Yazılar

Suspected Russian Hackers Use Sophisticated New Tactic to Target UK Researcher

/in /tarafından

Suspected Russian hackers deployed a novel and highly convincing tactic to trick British researcher Keir Giles into compromising his own accounts, according to Giles and cybersecurity experts.

Last month, the hackers impersonated a U.S. State Department official named “Claudie Weber” who contacted Giles via email to arrange a meeting requiring use of a secure government app. Although the email came from a Gmail address, the communication was fluent, idiomatic, and included apparent State Department colleagues copied on the exchange. Giles, a seasoned expert on Russia and espionage, was usually wary but was eventually deceived by the professionalism and persistence over nearly two weeks.

Giles provided an app-specific password—a credential that grants third-party app access but can bypass regular password protections—thus exposing his account.

Alphabet’s Google attributed the attack to the Russian government, citing similarities to prior campaigns. The Russian Foreign Ministry did not respond to inquiries. Giles described the operation as seamless, with no obvious red flags even in hindsight.

Cybersecurity researchers from Citizen Lab noted the attack’s fluency might indicate the use of advanced AI, such as large language models, to craft convincing messages—marking a significant upgrade from typical error-ridden phishing attempts. They also pointed out that the hackers exploited the lack of error messages when sending emails to fake State Department addresses.

This sophisticated social engineering attack highlights evolving cyber threats where even cautious experts can be deceived by carefully orchestrated campaigns.

The U.S. State Department did not immediately comment on the incident.

Secretive Chinese Network Targets Laid-Off U.S. Government Workers, Research Shows

/in /tarafından

A network of companies allegedly operated by a Chinese tech firm has been targeting recently laid-off U.S. government employees, attempting to recruit them through job ads and fake consulting offers, according to research by Max Lesser, a senior analyst with the Foundation for Defense of Democracies. The campaign, which follows established tactics used in previous Chinese intelligence operations, raises concerns about espionage efforts aimed at exploiting vulnerable former federal workers.

Recruitment Efforts and Network Connections

Lesser’s research uncovered a network of four companies, which are said to be involved in a broader operation targeting ex-government workers and AI researchers. These companies, which have posted job listings on platforms such as Craigslist and LinkedIn, appear to be linked through overlapping websites, shared servers, and other digital connections. The four companies are also hosted on the same IP address as Smiao Intelligence, an internet services firm whose website went offline during the investigation.

Despite the efforts to track down these companies, Reuters faced numerous challenges, including dead-end phone calls, fake addresses, and deleted job listings. Lesser believes that the operation is designed to exploit the financial vulnerabilities of individuals affected by recent layoffs, including those initiated by the Department of Government Efficiency under President Donald Trump and tech tycoon Elon Musk.

The Potential for Espionage

Though it remains unclear whether the companies are directly linked to the Chinese government, analysts suggest that the network could serve as a vehicle for foreign-linked entities to gather sensitive information from former federal employees. Once recruited, these individuals could be asked to provide government-related intelligence or help expand the network by recruiting others.

The campaign’s focus on former government workers follows a pattern seen in previous espionage activities by both China and Russia, who have long targeted disgruntled or financially vulnerable U.S. employees to gain access to sensitive information. The FBI has warned that Chinese intelligence operatives have previously posed as academic institutions and recruitment firms to lure U.S. government employees into working as unwitting spies.

RiverMerge Strategies and Wavemax Innovation

One of the companies in the network, RiverMerge Strategies, described itself as a “geopolitical risk consulting” firm and posted job listings for positions such as “Geopolitical Consulting Advisor” and human resources specialists. Despite receiving over 200 applications for one of these roles, the company’s contact details were suspiciously linked to a Chinese phone number, and its physical addresses led to vacant or unrelated locations.

Another company, Wavemax Innovation, placed ads targeting laid-off government workers for positions in project management, research, and policy analysis. Similar to RiverMerge, Wavemax’s listed Singapore address led to a vacant field, raising further questions about its legitimacy.

Government Response and International Implications

In response to the investigation, a spokesperson for the Chinese Embassy denied any knowledge of the companies or their operations, emphasizing China’s commitment to respecting data privacy and security. Meanwhile, a White House spokesperson condemned such activities, underscoring the need for both current and former government employees to remain vigilant against foreign intelligence threats.

The FBI’s warnings and the tactics used in this case mirror earlier incidents, such as the 2020 conviction of Singaporean national Jun Wei Yeo, who worked as an agent of the Chinese government by luring U.S. government employees into espionage under the guise of consulting work.

Conclusion

This revelation highlights a growing trend of foreign intelligence services leveraging job recruitment scams to gain access to U.S. government insiders. As more employees are laid off due to restructuring or policy changes, they may become vulnerable to exploitation by foreign entities seeking to acquire sensitive information. The U.S. government has increasingly recognized the risks posed by such activities, urging employees to remain cautious about unsolicited job offers.

US Lawmakers Demand Chinese Telecoms Detail Ties to Military and Government

/in /tarafından

The leaders of a U.S. House of Representatives panel have urged top Chinese telecom companies to provide detailed information about any connections to the Chinese military and government, citing national security concerns over their operations in the U.S. Representatives Raja Krishnamoorthi, the top Democrat on the House Select Committee on China, and Republican John Moolenaar, the committee chair, have sent letters to China Mobile, China Telecom, and China Unicom, requesting responses by March 31.

The lawmakers expressed concerns that the companies could misuse their access to U.S. data through cloud and internet services, potentially sharing sensitive information with the Chinese government. This follows a 2024 Reuters report revealing a U.S. Commerce Department investigation into these companies’ operations in the U.S. and the potential security risks they pose.

In one letter, the committee raised alarms about China Telecom’s operations, particularly its role in internet backbone exchanges and cloud computing. The lawmakers warned that such operations could facilitate unauthorized data access, espionage, or sabotage by the Chinese government. They also highlighted the companies’ documented connections to Chinese intelligence, intensifying national security concerns amid China’s increasing cyber-attacks on U.S. telecommunications infrastructure.

The letters reflect growing bipartisan concern over Chinese telecom firms’ U.S. presence, especially after significant cyber-attacks tied to Chinese state-backed groups. Two prominent cyber incidents—Salt Typhoon and Volt Typhoon—have been linked to Chinese government entities, with the latter described by the FBI as the largest cyber-espionage campaign in U.S. history. Beijing has denied any involvement in these attacks.

China Telecom, China Mobile, and China Unicom have long been under scrutiny in Washington. The Federal Communications Commission (FCC) denied China Mobile’s application to offer U.S. telecom services in 2019 and revoked China Telecom and China Unicom’s authorizations in 2021 and 2022. In 2024, the FCC moved to bar these companies from offering broadband services, but the decision was blocked by a court. Despite these regulatory actions, the companies still retain the ability to provide cloud services and handle U.S. internet traffic, thus maintaining access to Americans’ data.