Yazılar

U.S. Indicts Chinese Hackers and Sanctions Tech Company Over Spy Campaign

/in /tarafından

The U.S. government has announced new legal actions targeting alleged Chinese hackers, including multiple indictments and sanctions, in connection with a years-long espionage campaign. Federal authorities have charged 10 individuals in total, including eight employees from a Chinese tech company, i-Soon (also known as Anxun Information Technology), and two members of the Chinese Ministry of Public Security.

The indictment, made public on Wednesday, describes i-Soon as a key component in China’s “hacker-for-hire” ecosystem, claiming the company played a significant role in targeting global and U.S. entities. Among the alleged victims were the U.S. Defense Intelligence Agency, the Department of Commerce, Taiwan’s and South Korea’s foreign ministries, and several organizations critical of China, including news agencies. Additionally, the hackers infiltrated various religious groups, including a major U.S.-based religious organization.

The indictment outlines that i-Soon charged Chinese intelligence agencies between $10,000 and $75,000 for each email inbox they successfully breached, with added fees for data analysis. The charges against the individuals range from stealing sensitive personal and government data to orchestrating cyber-attacks on foreign governments.

In response, the Chinese embassy in Washington condemned the U.S. sanctions, emphasizing China’s opposition to what it called “long-arm jurisdiction” and vowed to take action to protect the rights of its citizens and companies.

Alongside the indictments, the U.S. Treasury Department announced sanctions against Shanghai-based Heiying Information Technology and its founder, Zhou Shuai, for allegedly selling stolen data and access to compromised U.S. infrastructure networks. Some of the stolen data was reportedly sold to a previously sanctioned Chinese hacker, Yin Kecheng, who was also indicted. Yin is linked to a prior breach of U.S. Treasury data.

US Removes Malware Allegedly Planted by Chinese-Backed Hackers

/in /tarafından

The U.S. Justice Department announced on Tuesday that it had successfully removed malware, known as “PlugX,” from over 4,200 computers that had been targeted by a group of hackers linked to the Chinese government. The malware, which had been used to steal sensitive information, was installed through infected USB devices by a group identified as “Mustang Panda” or “Twill Typhoon.”

The hackers, allegedly backed by the Chinese government, used PlugX for cyber-espionage, affecting thousands of computers globally. According to U.S. prosecutors, the Chinese government paid the Mustang Panda group to develop the malware. The hacking campaign has been active since at least 2014, targeting computers in the U.S., Europe, and Asia, as well as those belonging to Chinese political dissidents.

Cybersecurity company Sekoia traced the command-and-control infrastructure for PlugX and collaborated with French law enforcement to seize control of it in July 2024. In coordination with French authorities, the FBI identified devices in the U.S. affected by the malware and worked to send self-delete commands to remove it from those devices.

The operation marks a significant step in international cooperation to counteract cyber threats linked to state-sponsored hackers, with U.S. officials emphasizing the importance of protecting critical infrastructure from such sophisticated attacks.

 

FBI Warns of Call Log Breach Following Hack of AT&T’s System

/in /tarafından

The FBI has warned its agents that a significant data breach of AT&T’s system last year likely resulted in hackers stealing months’ worth of call and text logs, potentially compromising the identities of confidential informants. This breach, which impacted all FBI devices using AT&T’s public safety network, included sensitive information such as mobile phone numbers and the numbers agents communicated with, according to reports from Bloomberg News.

The breach occurred in April 2022, when hackers downloaded data from around 109 million customer accounts, which included records of calls and texts. The stolen records, while not containing the content of the communications, could still expose sensitive connections between FBI agents and their informants. This raises serious concerns about the security of confidential sources, especially since the breach could link agents to their secret sources.

In a communication to FBI agents across the country, the agency warned that their activities on the AT&T network were likely among the stolen data, putting both agents and their sources at risk. An FBI spokesperson emphasized the agency’s duty to safeguard the identities and safety of its confidential informants, who often provide critical information at great personal risk.

AT&T spokesperson Alex Byers responded to the breach, stating that the company had worked closely with law enforcement to mitigate the impact on government operations following the incident. This breach is part of a broader concern about cyber-espionage targeting U.S. telecom networks. The U.S. government has responded to these threats, including recent steps to counter Chinese-linked cyber-espionage efforts against U.S. telecom companies.

While AT&T and other major telecom firms such as Verizon have confirmed their networks were targeted by cyber hackers, they also assured that their systems are now secure after cooperating with U.S. law enforcement and government agencies.