to predict a time frame on when we'll have full eviction."
[...] The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances.
[...] In a statement to NBC News, Ron Wyden, D-Ore, one of the Senate's fiercest privacy advocates, criticized America's reliance on CALEA as it leaves such sensitive information unencrypted.
"Whether it's AT&T, Verizon, or Microsoft and Google, when those companies are inevitably hacked, China and other adversaries can steal those communications," he said.
A 9th telecoms firm has been hit by a massive Chinese espionage campaign, the White House says:
A ninth U.S. telecoms firm has been confirmed to have been hacked as part of a sprawling Chinese espionage campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans, a top White House official said Friday.
Biden administration officials said this month that at least eight telecommunications companies, as well as dozens of nations, had been affected by the Chinese hacking blitz known as Salt Typhoon.
But deputy national security adviser Anne Neuberger told reporters Friday that a ninth victim had been identified after the administration released guidance to companies about how to hunt for Chinese culprits in their networks.
The update from Neuberger is the latest development in a massive hacking operation that has alarmed national security officials, exposed cybersecurity vulnerabilities in the private sector and laid bare China's hacking sophistication.
The hackers compromised the networks of telecommunications companies to obtain customer call records and gain access to the private communications of what officials have said is a a limited number of individuals. Though the FBI has not publicly identified any of the victims, officials believe senior U.S. government officials and prominent political figures are among those whose whose communications were accessed.
Neuberger said Friday that officials did not yet have a precise sense how many Americans overall were affected by Salt Typhoon, in part because the Chinese were careful about their techniques, but that a "large number" were in the Washington-Virginia area.
Officials believe the goal of the hackers was to identify who owned the phones and, if they were "government targets of interest," spy on their texts and phone calls, she said.
The FBI said most of the people targeted by the hackers are "primarily involved in government or political activity."
Neuberger said the episode highlighted the need for required cybersecurity practices in the telecommunications industry, something the Federal Communications Commission is to take up at a meeting next month. In addition, she said, the government was planning additional actions in coming weeks in response to the hacking campaign, though she did not say what they were.
"We know that voluntary cyber security practices are inadequate to protect against China, Russia and Iran hacking of our critical infrastructure," she said.
The Chinese government has denied responsibility for the hacking.
Arthur T Knackerbracket has processed the following story:
According to a letter from the U.S. Treasury Department to lawmakers revealed on Monday, Dec. 30, Chinese-backed hackers successfully infiltrated the department’s systems and stole government documents this month.
The breach, first reported by Reuters, highlights yet another instance of state-sponsored cyber espionage targeting U.S. government employees — just moments after AT&T and Verizon finally dealt with Salt Typhoon. In a statement to Senator Sherrod Brown, chair of the Committee on Banking, Housing, and Urban Affairs, the Treasury confirmed that the attack occurred in December.
In the letter, the department states that the breach was flagged by a third-party cybersecurity vendor, BeyondTrust, which discovered that the attackers had compromised a key used to secure a cloud-based service. That service was integral to providing remote technical support to end users within the department's offices.
"With access to the stolen key, the threat actor was able [to] override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users," the letter reads.
The Treasury revealed it was alerted to the breach on Dec. 8 and is collaborating with the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to evaluate the scope of the incident. Reuters reports that the FBI has yet to respond to requests for comment, while CISA redirected inquiries back to the Treasury.
With the help of tipsters, the cybersecurity agency was able to 'connect the dots' to crack what has been called one of the worst telecom hacks in US history:
Chinese state-backed cyber espionage group Salt Typhoon, which has been in the news for its breach of U.S. telecom firms, was first discovered on the federal network using a different name, according to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA).
"We saw it as a separate campaign called another goofy cyber name. And we were able to—based on the visibility that we had within the federal networks—to be able to connect some dots," she said during a discussion at the Foundation for Defense of Democracies on Jan. 15.
[...] The earlier identification under a different name enabled officials to connect the dots with the help of tipsters from the private sector, which Easterly said ultimately "led to kind of cracking open the larger Salt Typhoon piece."
[...] On Jan. 17, the U.S. Treasury Department announced it was sanctioning Chinese cybersecurity company Sichuan Juxinhe Network Technology Co. for "direct involvement in the Salt Typhoon cyber group."
"Chinese state-backed cyber actors continue to present some of the greatest and most persistent threats to U.S. national security," the Treasury Department said.
The Treasury Department also sanctioned Shanghai-based hacker Yin Kecheng, who was allegedly behind a major breach of the department's network in early December. The cyber actor is affiliated with China's Ministry of State Security, the department said.
Previously:
- U.S. Treasury Confirms It Was Breached by China-Backed Hackers
- A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says
- Wyden Law Would Give FCC Greater Power Over Telecom's Lax Cybersecurity In Wake Of Ugly Salt Typhoon
- Salt Typhoon's Cyberstorm Reaches Beyond US Telcos
- Senators Ask Cyber Review Board to Conduct Investigation on Chinese Hack Group
(Score: 4, Funny) by Frosty Piss on Wednesday February 26, @06:23PM
This is a problem is President Musk and Putin's Poodle haven't yet secured a "deal" with the Chinese for this type of access. Orange Jesus is "transactional", and so the Chinese need to bring something to the table to access Americans this way.
(Score: 2, Insightful) by VLM on Wednesday February 26, @09:05PM (2 children)
So, the long-winded description is whats going on is BAU for the internet, except they magically have determined with absolute certainty that these attackers are Chinese.
(Score: 2, Interesting) by Mojibake Tengu on Wednesday February 26, @09:26PM (1 child)
The funny magical word Krahang is not a word in Chinese. But it is in Malay.
So, /me magically determines Singapore or Malaysia as the best candidates. That means, Five Eyes, indirectly.
An indicator which also supports this hypothesis is list/map of victim countries, where there are observed three core BRICS members: India, Brasilia and South Africa. That renders China much less probable as a state attacker.
Rust programming language offends both my Intelligence and my Spirit.
(Score: 1, Interesting) by Anonymous Coward on Saturday March 01, @02:18AM
Tengu spouting his usual confident bullshit that noob mods keep modding up.
Krahang is obviously Thai: https://en.wikipedia.org/wiki/Krahang [wikipedia.org]
Thailand is not Malaysia or Singapore.