19 March 2022

CYBER OPERATIONS....Articles of Interest | Bleeping Computer

Intro: We might be getting bombarded by incidents on the ground and in the air, but there's always another dimension and back stories to tell.
Here's one featured headline report -- there are more in the past few days

Google: Chinese state hackers target Ukraine’s government

  • March 18, 2022
  • 09:58 AM
  • 0

China

Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine.

Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group.

"Over the last few weeks Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties," Leonard said.

"While our priority is providing notifications to impacted parties, we've provided related IOCs to community partners, and we will publish more details for the security community in the near future."

The group's head, Shane Huntley, also confirmed Leonard's assessment, saying that "the Ukraine war isn't only attracting interest from European threat actors. China is working hard here too."

This aligns with claims made by the Intrusion Truth, a secretive group known for its work on exposing suspected Chinese hacking operations, on Tuesday saying that it's aware of Chinese threat actors targeting Ukraine, likely at the behest of the Chinese government.

> Intrusion Truth also asked infosec experts to share any indicators or samples linked to Chinese malicious activity in Ukraine via public or anonymous channels.

Chinese state hackers also targeting Europe

Google TAG's report of ongoing Chinese cyber operations in Ukraine follows another warning issued one week ago regarding a Chinese-backed hacking group tracked as APT31 targeting Gmail users affiliated with the US government.

One day earlier, Google security analysts revealed that Russian and Belarusian targeted Ukrainian and European government and military orgs in widespread phishing and DDoS attacks.

"In the last 12 months, TAG has issued hundreds of government-backed attack warnings to Ukrainian users alerting them that they have been the target of government-backed hacking, largely emanating from Russia," said Shane Huntley, Google's TAG lead.

Google added that the Chinese-backed hacking group Mustang Panda (aka Temp.Hex and TA416) has also switched to phishing attacks against European organizations using lures related to the invasion of Ukraine.

The same day, Proofpoint revealed it detected Mustang Panda phishing "European diplomatic entities, including an individual involved in refugee and migrant services."

=============================================================

Related Articles:

Google: Chinese hackers target Gmail users affiliated with US govt

Google: Russia, China, Belarus state hackers target Ukraine, Europe

Ukraine says local govt sites hacked to push fake capitulation news

Microsoft: Ukraine hit with FoxBlade malware hours before invasion

Canada's foreign affairs ministry hacked, some services down

 
LATEST ARTICLES
TrickBot

Microsoft creates tool to scan MikroTik routers for TrickBot infections

The TrickBot trojan has just added one more trick up its sleeve, now using vulnerable IoT (internet of things) devices like modem routers as proxies for its C2 (command and control) server communication.

 

No comments: