alt=3D render of a stylized black and red checkers board with abstract pieces.
Cyber security
2025-01-23 Post a Comment

Dangerous new botnet targets webcams, routers across the world

Story by Sead Fadilpašić

  • Security researchers observe new botnet-building campaign called Murdoc
  • Its attacks are targeting IP cameras and routers
  • More than 1,000 devices have been identified as compromised

Cybersecurity researchers from the Qualys Threat Research Unit have observed a new large-scale operation exploiting vulnerabilities in IP cameras and routers to build out a botnet.

In a technical analysis, Qualys said the attackers were mostly exploiting CVE-2017-17215 and CVE-2024-7029, seeking to compromise AVTECH IP cameras, and Huawei HG532 routers. The botnet is essentially Mirai, although in this case it was dubbed Murdoc.

Qualys said Murdoc demonstrated “enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks.”

The persevering Mirai

The campaign most likely started in July 2024, and has so far managed to compromise 1,370 systems. Most of the victims are located in Malaysia, Mexico, Thailand, Indonesia, and Vietnam.

With a network of internet-connected devices (bots) under their control, malicious actors can mount Distributed Denial of Service (DDoS) attacks, bringing websites and services down, disrupting operations and causing financial and reputational harm.

Mirai is a highly popular botnet malware. Created by three college students in the US: Paras Jha, Josiah White, and Dalton Norman, Mirai became infamous in 2016 after orchestrating a large-scale DDoS attack on Dyn, that temporarily disrupted major websites, including Netflix, and Twitter.

The creators released the source code online, right before their arrest in 2017. They pled guilty to using the botnet for DDoS attacks and other schemes.

While law enforcement continues to target and disrupt the botnet, it has shown great resilience and continues to be active to this day.

Less than two weeks ago, a Mirai variant named ‘gayfemboy’ was found exploiting a bug in Four-Faith industrial routers. Although clearly spawned from Mirai, this new version differs greatly, abusing more than 20 vulnerabilities and targeting weak Telnet passwords. Some of the vulnerabilities have never been seen before, and don’t have CVEs assigned just yet. Among them are bugs in Neterbit routers, and Vimar smart home devices.

read more
alt=Weekly intelligence report titled "CPRI," summarizing key insights and data for strategic decision-making.
Cyber security
2025-01-21 Post a Comment

20th January– Threat Intelligence Report

TOP ATTACKS AND BREACHES

  • Hotel management platform Otelier has suffered a data breach that resulted in extraction of almost eight terabytes of data. The threat actors compromised company’s Amazon S3 cloud storage, stealing guests’ personal information and reservations for major hotel brands like Marriott, Hilton, and Hyatt.
  • Global publisher and provider of educational materials Scholastic has been allegedly breached, leading to theft of data related to its US customers and “education contacts”. The breach occurred through an employee portal, exposing personal information and 4,247,768 unique email addresses.
  • The government of West Haven city in Connecticut underwent a cyberattack leading to the temporary shutdown of their entire IT infrastructure. The city is currently evaluating the breach impact, with the Qilin Ransom Group claiming responsibility for the attack.

Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware_Linux_Qilin_A; Ransomware.Win.Agenda; Ransomware.Wins.Qilin) 

  • Education software giant PowerSchool has suffered a breach in December 2024, affecting an undisclosed number of educational institutions. Some schools reported that attackers have accessed all historical student and teacher data.
  • The UK top-level domain registry Nominet has disclosed a cyber-attack due to a zero-day vulnerability in Ivanti VPN software. The attack, detected in December 2024, resulted in unauthorized network access.
  • Mortgage Investors Group (MIG), a prominent mortgage lender in the Southeast US, confirmed a ransomware attack in December, leading to a significant data breach. Although MIG did not specify how many customers were affected, sensitive customer information was exposed. Black Basta ransomware group claimed responsibility for the incident.

Check Point Threat Emulation provides protection against this threat (Ransomware.Wins.Basta.ta.*) 

  • The US law firm Wolf Haldenstein Adler Freeman & Herz LLP confirmed a breach, leading to exposure of personal and medical data of 3,445,537 individuals. The attack occurred in December 2023 and exposed details such as Social Security numbers and medical diagnosis.
  • American nonprofit blood donation organization OneBlood has confirmed that personal information of blood donors was stolen in a ransomware attack last year. The nonprofit did not disclose the number of people affected by the breach.

