Crypto Firms Become Targets Of Government Backed Chinese Hackers

Best Binary Options Brokers 2020:
  • Binarium
    Binarium

    The Best Binary Options Broker 2020!
    Perfect Choice For Beginners!
    Free Demo Account!
    Free Trading Education!
    Get Your Sing-Up Bonus Now!

  • Binomo
    Binomo

    Only For Experienced Traders!

Zcoin Founder Allegedly Targeted by ‘Government-Backed Attackers’ Over Crypto’s Blockchain

Poramin Insom, the founder of the privacy-centric cryptocurrency Zcoin (XZC) is allegedly being targeted by “government-backed attackers” who are attempting to steal his Google account login credentials, the tech giant has warned.

Zcoin is a cryptocurrency that notably uses zero-knowledge proofs, which allow users to prove ownership of a token without having to reveal which token they owns. The proof-of-work based cryptocurrency is an implementation of the Zerocoin protocol, which “guarantees anonymous transactions.”

Some believe Insom is being targeted for creating the cryptocurrency, after someone added to Zcoin’s blockchain a piece of anti-government content that, given the technology’s nature, cannot be censored.

Via Facebook, Insom shared that Google warned him state-backed attackers were going after him, and advised him to join Google’s Advances Protection Program, created for “users at risk of targeted attacks.”

#Zcoin founder Poramin Insom is apparently being targetted by government-backed hackers. #XZC

While it may be a false alarm, some believe its related to the cryptocurrency’s blockchain having anti-Thai government content pic.twitter.com/NN6pTAjTey

According to crypto news outlet CoinGape, Thailand’s government could be behind the attack. This, as last year a Thai rap collective called “Rap Against Dictatorship” released a single against the country’s authorities that saw Thailand’s deputy national police chief, Srivara Ransibrahmanakul, imply the artists behind it could be prosecuted for sedition.

It notes there were “whispers about the Thai junta leaning on Google to take the video off YouTube,” and shortly after these surfaced, someone used Zcoin’s blockchain to embed a copy of the single in a transaction.

Given Insom created the cryptocurrency, some believe he is now being targeted by the government, presumably as it looks for answers on how it can compromise the cryptocurrency’s blockchain or figure out whether he was behind the transaction.

Google’s warning reads:

“This happens to less than 0.1% of all Gmail users. We can’t reveal what tipped us off because the attackers will take note and change their tactics, but if they are successful at some point they could access your data or take other actions using your account.”

It also notes, however, there’s a chance it’s a false alarm. This would mean the fact Insom created a privacy-centric cryptocurrency and saw the warning are merely a coincidence.

State-Sponsored Chinese Hacking Group Targeting Crypto Firms: Report

Daniel Kuhn

State-Sponsored Chinese Hacking Group Targeting Crypto Firms: Report

A Chinese espionage operator is attacking crypto firms during state-sponsored campaigns, according to a FireEye Threat Intelligence report published August 2.

Best Binary Options Brokers 2020:
  • Binarium
    Binarium

    The Best Binary Options Broker 2020!
    Perfect Choice For Beginners!
    Free Demo Account!
    Free Trading Education!
    Get Your Sing-Up Bonus Now!

  • Binomo
    Binomo

    Only For Experienced Traders!

The intelligence company “assesses with high confidence” that APT41, a hacking collective, has moved on from financially motivated attacks of video game companies to working alongside the Chinese government. The report was first uncovered by CoinTelegraph.

Reportedly, the hacker group “targets industries in a manner generally aligned with China’s Five-Year economic development plans.”

In addition to targeted attacks of healthcare, telecoms, fintech, and film and media companies, evidence suggest APT41 has infiltrated and phished a number of firms operating in the crypto industry.

In June 2020, APT41 sent spear-phishing emails that prompted targets to join a cryptocurrency-denominated decentralized gaming platform to game studios.

The same month, a crypto exchange was targeted by the same email address, reportedly operated by one Tom Giardino.

Furthermore, in at least one instance, the hacking group deployed malicious code that uploads a monero mining bot on a target’s computer, in what is developing into a common form of cyber extortion.

Hacker photo via Shutterstock

Read more about.

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

UK think tanks hacked by groups in China, cyber-security firm says

Share this with

These are external links and will open in a new window

These are external links and will open in a new window

Close share panel

Some UK think tanks were hacked by China-based groups last year, a US cyber-security company which said it investigated the breaches has claimed.

Crowdstrike said it saw the repeated targeting of think tanks specialising in international security and defence issues, beginning in April 2020.

The BBC understands that not all of the UK think tanks targeted were breached.

A number of think tanks contacted by the BBC declined to comment – although Crowdstrike said it was called in by some to respond to hack attacks.

It attributes the attacks to groups they call “Panda”, which Crowdstrike said are based in China and linked to the Chinese state.

Crowdstrike said Chinese cyber activity increased in 2020 across the world after a relative lull, most likely when cyber actors focused more on domestic issues.

Previously, the California-based group was asked by the Democratic National Committee to investigate US election hacking in the spring of 2020.

‘Very influential’

Globally, law firms, universities and technology companies were targeted in the early summer of 2020 – while in the UK think tanks were hit.

