A Chinese government-linked hacking group that was thought to be dormant has been quietly targeting companies and government agencies for the past two years, harvesting data after stealing passwords and circumventing two-factor authentication intended to prevent such attacks, researchers said.
Fox-IT, a security company based in the Netherlands, said in a report published yesterday that the group’s attacks have extended to 10 countries, including the US, the UK, France, Germany and Italy.
The Chinese hackers carried out a global espionage campaign that targeted industries, including aviation, construction, finance, healthcare, insurance, gambling and energy, the firm said.
The hackers likely belong to a group known as APT20, according to the researchers, who said they had “high confidence that the actor is a Chinese group and that they are likely working to support the interests of the Chinese government.”
Between 2009 and 2014, APT20 — which is also known as Violin Panda and th3bug — was associated with hacking campaigns that targeted universities, military, telecoms and healthcare companies.
The group went quiet for a number of years, but has recently made a resurgence, Fox-IT said.
“A lot of people thought that this group disappeared, or no longer existed,” Fox-IT chief security expert Frank Groenewegen said. “But what we found is that this group has been operating internationally again and hacking lots of companies.”
A representative for the Chinese government did not return a message seeking comment.
Fox-IT discovered the group’s hacking spree in the summer of last year, while carrying out an analysis of computer systems that had been compromised, Groenewegen said.
From the initial discovery, Fox-IT researchers were able to follow a digital trail that helped them uncover dozens of similar attacks that appear to have been perpetuated by the same group.
Attacks were also carried out in Brazil, Mexico, Portugal and Spain, Fox-IT said.
There was also at least one target within China, a semiconductor company, said Groenewegen, who declined to name the companies and organizations that were attacked.
Fox-IT is working with some of them to clean up their systems and has notified the others, he said.
The hackers would usually gain entry to an organization’s systems by exploiting a vulnerability on Web servers that the company or government agency operated. They would then penetrate further to identify people — usually system administrators — with privileged access to the most sensitive parts of the computer network, Fox-IT’s report said.
The hackers would place keylogger software on system administrators’ computers, which record keystrokes and can reveal passwords, it said.
The group was also able in at least one case to compromise a RSA SecurID two-factor authentication system, replicating its codes, which are designed to thwart hackers by providing an extra layer of security in addition to a password, it said.
RSA Security did not respond to a message seeking comment.
The hackers were effective at covering up their tracks, Fox-IT said. They would routinely delete the tools they used to steal data from infected computers.
However, occasionally they slipped up: Fox-IT placed monitoring technology within one victim’s network and was able to gather data showing that the hackers were using a Web browser that had its language set to Chinese.
With the help of a law enforcement agency, Fox-IT traced the hackers’ activities to a Web server the group had purchased as a staging point for their attacks. The hackers had paid in bitcoin and given fake details, a British phone number and US address in Lafayette, Louisiana, but they had typed part of the address in simplified Chinese.
There was also the issue of time. Fox-IT security experts were kept up all night by the hackers, who became active at about 3am in the Netherlands and continued for eight to 10 hours. That suggests they were operating in China’s time zone, which is seven hours ahead of the Netherlands.
Perhaps the most striking indicator came after the hackers found out they had been caught. Fox-IT moved to shut them out of a compromised network, and watched as the group typed in a series of commands to try and regain access to the computers.
When it became clear that they had been locked out, one of the hackers, apparently frustrated, bashed out the word “wocao” (我操) on his keyboard.
That is Chinese slang for an obscenity, Fox-IT said.
Taiwan Transport and Storage Corp (TTS, 台灣通運倉儲) yesterday unveiled its first electric tractor unit — manufactured by Volvo Trucks — in a ceremony in Taipei, and said the unit would soon be used to transport cement produced by Taiwan Cement Corp (TCC, 台灣水泥). Both TTS and TCC belong to TCC International Holdings Ltd (台泥國際集團). With the electric tractor unit, the Taipei-based cement firm would become the first in Taiwan to use electric vehicles to transport construction materials. TTS chairman Koo Kung-yi (辜公怡), Volvo Trucks vice president of sales and marketing Johan Selven, TCC president Roman Cheng (程耀輝) and Taikoo Motors Group
Stephen Garrett, a 27-year-old graduate student, always thought he would study in China, but first the country’s restrictive COVID-19 policies made it nearly impossible and now he has other concerns. The cost is one deterrent, but Garrett is more worried about restrictions on academic freedom and the personal risk of being stranded in China. He is not alone. Only about 700 American students are studying at Chinese universities, down from a peak of nearly 25,000 a decade ago, while there are nearly 300,000 Chinese students at US schools. Some young Americans are discouraged from investing their time in China by what they see
MAJOR DROP: CEO Tim Cook, who is visiting Hanoi, pledged the firm was committed to Vietnam after its smartphone shipments declined 9.6% annually in the first quarter Apple Inc yesterday said it would increase spending on suppliers in Vietnam, a key production hub, as CEO Tim Cook arrived in the country for a two-day visit. The iPhone maker announced the news in a statement on its Web site, but gave no details of how much it would spend or where the money would go. Cook is expected to meet programmers, content creators and students during his visit, online newspaper VnExpress reported. The visit comes as US President Joe Biden’s administration seeks to ramp up Vietnam’s role in the global tech supply chain to reduce the US’ dependence on China. Images on
New apartments in Taiwan’s major cities are getting smaller, while old apartments are increasingly occupied by older people, many of whom live alone, government data showed. The phenomenon has to do with sharpening unaffordable property prices and an aging population, property brokers said. Apartments with one bedroom that are two years old or older have gained a noticeable presence in the nation’s six special municipalities as well as Hsinchu county and city in the past five years, Evertrust Rehouse Co (永慶房產集團) found, citing data from the government’s real-price transaction platform. In Taipei, apartments with one bedroom accounted for 19 percent of deals last