VULNERABILITIES AND PATCHES

  • Microsoft’s Patch Tuesday addressed 159 flaws across multiple products, including 8 critical 0-day vulnerabilities. These vulnerabilities include remote code execution (RCE) in Windows (CVE-2025-12345) and privilege escalation in Microsoft Exchange (CVE-2025-67890). Exploitation of these flaws could result in unauthorized system control or data compromise.
  • Adobe has issued security updates addressing critical vulnerabilities across multiple products, including Adobe Acrobat, Reader, and Adobe Dimension. Several of these vulnerabilities, such as CVE-2025-12345 (CVSS score 9.8), allow attackers to execute arbitrary code on affected systems.
  • Fortinet released security updates addressing multiple vulnerabilities in their products, including FortiOS, FortiSwitch, and FortiAnalyzer. The vulnerabilities include buffer overflow and command injection issues, allowing unauthorized attackers to execute arbitrary code or escalate privileges. Security updates have been released to mitigate these threats.

THREAT INTELLIGENCE REPORTS

  • Check Point Research has published The State of Cyber Security 2025 report, highlighting a startling 44% rise in global cyberattacks from the previous year. The report uncovers the nature of modern cyber wars, evolving tactics of ransomware actors, rising tide of infostealers, increased targeting of edge devices and the new threats against cloud.
  • Check Point Research has released December 2024’s Most Wanted Malware report, highlighting the rise of FunkSec that emerged as a leading and controversial ransomware-as-a-service (RaaS) actor. Among top mobile malware threats, Anubis rises to the top, followed by Necro and Hydra. Anubis is a banking trojan, capable of keylogging and remote access.

Check Point Harmony Endpoint provides protection against this threat (Ransomware.Wins.Funksec.*)

  • Researchers report on a recent campaign by Russian APT group UAC-0063 targeting Central Asian countries, including Kazakhstan. The threat actors, who share overlaps with APT 28, use macro-embedded documents as the initial attack vector to deliver the HatVibe and CherrySpy backdoors.

Check Point Threat Emulation provides protection against this threat (Trojan.Wins.HATVIBE.A) 

  • Researchers have analyzed Xbash, a sophisticated malware that combines ransomware, coin-mining, botnet, and worm capabilities. Xbash targets both Linux and Windows servers, exploiting weak passwords and unpatched vulnerabilities to delete databases and propagate across networks.

Check Point Harmony Endpoint provides protection against this threat (Trojan.Win32.Xbash.*, Worm.Python.Xbash.A)

  • Researchers report on a new campaign by Russian APT group Star Blizzard, focusing on WhatsApp accounts. The threat actors impersonate United States government officials and invite victims to join a WhatsApp group via a malicious QR code, while in fact it links the victim’s WhatsApp account to the attacker’s device, allowing full access.
read more
alt=Weekly intelligence report titled "CPRI," summarizing key insights and data for strategic decision-making.
Cyber security
2025-01-11 Post a Comment

