Microsoft said on Thursday that a security vulnerability in its Internet Explorer browser was used in cyberattacks that prompted Google to threaten to shut down its operations in China.
Meanwhile, Web security firm MaAfee Inc said the attacks on Google and other companies showed a level of sophistication beyond that of cyber criminals and more typical of a nation-state.
Revealing the attacks on Tuesday, Google said they originated from China and targeted the e-mail accounts of Chinese human rights activists around the world, but did not explicitly accuse the Chinese government of responsibility.
Dmitri Alperovitch, vice president of threat research for McAfee, said that while McAfee had “no proof that the Chinese are behind this particular attack, I think there are indications though that a nation-state is behind it.”
Google said more than 20 other unidentified firms were targeted in the “highly sophisticated” attacks. while other reports have put the number of companies attacked at more than 30.
Google said that following the attacks it had decided to no longer censor its Internet search engine in China and was prepared to close its operations there entirely if it could not reach an agreement with the Chinese authorities.
Only one other company, Adobe, has come forward so far and acknowledged that it was a target of the attacks, which exploited a previously unknown security flaw in Internet Explorer.
“Internet Explorer was one of the vectors used in targeted and sophisticated attacks targeted against Google and other corporate networks,” Mike Reavey, the director of Microsoft’s Security Response Center, said in a blog post on Thursday.
Reavey stressed that Microsoft “has not seen widespread customer impact, rather only targeted and limited attacks exploiting [Internet Explorer 6.]”
Changing security settings to “high” would protect users from the vulnerability, he said.
Microsoft chief executive Steve Ballmer said meanwhile that the US software giant takes cyberattacks “seriously” but has no plans to pull out of China.
“We’ve been quite clear that we’re going to operate in China,” Ballmer told CNBC television. “We’re going to abide by the law.”
“We need to take all cyberattacks seriously, not just this one,” he said.
Alperovitch said the attacks on Google and other companies, which he was not allowed to identify, were unusual in their sophistication.
“We have seen attacks like this before but only in the government space, in the defense-industrial space,” Alperovitch said. “We have never seen that level of sophistication, level of planning and reconnaissance and attention to detail in attacks on commercial entities. Primarily the threat to commercial entities is from cyber-crime individuals after financial data. They’re typically sloppy.”
“This exploit was highly sophisticated,” he said. “It used multiple levels of obfuscation and encryption, more so than in any other types of exploits that we have seen previously.”
Such sophistication is “typically an attribute of a nation-state type of attack — and that’s exactly what we see here,” the McAfee researcher said.
Alperovitch said that the attackers used e-mail or some other lure to get employees of a targeted company to click on a link and visit a specially crafted Web site using Internet Explorer.
“Malware would then be downloaded that has the capability to essentially install a ‘back door’ in the machine,” he said. “This allows the attacker to log into the machine and essentially take it over as if they were sitting at the keyboard manipulating that machine.”
“What that does is it gives the attacker a beachhead into the organization from which point they can start exploring, identifying valuable pieces of data and other vulnerable services,” he said.
MORE VISITORS: The Tourism Administration said that it is seeing positive prospects in its efforts to expand the tourism market in North America and Europe Taiwan has been ranked as the cheapest place in the world to travel to this year, based on a list recommended by NerdWallet. The San Francisco-based personal finance company said that Taiwan topped the list of 16 nations it chose for budget travelers because US tourists do not need visas and travelers can easily have a good meal for less than US$10. A bus ride in Taipei costs just under US$0.50, while subway rides start at US$0.60, the firm said, adding that public transportation in Taiwan is easy to navigate. The firm also called Taiwan a “food lover’s paradise,” citing inexpensive breakfast stalls
US PUBLICATION: The results indicated a change in attitude after a 2023 survey showed 55 percent supported full-scale war to achieve unification, the report said More than half of Chinese were against the use of force to unify with Taiwan under any circumstances, a survey conducted by the Atlanta, Georgia-based Carter Center and Emory University found. The survey results, which were released on Wednesday in a report titled “Sovereignty, Security, & US-China Relations: Chinese Public Opinion,” showed that 55.1 percent of respondents agreed or somewhat agreed that “the Taiwan problem should not be resolved using force under any circumstances,” while 24.5 percent “strongly” or “somewhat” disagreed with the statement. The results indicated a change in attitude after a survey published in “Assessing Public Support for (Non)Peaceful Unification
PLUGGING HOLES: The amendments would bring the legislation in line with systems found in other countries such as Japan and the US, Legislator Chen Kuan-ting said Democratic Progressive Party (DPP) Legislator Chen Kuan-ting (陳冠廷) has proposed amending national security legislation amid a spate of espionage cases. Potential gaps in security vetting procedures for personnel with access to sensitive information prompted him to propose the amendments, which would introduce changes to Article 14 of the Classified National Security Information Protection Act (國家機密保護法), Chen said yesterday. The proposal, which aims to enhance interagency vetting procedures and reduce the risk of classified information leaks, would establish a comprehensive security clearance system in Taiwan, he said. The amendment would require character and loyalty checks for civil servants and intelligence personnel prior to
The China Coast Guard has seized control of a disputed reef near a major Philippine military outpost in the South China Sea, Beijing’s state media said, adding to longstanding territorial tensions with Manila. Beijing claims sovereignty over almost all of the South China Sea and has waved away competing assertions from other countries as well as an international ruling that its position has no legal basis. China and the Philippines have engaged in months of confrontations in the contested waters, and Manila is taking part in sweeping joint military drills with the US which Beijing has slammed as destabilizing. The Chinese coast guard
RSS