Get subscribed to our newsletter
Get interesting updates to your email inbox.
Microsoft has disrupted the activities of a China-based hacking group, gaining control of the malicious websites the group used to attack organisations in the US and 28 other countries around the world.
The Microsoft Digital Crimes Unit (DCU) said in a statement that a federal court in Virginia granted its request to seize websites of the hacking group called 'Nickel', enabling the company to cut off Nickel's access to its victims and prevent the websites from being used to execute attacks.
Follow NewsGram on LinkedIn to know what's happening around the world.
"We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks and human rights organisations," said Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft.
Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft's secure servers will help the company protect existing and future victims while learning more about Nickel's activities.
Also Read : Fortnite : A Gold Mine for Hackers
"Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks," Burt said late on Monday.
To date, in 24 lawsuits - five against nation-state actors -- Microsoft has taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors.
"We have also successfully blocked the registration of 600,000 sites to get ahead of criminal actors that planned to use them maliciously in the future," the tech giant informed.
"We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks and human rights organisations."Unsplash
In some observed activity, Nickel malware used exploits targeting unpatched on-premises Exchange Server and SharePoint systems.
"However, we have not observed any new vulnerabilities in Microsoft products as part of these attacks. Microsoft has created unique signatures to detect and protect from known Nickel activity through our security products, like Microsoft 365 Defender," the company noted.
Nickel has targeted organisations in both the private and public sectors, including diplomatic organisations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa. (IANS/SP)
(Keywords : hacking, China, Microsoft, website, victim, intelligence, attack, malicious, traffic, server, company, disruption, lawsuits, cybercriminals, vulnerability.)
- Chinese Cyber Operations Scoop Up Data For Political, Economic ... ›
- Hackers Steal $120mn In Crypto From Blockchain-based DeFi ... ›
Mustang Panda is a Chinese hacking group that is suspected of attempting to infiltrate the Indonesian government last month.
The reported breach, which the Indonesians denied, fits the pattern of China's recent cyberespionage campaigns. These attacks have been increasing over the past year, experts say, in search of social, economic and political intelligence from Asian countries and other nations across the globe.
"There's been an upswing," said Ben Read, director of cyberespionage analysis at Mandiant, a cybersecurity firm, in an interview with VOA. Cyber operations stemming from China are "pretty extensive campaigns that haven't seemed to be restrained at all," he said.
'Large-scale and indiscriminate'
For years, China was considered the United States' main cyber adversary, having coordinated teams both inside and outside the government conducting cyberespionage campaigns that were "large-scale and indiscriminate," Josephine Wolff, an associate professor of cybersecurity policy at Tufts University, told VOA.
The 2014-15 hack on the U.S. Office of Personnel Management, in which the personnel records of 22 million federal workers were compromised, was a case in point — a "big grab," she said.
After a 2015 cybersecurity agreement between then-U.S. President Barack Obama and Chinese President Xi Jinping, attacks from China declined, at least against the West, experts say.
Hacking rising with rhetoric
But as tensions rose between Beijing and Washington during the Trump presidency, Chinese cyberespionage also increased. Over the past year, experts have attributed notable hacks in the U.S., Europe and Asia to China's Ministry of State Security, the nation's civilian intelligence agency, which has taken the lead in Beijing's cyberespionage, consolidating efforts by the People's Liberation Army.
TAG-28, a Chinese state-sponsored hacking team focused on the Indian subcontinent, reportedly infiltrated targets that included the Indian government agency in charge of a database of biometric and digital identity information for more than 1 billion people, according to The Record, a media site focused on cybersecurity.
A Microsoft report released in October accuses the Chinese hacking group Chromium of targeting universities in Hong Kong and Taiwan and going after other countries' governments and telecommunication providers.
A woman walks by the Microsoft office building in Beijing, July 20, 2021. The Biden administration and Western allies formally blamed China the day before for a massive hack of Microsoft Exchange email server software. Image source: voa
Hafnium, the name Microsoft gave to a Chinese hacking group, was behind the Microsoft Exchange hack earlier this year, according to the company and the Biden administration. Chinese hacking teams, Microsoft reported, took advantage of a weakness in the software to grab what they could before an emergency patch could be issued.
Scooping up data
A National Public Radio investigation asserted that the Microsoft Exchange hack may have been, in part, an information scoop aimed at acquiring large amounts of data to train China's artificial intelligence assets.
Hafnium also targets higher education, defense industry firms, think tanks, law firms and nongovernmental organizations, the Microsoft report said. Another group from China, Nickel — also known as APT15 and Vixen Panda — targets governments in Central and South America and Europe, Microsoft said.
"What you are seeing now is this realization that Chinese espionage never disappeared and has become more technologically sophisticated," Wolff said.
White House response
The Biden administration has stepped up its response to Chinese hacking. Over the summer, the U.S. and its allies, including the European Union, NATO and the United Kingdom, accused China of being behind the Microsoft hack and called on Beijing to cease the activity.
The Biden administration has not indicted anyone related to the Microsoft Exchange hack, nor has it instituted economic or other sanctions against China.
However, the U.S. unsealed in July an indictment against four members of China's Ministry of State Security in a separate attack conducted by a group that security researchers call Advanced Persistent Threat (APT) 40, Bronze, Mohawk and other names.
A Chinese government spokesman demanded that the U.S. drop the charges and denied the nation was behind the Microsoft Exchange hack.