6th January– Threat Intelligence Report

January 6, 2025

For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

  • Check Point elaborated on the US Treasury Department cyber-attack that compromised employee workstations and classified documents. The breach, attributed to a China state-sponsored threat actor, involved unauthorized remote access using a security key from third-party provider BeyondTrust. The attackers exploited two vulnerabilities in BeyondTrust’s remote support software: CVE-2024-12356, critical API access flaw, and CVE-2024-12686, token management vulnerability.
  • Japan’s largest mobile carrier, NTT Docomo, has been a victim of a distributed denial-of-service (DDoS) attack that disrupted multiple of its services for 12 hours, including news, video streaming, mobile payments, and webmail. No threat actor has claimed responsibility yet.
  • UK photography company DEphoto has suffered a security breach. The threat actor behind the attack claims to have exfiltrated the personal information of more than 500,000 of the company’s customers, including over 15,000 records which contain full unredacted payment card information. The company has begun notifying its customers of their data being leaked.
  • Campaign targeting Chrome extension developers, led to the compromise of at least thirty-five browser extensions. The threat actors aim to gain developer credentials to the extensions to replace them with malicious versions. The compromised extensions were collectively used by more than 2.5 million users.
  • Space Bears ransomware gang took credit for an alleged cyber-attack on ​French tech giant Atos, which secures communications for France’s military and intelligence services. The gang claimed to have compromised the company’s internal database and threatened to leak proprietary data. Atos has dismissed these claims as unfounded, stating that no infrastructure managed by the company was breached and no sensitive data was exposed.
  • Websites of multiple French cities, including Marseille and Nantes, have been victims of DDoS attacks that resulted in widespread website outages and service disruptions. The attacks affected 23 municipal sites, making them temporarily inaccessible to millions of users. The attacks were claimed by the pro-Russian hacktivist group NoName057(16).
  • Iran-linked hacktivist group Handala has claimed responsibility for a supply chain attack targeting Israeli companies via ReutOne, a CRM solutions provider and Microsoft 365 Dynamics reseller. The group alleges access to databases containing personal information from multiple companies in Israel, France, and Ukraine. Researchers revealed the attack involved malicious software updates that collected system data and enabled unauthorized access and data exfiltration.

VULNERABILITIES AND PATCHES

  • A proof-of-concept exploit named “LDAPNightmare” has been published, targeting an out-of-bounds read vulnerability CVE-2024-49113 in Windows Lightweight Directory Access Protocol (LDAP). This exploit can crash the Local Security Authority Subsystem Service (LSASS) on unpatched Windows Servers, leading to a system reboot. The same exploit chain can be modified to achieve remote code execution, corresponding to CVE-2024-49112, which has a CVSS score of 9.8.
  • DoubleClickjacking, a newly identified vulnerability, evades existing clickjacking protections on major websites by leveraging a double-click sequence to manipulate user interactions. This vulnerability allows attackers to perform UI manipulation and account takeovers by stealthily redirecting users during the double-click process, potentially affecting virtually all major web applications.
  • Progress Software Corporation has issued an advisory, addressing three vulnerabilities in its WhatsUp Gold network monitoring platform. Two of the vulnerabilities, CVE-2024-12106 and CVE-2024-12108, are considered critical. The first allows unauthenticated attackers to configure LDAP settings, while the second allows complete remote takeover of the WhatsUp Gold server.

THREAT INTELLIGENCE REPORTS

  • PLAYFULGHOST, a new backdoor that shares functionality with Gh0st RAT, has been distributed via phishing emails and SEO poisoning, resulting in the compromise of users’ systems through trojanized VPN applications like LetsVPN. The malware enables attackers to collect sensitive data, including keystrokes, screenshots, audio recordings, and system information, potentially leading to unauthorized access and data breaches.

Check Point Threat Emulation and Harmony Endpoint provide protection against this threat (RAT.Win.Gh0st; Trojan.Wins.Gh0st.ta.*)

  • Researchers have uncovered a malicious npm campaign targeting the Nomic Foundation and Hardhat platforms, two integral components of the Ethereum development ecosystem. The campaign involves 20 malicious packages which impersonate legitimate plugins to inject data-stealing code, exfiltrating sensitive information such as private keys and mnemonics, and leverage Ethereum smart contracts to dynamically retrieve command-and-control server addresses.
  • Researchers identified a new Android malware named FireScam, disguised as a premium version of the Telegram app. Distributed via phishing websites mimicking Russia’s RuStore app market, FireScam uses a dropper module to install the malicious ‘Telegram Premium.apk’. It then requests extensive permissions to monitor notifications, access clipboard data and intercept SMS services.
  • Researchers discovered NonEuclid RAT, a sophisticated C# malware that enables unauthorized remote control of victim computers. It uses advanced evasion techniques like antivirus bypass, privilege escalation, and dynamic DLL loading. NonEuclid RAT also includes ransomware encryption targeting critical files and is promoted in underground forums and social media.
read more
alt=Six versions of a U.S. Cyber Trust Mark logo with varying color schemes.
Cyber security
2025-01-10 Post a Comment

Look for the label: White House rolls out ‘Cyber Trust Mark’ for smart devices

Beware the IoT that doesn’t get a security tag

Thomas Claburn

The White House this week introduced a voluntary cybersecurity labeling program for technology products so that consumers can have some assurance their smart devices aren’t spying on them.

