The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) says it has identified two major cyber espionage campaigns undertaken by the US cyber spies that hacked Chinese technology companies with the aim to steal trade secrets. In a statement, CNCERT/CC said that advanced materials design and research unit and a large-scale high-tech company focused on intelligent energy and digital information were "suspected of being attacked by a US intelligence agency."
These attacks, aimed at stealing commercial secrets and intellectual property, have had the effect of raising serious concerns over Chinese national cyber security. The intrusion, which lasted for four months from April to August 2024, allowed the US attackers to maintain a persistent presence on the organization’s network for intelligence-gathering purposes.[1]
Several major US organizations in the telecoms sector have been attacked by suspected Chinese nation-state hackers, variously known as Salt Typhoon and Volt Typhoon and would appear that the US has directed its spy agencies to go on the offensive.
- In the case of the advanced material design and research organization, China claims that US attackers exploited a vulnerability in widely used electronic document security management system. According to the CNCERT/CC website “the attackers exploited a vulnerability in a certain electronic document security management system in China to invade the software upgrade management server deployed by the company and delivered control Trojans to more than 270 hosts of the company through the software upgrade service, stealing a large number of commercial secrets and intellectual property of the company.”
- In a second case, dating from May 2023, a leading company in China’s smart energy and digital information sector became a victim of continuous cyber-attacks. Investigation findings indicate that attackers exploited vulnerabilities in Microsoft Exchange servers and used multiple overseas locations to execute their campaign, which enabled them and to take control of the company’s email server, implant backdoor programs, and exfiltrate email data.
According to reports, the US attackers were able to exploit the compromised email server to infiltrate many more additional devices belonging to the company, enabling the attackers to extract a large amount of sensitive commercial data.
These incidents highlight the growing threat of cyber espionage against Chinese technology companies and institutions. CNCERT/CC has urged organizations across the country to strengthen their cyber security measures, apply timely software patches, and adopt robust monitoring to defend against evolving foreign threats.
Jim McKee, CEO Red Sky Alliance Corp. stated, “Following the communist party’s playbook, always blame your adversary for what you are already doing.”
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.cybersecurityintelligence.com/blog/china-complains-about-us-cyber-attacks-8158.html
Comments