New report details China’s presence in U.S. systems

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

U.S. officials are reportedly concerned about the possibility that China-backed hackers have snuck malware onto networks underpinning military and critical infrastructure operations.

Driving the news: That’s according to a New York Times report that ran Saturday, which raises the question of whether China is already laying the groundwork for a potential Taiwan invasion.

Why it matters: U.S. officials and cybersecurity experts have long anticipated that cyber warfare would play a major role in a potential Chinese invasion of Taiwan.

• In that scenario, experts anticipate that China would use a destructive cyberattack to disrupt communications between the U.S. and Asian countries.

The big picture: In recent years, China state-backed hackers have become stealthier and more difficult to detect on networks — targeting internet-facing security tools to evade traditional detection and stealing obscure encryption keys to hack government email accounts.

• The Times’ report is the latest warning that China-backed hackers are getting savvier.

Details: The new concerns build on a Microsoft report released in May that identified a new piece of China-linked malware on telecommunications systems in Guam and elsewhere in the U.S.

• Now, the Times reports the malware is more widespread and older than initially suggested. The White House has reportedly kicked off a series of Situation Room meetings and started briefing state officials and utility companies.

Yes, but: It’s unclear what the motive for the campaign might be. Countries spy on each other all the time, but a destructive cyberattack is much rarer and would have larger geopolitical consequences.

What they’re saying: “Without weighing in on the specific details of the NYT story, the topic is significant, but threats of this nature, which seek to compromise our critical infrastructure, are not new,” Marc Raimondi, a former national security official, told Axios.

• “It’s something to be concerned about for sure, but it’s amongst many things that we should be concerned about regarding the [People’s Republic of China] and our other advanced adversaries in the cyber and critical infrastructure realm,” he added.

Hackers Promise AI, Install Malware Instead

source: securityweek.com  |  image: pexels.com

Facebook parent Meta warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malware on devices.

Meta on Wednesday warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malicious code on devices.

Over the course of the past month, security analysts with the social-media giant have found malicious software posing as ChatGPT or similar AI tools, chief information security officer Guy Rosen said in a briefing.

“The latest wave of malware campaigns have taken notice of generative AI technology that’s been capturing people’s imagination and everyone’s excitement,” Rosen said.

Continue reading “Hackers Promise AI, Install Malware Instead” →

Meet APT43, the newest North Korean threat

source: Axios, contributed by FAN Bill Amshey  |  image: pexels.com

Researchers have identified a new state-backed hacking group in North Korea: APT43.

Driving the news: Mandiant, a threat intelligence firm owned by Google, said in a report today that APT43 has been engaging in espionage campaigns to support the North Korean regime.

• APT43 also appears to target cryptocurrency firms and services and uses the profits to fund its espionage operations, the report states.
• The group typically targets organizations in South Korea and the United States, with a special focus on government, business services, manufacturing and education and research groups.

The big picture: Mandiant has “moderate confidence” that APT43 is specifically linked to North Korea’s foreign intelligence service.

• Mandiant has been tracking this gang’s activities since 2018, and today’s report officially elevates the group to an official state-backed hacking group.

Of note: Other companies refer to the group as “Kimsuky” or “Thallium” in their reports. Each cyber research firm uses its own naming conventions for identifying hacking groups.

Details: APT43 engages in two types of cyber activity: Spear-phishing email campaigns to harvest specific targets’ credentials and high-value research, and cryptocurrency firm hacks to get funds for its own operations.

• In the spear-phishing attacks, APT43 poses as reporters and researchers to trick employees at U.S. defense and research organizations, as well as South Korea-based think tanks, into clicking on a malicious email link or responding with key intel.
• APT43 has been seen using cryptocurrency services to launder stolen currency, suggesting the group has been involved in the string of recent attacks.

Threat level: Unlike other state-backed hacking groups, APT43 has yet to be seen exploiting critical, unknown vulnerabilities in systems.

• However, the group continues to maintain “a high tempo of activity” and has collaborated with several North Korea state-backed hacking groups.