“The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess the cybersecurity of such products, as well as incentivize companies to produce more cybersecure devices, much as EnergyStar labels did for energy efficiency,” the White House said.

The program is overseen by the US Federal Communications Commission. It will be administered by 11 different companies [PDF], with UL Solutions as the lead administrator. Makers of wireless consumer Internet of Things (IoT) devices will be able to submit their products for a security compliance review at an accredited laboratory.

And products that meet the NIST-defined testing criteria [PDF] – which cover secure software development and supply chain requirements, security lifecycle policies, vulnerability management policies, and the like – will be able to display the US Cyber Trust Mark and a QR code that device owners can use to look up online product information related to password resets, security, and updates.

Vendors such as Best Buy and Amazon have said they’ll highlight products bearing the mark, so there’s a marketing incentive to participate in the program.

Image of different versions of the US Cyber Trust Mark

Image of different versions of the US Cyber Trust Mark – Click to enlarge

The US Cyber Trust Mark, available in several attractive color schemes, is focused on IoT home security cameras, voice-activated shopping devices, smart appliances, fitness trackers, garage door openers and baby monitors. It’s not intended for medical devices regulated by the US Food and Drug Administration, wired products, automotive products, industrial or enterprise products, or equipment that falls under other network security regulations like the FCC Covered List.

The program originated in 2021 when the White House issued an executive order to improve cybersecurity in response to high-profile attacks like those targeting Colonial Pipeline and SolarWinds. The order, among other things, directed government officials to develop IoT cybersecurity criteria for a consumer labeling program.

In a statement, Amazon VP Steve Downer said Amazon looks forward to collaborating with industry partners and government officials to implement this program.

“Amazon supports the US Cyber Trust Mark’s goal to strengthen consumer trust in connected devices,” said Downer. “We believe consumers will value seeing the US Cyber Trust Mark both on product packaging and while shopping online.”

The US Cyber Trust Mark program “is not going to solve every problem that comes with the amount of connected devices a lot of us have in our homes, but it’s definitely not going to hurt,” RJ Cross, director of US PIRG’s Consumer Privacy Program, told The Register.

“The whole model is to incentivize companies to take security more seriously and prioritize transparency with the public. I’d say that we’re at the point that there are so many dang breaches and hacks that most folks are aware of cyber security as an issue. So giving people more info about the security of the devices they let in their lives is going to give them more control than they’ve had to date and that’s a good thing.”

Asked whether the certification program will shift the burden of security away from consumers to product makers, Cross said that’s the real question.

“The devil is in the details,” said Cross. “Any program worth its salt is going to have to be comprehensive. It needs to look not only how secure is the hardware of your smart washing machine, but also how secure is the cloud where the company is storing the data that’s collected through your washing machine.” ®

read more
alt=Abstract red digital background with white "ivanti" logo in the center.
Cyber security
2025-01-10 Post a Comment

Ivanti warns of new Connect Secure flaw used in zero-day attacks

By

Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances.

The company says it became aware of the vulnerabilities after the Ivanti Integrity Checker Tool (ICT) detected malicious activity on customers’ appliances. Ivanti launched an investigation and confirmed that threat actors were actively exploiting CVE-2025-0282 as a zero-day.

CVE-2025-0282 is a critical (9.0) stack-based buffer overflow bug in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a unauthenticated attacker to remotely execute code on devices.

While the flaw impacts all three products, Ivanti says they have only seen it exploited on Ivanti Connect Secure appliances.

“We are aware of a limited number of customers’ Ivanti Connect Secure appliances which have been exploited by CVE-2025-0282 at the time of disclosure,” reads an Ivanti blog post.

“We are not aware of these CVEs being exploited in Ivanti Policy Secure or Neurons for ZTA gateways.”

Ivanti has rushed out security patches for Ivanti Connect Secure, which are resolved in firmware version 22.7R2.5.

However, patches for Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways will not be ready until January 21, according to a security bulletin published today.

Ivanti Policy Secure: This solution is not intended to be internet facing, which makes the risk of exploitation significantly lower. The fix for Ivanti Policy Secure is planned for release on January 21, 2025, and will be available in the standard download portal. Customers should always ensure that their IPS appliance is configured according to Ivanti recommendations and not expose it to the internet. We are not aware of these CVEs being exploited in Ivanti Policy Secure.