"The United States ganged up with its allies to make unwarranted accusations against Chinese cybersecurity," said Zhao Lijian, a Chinese Foreign Ministry spokesperson, in a July statement. "This was made up out of thin air and confused right and wrong. It is purely a smear and suppression with political motives."
An icon for the Pulse Secure smartphone app, right, and a computer desktop info page are seen in Burke, Va., June 14, 2021. Suspected state-backed Chinese hackers penetrated the computer systems of critical U.S. entities by exploiting Pulse Connect Secure networking devices. Source:voa
While China has stepped up its use of hacking, it has not crossed what some cyber experts say is a bright line in cyberespionage: public, overt hacks, such as the Russian disinformation campaign to influence the 2016 U.S. presidential election and, in May, the Colonial Pipeline ransomware hack, which was attributed to Russian-based cybercriminals.
China's aims appear to be long term and both economic and strategic, such as shoring up its capabilities "so they are not only well defended but surpass capacities," Philip Reiner, the CEO of the Institute for Security and Technology, told VOA.
A collective push from world leaders that cyberespionage is unacceptable might resonate with Chinese leaders in Beijing, who want to be accepted on the world stage, he said. Detailing clear consequences for state-sponsored hacks is also critical, he said.
Without a strong push from the U.S. and its allies, experts say, China's state-sponsored cyberattacks will continue. (VOA/RN)
Keywords: China, Cyber attacks, Microsoft, Hacking
With the pandemic forcing many schools and educational institutions to find online alternatives, 89 per cent people in India believe that schools should educate children on cyber safety, according to a study by McAfee released on Tuesday. Of these, 62 per cent believe that digital wellness and protection should have its own separate curriculum that is taught throughout grade school while 27 per cent feel it should be integrated into technology subjects like IT. Further, 81 per cent of the people in India said that since last year, at least one member in their household started either full time or part time online learning via virtual platforms. Of these 24 per cent learners fall between the age group 5-12, and 9 per cent even under the age of 5.
89 per cent people in India believe that schools should educate children on cyber safety, according to a study by McAfee released on Tuesday. Photo by Maria Thalassinou on Unsplash
"With students as well as teachers now operating from lesser controlled environments, the need to educate them on basics such as phishing, cyberbullying, and inculcating overall cybersecurity hygiene is imperative. Educational institutions must approach cybersecurity holistically, particularly now that technology pervades nearly every facet of a child's life," said Judith Bitterli, senior vice president of Consumer at McAfee, in a statement. "As technology has transformed the educational sector, cybersecurity too must be part of the school curriculum, and entrenched in the way we teach, and the way we learn," she added. To stay safe, one must scrutinise the email/text before replying; maximise privacy settings on all social profiles and engage in safe social networking.
Children must also be educated about fake news, how to spot a phishing scam, make strong, complex passwords, among others. Photo by Dan Nelson on Unsplash
Use a VPN when children are accessing online learning services from home to protect the privacy of the Internet connection with bank-level encryption to stop hackers stealing personal information like passwords or data, McAfee advised. Children must also be educated about fake news, how to spot a phishing scam, make strong, complex passwords, among others. For the study, McAfee commissioned MSI International to conduct a survey of over 1,000 adults in India in April 2021, aged 18-75. (IANS/ MBI)
Keywords: cybercrime, cyber-security, hacking, passwords, cyber bully, password, VPN, data, phising, pandemic
- Cybersecurity Experts Worried By Chinese Firm's Control Of Smart ... ›
- 2000% Increase In Cyber Security Breaches During Pandemic ... ›
- How to Protect Your Kid From Cyberbullying This School Year - NewsGram - Lens to India from Abroad ›
- Safety Is Important When Opting For Salon Services At Home - NewsGram - Lens to India from Abroad ›
- Rethinking Cybersecurity In The Era Of Remote Working - NewsGram - Lens to India from Abroad ›
- Rethinking Cybersecurity In The Era Of Remote Working - NewsGram - Lens to India from Abroad ›
With most people working from home, due to the Coronavirus pandemic, there has been a surge in cybercrime. The year 2021 saw 5,258 data breaches across the globe, a third more breaches analyzed than last year, according to a report on Thursday. The 14th edition of the Data Breach Investigations Report (2021 DBIR) by US-based Verizon Business, analyzed 29,207 security incidents from data collected from 83 contributors, with victims spanning 88 countries; 12 industries, and three world regions.
The report showed that with an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of misrepresentation increasing by 15 times compared to last year. Additionally, breached data showed that 61 percent of breaches involved credential data. About 95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year.
Follow NewsGram on Twitter to stay updated about the World news.
“The Covid-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” said Tami Erwin, CEO, Verizon Business, in a statement. “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures” Erwin added.
Among Financial and insurance industries, 83 percent of data compromised in breaches was personal data, while in Professional, Scientific, and Technical Services industries only 49 percent was personal. Further, the 2021 DBIR report also revealed many breaches that took place in Asia Pacific regions were caused by financially motivated attackers — phishing employees for credentials, and then using those stolen credentials to gain access to mail accounts and web application servers.
Europe, Middle East, and Africa regions saw basic cybercrime in web application attacks, system intrusion, and social engineering, while Northern America was the target of financially-motivated cybercriminals searching for money or easily monetizable data. Social engineering, hacking, and malware continued to be the favored tools utilized by cybercriminals in this region. (IANS/SP)