Chinese government hackers have attempted in the past few weeks to penetrate the networks of U.S. companies to steal their secrets despite a pledge by China’s president that they would not do so, according to private researchers.
Chinese hackers have targeted at least seven U.S. companies since President Xi Jinping vowed last month in Washington that his country would not conduct cyber-economic espionage — the theft of trade secrets and intellectual property for the benefit of the nation’s industries, according to CrowdStrike, a firm that helps companies track and prevent intrusions.
In the three weeks since Xi left Washington — including the day after he left, on Sept. 26 — hackers linked to the Chinese government have attempted to gain access to tech and pharmaceutical companies’ networks, said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer, who released a report on the issue Monday. Continue reading
Tag Archives: Dmitri Alperovitch
China reportedly compiling ‘Facebook’ of U.S. government employees
According to CrowdStrike founder Dmitri Alperovitch, Chinese hackers are using information gained from the breaches of the U.S. Office of Personnel Management, as well as intrusions into the Anthem and CareFirst BlueCross BlueShield health insurance networks, to build a complete profile of federal employees in what the company calls a “Facebook of Everything.”
…
As Fox News has reported, the most sensitive information stolen in the OPM breach was lifted from what is known as the Standard Form 86, or SF-86. The 127-page security clearance application is essentially a road map to your life. It contains highly detailed information on everything from where an applicant lived and worked, to personal references, family members, friends and associates, as well as drug history and intimate health information. Continue reading
Chinese cyberspies have hacked Middle East experts at major U.S. think tanks
Middle East experts at major U.S. think tanks were hacked by Chinese cyberspies in recent weeks as events in Iraq began to escalate, according to a cybersecurity firm that works with the institutions.
The group behind the breaches, called “DEEP PANDA” by security researchers, appears to be affiliated with the Chinese government, says Dmitri Alperovitch, chief technology officer of the firm CrowdStrike. The company, which works with a number of think tanks on a pro bono basis, declined to name which ones have been breached.
Alperovitch said the firm noticed a “radical” shift in DEEP PANDA’s focus on June 18, the same day witnesses reported that Sunni extremists seized Iraq’s largest oil refinery. The Chinese group has typically focused on senior individuals at think tanks who follow Asia, said Alperovitch. But last month, it suddenly began targeting people with ties to Iraq and Middle East issues. Continue reading
X Another Chinese military unit accused of hacking by US company
San Francisco: A private US cyber-security company on Monday accused a unit of China’s military of conducting far-reaching hacking operations to advance the country’s satellite and aerospace programs.
Security company CrowdStrike said Shanghai-based unit 61486 of the People’s Liberation Army 12th bureau has attacked networks of Western government agencies and defence contractors since 2007.
CrowdStrike said the hacking targeted the US space, aerospace and communications sectors. The cyberspying targeted “popular productivity applications such as Adobe Reader and Microsoft Office to deploy custom malware through targeted email attacks,” CrowdStrike said. Continue reading
Cyber Attacks on U.S. Banks Expose Computer Vulnerability
Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults.
The attack, which a U.S. official yesterday said was waged by a still-unidentified group outside the country, flooded bank websites with traffic, rendering them unavailable to consumers and disrupting transactions for hours at a time.
While the group is using a method known as distributed denial-of-service, or DDoS, to overwhelm financial-industry websites with traffic from hijacked computers, the attacks have taken control of commercial servers that have much more power, according to the specialists.
“The notable thing is the volume and the scale of the traffic that’s been directed at these sites, and that’s very rare,” Dmitri Alperovitch, co-founder and chief technology officer of Palo Alto, California-based security firm CrowdStrike Inc. (0192981D), said in a phone interview.
Full article: Cyber Attacks on U.S. Banks Expose Computer Vulnerability (Bloomberg Businessweek)
Pentagon Attacked by Computer Virus
A computer virus that destroys documents and spreads to other networks recently infected computers at the Pentagon, the Defense Information Systems Agency (DISA) said on Thursday.
One of the Pentagon’s hundreds of networks “recently identified an infection after having issues opening Word and Excel documents,” DISA said in a statement.
…
Dmitri Alperovitch, a computer security specialist, told the Free Beacon, that the sophisticated attack software most likely originated from a foreign government, possibly China.
…
According to an Aug. 31 McAfee threat alert, the virus has two names: W32/XDocCrypt.a, and W32/XDocCrypt.b, that “parasitically infects” Microsoft Office Word, Excel, and related executable files.
The virus appears to be designed to destroy or disable documents by first encoding its contents using an encryption program, and then replacing the document with a malicious software file that the encrypted data attached to it. The original data is eventually deleted if the infection is not detected and steps are not taken to recover the documents.
The virus also replicates itself and spreads to other computers.
“The infection routine searches for files with ‘.doc’, ‘.xls’ or ‘.exe’ in the file name, and tries to infect them,” the report said.
To prevent digital infections, the security firm recommended blocking five Internet addresses: 184.82.162.163, 184.22.103.202, attow.com.br, http://www.zugo-bikes.com, forum.perfect-privacy.com.
Full article: Pentagon Attacked by Computer Virus (Washington Free Beacon)
Global Geopolitics 