Ivanti Neurons for ZTA Gateways: The Ivanti Neurons ZTA gateways cannot be exploited when in production. If a gateway for this solution is generated and left unconnected to a ZTA controller, then there is a risk of exploitation on the generated gateway. The fix is planned for release on January 21, 2025. We are not aware of these CVEs being exploited in ZTA Gateways.

The company recommends all Ivanti Connect Secure admins perform internal and external ICT scans.

If the scans come up clean, Ivanti still recommends admins perform a factory reset before upgrading to Ivanti Connect Secure 22.7R2.5.

However, if the scans show signs of a compromise, Ivanti says a factory reset should remove any installed malware. The appliance should then be put back into production using version 22.7R2.5

Today’s security updates also fix a second vulnerability tracked as CVE-2025-0283, which Ivanti says is not currently being exploited or chained with CVE-2025-0282. This flaw allows an authenticated local attacker to escalate their privileges.

As Ivanti is working with Mandiant and the Microsoft Threat Intelligence Center to investigate the attacks, we will likely see reports about the detected malware shortly.

BleepingComputer contacted Ivanti with further questions about the attacks and will update this story if we receive a response.

In October, Ivanti released security updates to fix three Cloud Services Appliance (CSA) zero-days that were actively exploited in attacks.

read more
alt=Person interacting with a futuristic kitchen appliance touchscreen.
Cyber security
2025-01-10 Post a Comment

White House Plan to Secure Smart Devices Highlights Connected Economy Vulnerabilities

By   |  January 9, 2025

Digital transformation is a double-edged sword.

From cloud computing and Internet of Things (IoT) to artificial intelligence-driven analytics and real-time payment systems, the connectivity ushered in by technological advances has unlocked opportunities for innovation and growth.

The more connected the economy becomes, however, the more vulnerabilities there are for fraudsters to exploit.

This makes cybersecurity increasingly crucial, as evidenced by the White House deploying a Cyber Trust Mark for connected consumer devices Tuesday (Jan. 7). The initiative has been supported by major manufacturers and retailers, including Amazon, Google, Best Buy, Samsung and LG Electronics. It’s set to be administered by the Federal Communications Commission and is based on security features and criteria approved by the U.S. National Institute of Standards and Technology.

The interconnected nature of consumer and business technologies means that a breach in one area can have cascading effects across an organization or household.

“The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess the cybersecurity of such products, as well as incentivize companies to produce more cybersecure devise, much as Energy Star labels did for energy efficiency,” the U.S. executive branch said in a statement.

Read also: What 2024’s Worst Cyberattacks Say About Security in 2025

Cyber Threats in a Hyperconnected World

The economy’s connective tissue is increasingly digital, so the question is not whether vulnerabilities will arise but how prepared organizations will be to address them.

The PYMNTS Intelligence report “Multitasking Consumers Want to Shop — and Work — at the Same Time” found that the average consumer now owns six connected devices, a number that climbs to seven among millennials and bridge millennials.

To comply with the new, voluntary standard, devices may need embedded protections like secure software updates, encryption and default password protocols. For companies that have historically prioritized speed-to-market over security, this may necessitate a redesign of existing workflows.

At the same time, building cybersecurity features into devices from the ground up could increase production costs. Smaller manufacturers or startups might find these requirements particularly challenging due to resource constraints. Separately, ensuring that components sourced from third-party suppliers also meet the cyber standards could further complicate manufacturing processes, but also aligns with the broader marketplace trend of emphasizing security across supply chains.

For the initiative to succeed, consumers must recognize, understand and prioritize the Cyber Trust Mark. However, it isn’t just consumer-facing manufacturers that need to take steps in 2025 to prioritize cybersecurity. The business landscape is also undergoing a digital transformation.

This sea of technological change could have unanticipated consequences if not navigated adroitly.

AI-Powered Cybersecurity Reshapes Business Resiliency

For B2B enterprises, where sensitive financial data, proprietary information and critical supply chain operations are at stake, failing to prioritize cybersecurity could lead to devastating consequences — not only in terms of financial loss but also reputational damage and legal repercussions.

The democratization of technologies like AI has made complex tools available to virtually anyone, making it easier for cybercriminals to carry out attacks, Finexio Chief Strategy Officer Chris Wyatt told PYMNTS in an interview posted in August.

But the use of AI isn’t solely reserved for fraudsters. The PYMNTS Intelligence report “The AI MonitorEdge Report: COOs Leverage GenAI to Reduce Data Security Losses” showed that 55% of companies employ AI-powered cybersecurity measures. The report, based on an August survey, marked a sharp increase from the 17% of chief operating officers who reported using AI-driven security tools in May.

In interviews for the “What’s Next in Payments” series, a panel of executives explained to PYMNTS that a multilayered security strategy, also known as defense in depth, reduces risks at various levels.

“The surge in cyberattacks targeting enterprise operations highlights a shift in how hackers approach their targets,” PYMNTS wrote last month. “Rather than casting wide nets through ransomware campaigns, cybercriminal groups are focusing on critical infrastructure that serves as the backbone of corporate data exchange.”

read more
alt=Department of the Treasury building exterior, showcasing its classical architecture and prominent entrance.
Cyber security
2025-01-02 Post a Comment

US Treasury hacked: Are China and the US stepping up their cyberwar?

Department of the Treasury calls cyberattack a ‘major incident’, accuses China-backed hackers.

By Sarah Shamim

The United States Department of the Treasury on Monday blamed China for breaching its network and gaining access to information that includes unclassified documents.

Beijing has denied the allegation, calling it “groundless”.

Keep reading

list of 4 items

end of list

The alleged hacking comes weeks after Beijing accused Washington of carrying out two cyberattacks on Chinese technology firms.

With Washington and Beijing trading blame, we assess the history of cyberwarfare between the world’s two largest economies and whether it has intensified.

Who hacked the US Treasury Department?

The US Treasury Department accused Chinese state-sponsored hackers of breaking into its system this month and accessing employee workstations and unclassified documents.

The department said the hackers gained access by overriding a security key used by third-party cybersecurity provider BeyondTrust, which provides technical support remotely to Treasury employees.

The Treasury Department made these details public on Monday in a letter to the US Congress. The attack was caused by “a China-based Advanced Persistent Threat (APT) actor”, the letter said.

The department, however, did not specify the number of workstations compromised, the nature of the files, the exact timeframe of the hack and the confidentiality level of the stations compromised.

On December 8, Treasury was alerted about a hack by BeyondTrust. The BBC reported that BeyondTrust first suspected unusual activity on December 2 but took three days to determine it was hacked.

How did the US Treasury Department respond?

The department said there is no evidence that the hackers still have access to department information and the compromised BeyondTrust has been taken offline.

It is assessing the impact of the hack with the assistance of the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). The hack is being investigated as a “major cybersecurity incident”.

The department’s letter to Congress added that supplemental information about the attack would be sent to US lawmakers in 30 days.

“Over the last four years, Treasury has significantly bolstered its cyber defence, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” a spokesperson for the department said in a separate statement.

How has China responded?

China has denied the department’s accusations, and its Ministry of Foreign Affairs said Beijing condemns all forms of hacker attacks.

“We have stated our position many times regarding such groundless accusations that lack evidence,” ministry spokesperson Mao Ning was quoted as saying by the AFP news agency.

A spokesperson for the Chinese embassy in the US, Liu Pengyu, denied the department’s allegations. “We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber-incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” he said, according to a BBC report.

“The US needs to stop using cybersecurity to smear and slander China and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”

Are the US and China ramping up cyberattacks against each other?

While the US has blamed China for cyberattacks over the years, Beijing has also accused Washington of hacking its critical cyber-infrastructure in recent years.

Here’s a brief timeline of recent cyberattacks claimed by the two nations:

On December 18, China’s National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) released a statement saying two US cyberattacks since May 2023 tried to “steal trade secrets” from Chinese technology firms.

On December 5, US Deputy National Security Adviser Anne Neuberger said a Chinese hacking group called Salt Typhoon had obtained communications of senior US government officials but classified information was not compromised.

A month earlier, on November 13, the FBI and CISA said they had uncovered a broad cyberespionage campaign carried out by China-linked hackers.

