Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Firms Say Chinese Hackers Behind US Ransomware Attacks (reuters.com)

Posted by msmash on from the revisiting-old-quarrel dept.

An anonymous reader writes: According to four leading security firms, some of the recent ransomware attacks against U.S. companies have been performed by hacking groups working at the behest of China's government. From the report, "Security firms Attack Research, InGuardians and G-C Partners, said they had separately investigated three other similar ransomware attacks since December. Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China."

40 comments

  1. Go Figure... by Anonymous Coward · · Score: 0

    more shenanigans from the Yellow Peril.

    Now that the Opera browser is being sold to a Chinese tech company with direct ties to the Chinese government, it's all falling apart...

  2. How does this make sense? by xxxJonBoyxxx · · Score: 1

    >> ransomware attacks against U.S. companies

    OK...so they get cash money for being a nuisance.

    >> hacking groups working at the behest of China's government

    But...it's for the communist Chinese government (the evil "ChiComs!!!"), because they what? Hate businesses? Need money? Isn't it more likely that ransom software that delivers money to specific criminals is being used by...mere criminals?

    1. Re:How does this make sense? by valsmithar · · Score: 2

      I'm going to put out a blog post soon to give more detail, but essentially it is private contractors who used to work with the PLA and are now under-employed trying to make money on the side. At least that is my theory.

    2. Re:How does this make sense? by Anonymous Coward · · Score: 0

      >Isn't it more likely that ransom software that delivers money to specific criminals is being used by...mere criminals?

      Yes, and if the Chinese government is involved at all, its because Chinese systems are extremely vulnerable to attack are likely being used as proxies for criminals hackers.

    3. Re:How does this make sense? by valsmithar · · Score: 1

      http://carnal0wnage.attackrese...

    4. Re:How does this make sense? by Tablizer · · Score: 1

      Reminds me of the late 1990's when there were too many unemployed ex-Soviet nuclear engineers, which worried a lot of people. It may be where Kimmy J. got some of his toys. There are certain kinds of specialists a country shouldn't want idle or broke en-mass. Give them a stipend, for goodness sake, or maybe some make-work little projects to keep them busy.

      --
      Table-ized A.I.
    5. Re:How does this make sense? by Nethemas+the+Great · · Score: 1

      A weapon unused can rust. A skill unused can fade away. A samurai unused pines for lost honour

      --
      Two of my imaginary friends reproduced once ... with negative results.
    6. Re:How does this make sense? by ITRambo · · Score: 1

      Yup. You'd think that a communist country would understand socialism better then they do.

    7. Re:How does this make sense? by Anonymous Coward · · Score: 0

      But...it's for the communist Chinese government (the evil "ChiComs!!!"), because they what? Hate businesses? Need money? Isn't it more likely that ransom software that delivers money to specific criminals is being used by...mere criminals?

      The Chinese are good learner. They have picked up crony capitalism, being abusive to the customer and industrial espionage from the US and they are doing it better.
      The only thing Communist with China is their communist red flag that has the same color as Coca Cola and McDonalds.

    8. Re:How does this make sense? by Tablizer · · Score: 1

      In the late 90's, that country had confusionism.

      --
      Table-ized A.I.
  3. I wonder... by Frosty+Piss · · Score: 1

    ...How many of these "security research companies" are little more than one or two guys with a blog?

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:I wonder... by valsmithar · · Score: 2

      That is a valid question, and often the case. In our case however we are 11 full time and another 6 or so part time people. We have a building, and locations in several states. You can, for example, look up our papers published by blackhat, defcon, etc. to see more than just what we post on our blog. Here is one of my old favorites: https://www.defcon.org/images/... I know at least one of the other companies, InGuardians, is roughly similar in size, and many of its people were foundational contributors to things such as SANS. Dell Secureworks is one of the pre-eminent security organizations in the world and are a very large group V.

    2. Re:I wonder... by Scarred+Intellect · · Score: 1

      Hey, wanna start a security and research company?

    3. Re:I wonder... by wardrich86 · · Score: 1

      K. Can we call it compuglobalhypermeganetsecurity?

    4. Re:I wonder... by Scarred+Intellect · · Score: 1

      I was thinking Extensive Firewall Monitoring and Inspection, F....I don't know, was going for EFMI-FU "eff me, eff you"..

    5. Re:I wonder... by Anonymous Coward · · Score: 0

      I was thinking Extensive Firewall Monitoring and Inspection, F....I don't know, was going for EFMI-FU "eff me, eff you"..

      Extensive Firewall Monitoring and Inspection Forensics University.

      Your welcome.

    6. Re:I wonder... by rtb61 · · Score: 1

      So in order to validate the claim the government of China is behind those attacks, you have proof that you obtained via conducting criminal espionage activities in China, in which case good luck with that. The other claim is down to IP address and IP address alone with no idea who or how many are involved or even whether the IP was spoofed. Now to turn that around the US government is guilty of every crime committed by a government employee and the US government should be criminally prosecuted for all those crimes.

      --
      Chaos - everything, everywhere, everywhen
    7. Re:I wonder... by gawdonblue · · Score: 1

      Sorry, accidentally clicked in the wrong spot and caused a down-mod. I'm hoping this post undoes the mod. Apologies if it doesn't.

  4. Consider the source by Anonymous Coward · · Score: 1

    Who benefits most from escalating cyberwarfare/diplomatic tensions in this area?

    Most people don't understand how impossible attribution is in the case of cyber-warfare. It is trivial to include cultural references/grammar patterns from a foreign language in the code to indicate national affiliation(to say nothing of VPN/Tor exit node location).

    The best you can hope for is to infiltrate the attacker PC with a RAT/keylogger and attempt to make conclusions about the nationality of the attacker, but this ignores the simplicity of getting a CIA/KGB/etc. spook to read the news in a foreign language under adopted/stolen ID.

    One can invoke occam's razor and assume the puppet show is "totally legit" but this isn't the type of reasoning that should guide foreign policy. False flag attacks should be assumed in matters of international politics, and "follow the money" is usually the best method of understanding who is behind the specifics of the kabuki theater...

  5. Whoever is responsible, they are fucking agressive by Anonymous Coward · · Score: 1

    I've seen a 30x increase in emails with malicious payloads since the 1st. And that's after blackholes and the usual filtering.

    These are messages that have been dropped for having known malware, or attachments that are blacklisted (Anything executable, many office file types, pass-worded zips, etc)

    I'm pretty close to blacklisting zip files alltogether.

  6. Makes sense. by hey! · · Score: 1

    The poor cybersecurity stance of US firms puts information that is proprietary to their Chinese trading partners as risk, and thus affects the security of the Chinese state. But what can the Chinese government do about that? Call up the US government and say, "Make those clowns get their act together!"? The US government is paralyzed by even bigger clowns.

    So what you do is pick out some of the worst offenders and shake them down. Not for so much money that they go out of business -- they are after al your trading partners -- but for enough that they decide to start running their businesses like grown-ups.

    This has to be one of the most enlightened uses of realpolitik in modern history.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    1. Re:Makes sense. by Anonymous Coward · · Score: 0

      Oh I get it, they're Chinese so it's "enlightened".

      When the US does it, it's "capitalist pig filth" that "undermines the security of all data, and the privacy of citizens everywhere"

    2. Re:Makes sense. by Anonymous Coward · · Score: 0

      Wut?

      They aren't doing this out of some benevolent desire to get US companies to clean up their shit. They're doing it because it's low hanging fruit for making easy money. If they manage to incidentally clean up the US infosec situation, that's an undesirable side-effect, not the motivation. If anything, they are deliberately UNDER-charging for the encryption keys because they don't want people to fix their infrastructure. They just want to bleed them via their laziness.

      This isn't an act of kindness or enlightened self-interest. It's just self-interest.

    3. Re:Makes sense. by hey! · · Score: 1

      Oh I get it,

      evidently not.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  7. Honestly.. by Anonymous Coward · · Score: 0

    Do they NOT get enough money from us from buying everything they make??

  8. Wrong.... by Anonymous Coward · · Score: 1

    So 3 security firms told Reuters that this is the work of Chinese hackers, but for the past 2 years, all other cyber-security firms were saying that ransomware came from Russia. Nice job Reuters... now go back to politics and leave security news to the pros.

  9. Slashdot hate fest by Anonymous Coward · · Score: 0

    Hate Chinese, Russian and former and current communists because they are trying to hack and steal technology.

    Hate India and every other third world country because they are taking our jerbs with H1B.

    Slashdot has turned into a Trumpesque hate fest lately.

    I'm not saying that Chinese, Indians etc are not doing it but to label billions of people under a brush instead of specific violators and people is fostering hate.

    1. Re:Slashdot hate fest by ITRambo · · Score: 1

      Reporting issues and facts is not hate.

    2. Re:Slashdot hate fest by AHuxley · · Score: 1

      The aspect slashdot should have learned about was that any code from any ip could be another ip range and have a different nation as the origin.
      All the classic code review shows is all the expected code fragments, ip ranges and time of day results found point back to "expected" nations and their mil and their govs.
      The idea that smarter coders are just working for other efforts, mils and govs using this surge of reported activity as cover to mask their own efforts stiff seems to be unimaginable.
      Generation of efforts like the Equation Group https://en.wikipedia.org/wiki/... efforts can come from any nation or working groups between govs.
      Strange how the easy public reporting efforts seem to be focused on ransomware while a lot of nations contractors and mil, gov efforts just always slip past.

      --
      Domestic spying is now "Benign Information Gathering"
  10. Although they cannot be positive by Anonymous Coward · · Score: 0

    Good enough for me! Nuke the Chinese!!!

    1. Re:Although they cannot be positive by ITRambo · · Score: 1

      I've seen some stupid AC shit. This one takes the cake. Who'll make your cheap underwear?

  11. WTF? by Anonymous Coward · · Score: 0

    Although they cannot be positive, the companies concluded

    good enuff for me

  12. This is stupid by Anonymous Coward · · Score: 0

    even coming from the stupid propaganda machines in the west. The chinese government doesn't need petty cash from lowly ransom-ware attacks, and it would never lower itself to that level. But of course it's easy to get the average sheep angry and hateful towards the chinese by just posting stupid shit like this.

  13. Where do we go from here? by Anonymous Coward · · Score: 1

    Over the last few years, there's been an absolute ton of progress made on the hacking side of things (especially cryptoware style viruses), and not really any meaningful defensive measures other than "block all attachments." Corporate AV only seems effective a few days after the virus launches, but that's way too slow.

    For example, a client got hit with Feb 16th's locky virus, which managed to get past the firewall AV scanner (Fortigate), the mail server AV scanner (Sophos), the local workstation AV (TrendMicro), and Google's AV scanner (because the email in question was also forwarded to a google business account of mine). That's not very inspiring.

    I'm not really seeing much of anything from the AV guys, other than their research results. I'm starting to run out of things I can lock down on the network, not to mention that's an inherently reactive strategy anyway. And I certainly can't wait around for the government to take China and Russia (and others) to task over it.

    1. Re:Where do we go from here? by nomentanus · · Score: 1

      Well, I'm moving to an air gapped computer, hoping this way of doing it won't be too complex, and might keep things kosher: https://medium.com/@russellirv...

  14. Norse/Gartner 8-ball/Threatbutt confirms by Anonymous Coward · · Score: 0

    Nobody is actually paying attention

  15. Mobile Locksmith Services San Diego by beachcities123 · · Score: 1

    If you feel insecure because of your lock system, please feel free to call us and we will be there to help you feel secured. We render mobile locksmith services for Pacific Beach, Mission Beach and La Jolla efficiently and have gained people’s appreciation.

  16. Proofs? by antdude · · Score: 1

    "... Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China."

    They can't be positive and concluded this? Where are the proofs?

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).