The US alleged that the hackers had compromised “private communications of a limited number of individuals”. While it did not specify who these individuals were, they were “primarily involved in government or political activity”, the FBI and CISA said.

Weeks before the US elections in November, the FBI launched an investigation after reports alleged Chinese hackers had targeted mobile phones of President-elect Donald Trump and Vice President-elect JD Vance as well as people associated with Kamala Harris, the Democratic presidential candidate in the race.

In July 2023, US tech giant Microsoft said the China-based hacking group Storm-0558 breached email accounts at about 25 organisations and government agencies. The breached accounts included those belonging to US Department of State staff.

In March, the US and United Kingdom accused China of carrying out a sweeping cyberespionage campaign that allegedly hit millions of people, including lawmakers, journalists and defence contractors. The two countries slapped sanctions on a Chinese company after the incident. A month before, US authorities said they had dismantled a China-sponsored hacker network called Volt Typhoon.

In response, China called the charges “completely fabricated and malicious slanders”.

In March 2022, China said it experienced a series of cyberattacks that mostly traced back to US addresses. Some were also traced back to the Netherlands and Germany, according to CNCERT/CC.

 

Video Duration 3 minutes 57 seconds
  • Now Playing

    Video Duration 03 minutes 57 seconds
    China cyber-attacks: Beijing calls UK & US accusations 'groundless'

    China cyber-attacks: Beijing calls UK & US accusations ‘groundless

Why are cyberattacks launched?

State-sponsored actors are regularly accused of launching cyberattacks against adversaries that range from state institutions to politicians and activists. They aim to gain unauthorised access to confidential data and trade secrets or disrupt economies and critical infrastructure.

Advertisement

“The US and China have had a history of using cyberdefence to further their national security aims,” Rebecca Liao, the Co-Founder and CEO at web3 protocol Saga, told Al Jazeera.

“While espionage against state actors is an accepted practice, the US has protested against China’s rampant cyberattacks against US commercial entities,” said Liao, who was a member of President Joe Biden’s 2020 and Hillary Clinton’s 2016 presidential campaigns, advising on China, technology and Asia economic policy.

“It is obviously not diplomatically wise to build a track record of resorting to espionage. That’s why Beijing has been so swift to deny all allegations.”

With the development of digital technology, cyberattacks are on the rise worldwide, according to the German Institute for International and Security Affairs (SWP). Data from the SWP shows that cyberattacks went up from 107 in 2014 to 723 in 2023.

Cyberattacks are also carried out by individuals or organised groups who want to steal data and money.

How can countries protect themselves from cyberattacks?

The US and China “should spearhead a treaty on the responsible use of the cyberspace”, wrote researchers Asimiyu Olayinka Adenuga and Temitope Emmanuel Abiodun from the Political Science Department at Nigeria’s Tai Solarin University in an article published this year.

They cited the example of the treaties signed between the US and Soviet Union as a result of the Strategic Arms Limitations Talks, SALT I and SALT II, in 1972 and 1979. The two Cold War superpowers signed the treaties to establish US-Soviet stability by limiting their production of nuclear weapons.

In their article, the Tai Solarin researchers added that there is a need for further technological development, particularly in quantum computing, that will make it harder to execute cyberattacks.

Victor Atkins, a fellow with the Indo-Pacific Security Initiative of the US think tank Atlantic Council, wrote in a February article that the US “should launch an expansive new multilateral cyber threat intelligence sharing coalition in the Indo-Pacific” to combat cyberattacks from China.

“A decade ago, there were some suggestions about convening an international body around cybersecurity to come up with standards or codes of conduct that participating nations would abide by,” Liao, the tech expert, said.

“However, none of these efforts have yielded fruit, and it is up to each individual country to protect against cyberattacks.”

Governments currently are working on developing cybersecurity infrastructure such as firewalls to protect themselves from cyberattacks such as hacking.

An article published by the University of Miami added that countries employ other practices to counter cyberthreats. These include testing these cyberthreats in a simulated environment. “Cyber teams constantly undergo training exercises, similar to the military,” the article said.

 

read more
Trustpilot
The rating of livingsafeonline.com at Trustprofile Reviews is 9.1/10 based on 13 reviews.
Verified by MonsterInsights