Dmitri Alperovitch, Crowdstrike’s co-founder and chief technology officer, told the BBC that a number of think tanks that work on Chinese policy were targeted “very aggressively”.

He said those behind the attacks were trying to steal reports – but also any information about connections to government.

“They do believe the think tanks are very influential both in the US and UK,” he said.

“They believe that they may have access to information which is not public.

“In some cases [that] can be true, because you do have a lot of informal channels that these think tank people will have with government officials.”

The company’s global threat report for 2020 also stated that cyber attackers “stole data after targeting executives and research fellows”.

According to a copy of the report provided to the BBC, the victims included “researchers specializing in nuclear policy and the South China Sea, as well as event coordinators responsible for planning an annual security forum.”

The UK’s focus on increasing trade with China could also be a motivation, Mr Alperovitch said.

“The UK government is trying to forge closer ties with China in terms of trade,” he said.

“That’s always of interest to the Chinese government, particularly when the US government is taking a hard line.”

He added: “They have been very successful at compromising these organisations.”

Mr Alperovitch said Crowdstrike would be brought in after an attack to help investigate, “clean up” and protect the organisations going forward.

The company said that even after the Chinese hackers were kicked out, they would try to get back in.

In its report, Crowdstrike said in October 2020 its team noticed a change in tactics – when a Chinese group installed a particular piece of malware on the network of one of the think tanks targeted.

One day later, the same behaviour was observed at a second think tank.

The infrastructure used in the attack was also similar to that used to target a southeast Asian telecommunications company around the same time, Crowdstrike said.

The company described the attempts to target victims in different countries and industries, as well as re-using different tools, as “pervasive and brash”.

Chinese State-Sponsored Hackers Intercept Text Messages Worldwide: Cyber Report

U.S.-based cybersecurity firm FireEye revealed that a state-backed Chinese hacker group APT41 has compromised several major telecom firms and retrieved call records from the carriers’ customers whom they deemed as targets, intercepting text messages as well as call records worldwide.

The report did not name the telecom companies. The hackers searched call and text records for specific keywords, including the names of “high-value” targets such as the names of politicians, intelligence organizations, and political movements “at odds with the Chinese government,” according to the report.

This is not the first time that Chinese state-sponsored hackers were reported to have intercepted international cell phone text messages. U.S.-based cybersecurity firm Cybereason released a report on Jun. 25, discussing how hacker group APT10 conducted persistent attacks since 2020 on global telecommunications providers. Cybereason concluded that APT10 operates “on behalf of the Chinese Ministry of State Security,” China’s chief intelligence agency. They were to obtain call detail records (CDR), which includes call time, duration, the involved phone numbers, and geolocation.

MESSAGETAP

FireEye published its study on text message security on Oct. 31, focusing on a new tool that APT41 is using: a malware named MESSAGETAP, to intercept people’s text messages worldwide.

Text messages are also called short message service (SMS) messages, referring to the plain word messages that are sent and received by cellphones.

The report explained that APT41 hackers installed MESSAGETAP on the Short Message Service Center (SMSC) servers of the targeted telecom carriers. The malware can then monitor all network connections to and from the server.

MESSAGETAP can intercept all SMS messaging traffic, which includes the content of the messages; their cellphones’ unique identifiers, known as international mobile subscriber identity (IMSI) number; and the source and destination phone numbers.

Furthermore, the hackers can set up keywords in MESSAGETAP, allowing the malware to filter the content that the hackers are looking for.

During the investigation, FireEye found out that hackers searched keywords such as the names of “foreign high-ranking individuals of interest to the Chinese intelligence services,” as well as political leaders, military and intelligence organizations, and political movements.

FireEye said they observed four telecommunication organizations being targeted by APT41 in 2020.

APT41’s Targets

FireEye previously released a full report on APT41 in August, titled “Double Dragon: APT41, a dual espionage and cyber crime operation.”

“Double” refers to the fact that “APT41 is a Chinese state-sponsored espionage group that is also conducting financially motivated activity for personal gain,” since 2020. It did not provide further details about who has hired APT41’s services.

One particular pattern emerged: “APT41 targets industries in a manner generally aligned with China’s Five-Year economic development plans” and Beijing’s ten-year’s plan “Made in China 2025,” according to the report.

The hacker group also gathers intelligence ahead of important events, such as mergers and acquisitions (M&A) and political events.

“Made in China 2025,” first launched in 2020, is an economic blueprint for China to become the dominant manufacturing nation in the world in 10 key high-technology verticals, such as pharmaceuticals, artificial intelligence, and robotics.

APT41 targets healthcare (including medical devices and diagnostics), pharmaceuticals, retail, software companies, telecoms, travel services, education, video games, and virtual currencies, according to the report.

APT41 has targeted firms in those sectors located in the United States, UK, France, Italy, Holland, Switzerland, Turkey, Japan, South Korea, Singapore, India, Myanmar, Thailand, and South Africa.

Purpose and Tools

FireEye found out that APT41 focused on stealing intellectual property from those targeted countries. But beginning in mid-2020, the hackers “have moved toward strategic intelligence collection and establishing access and away from direct intellectual property theft.”

The hacker group uses “over 46 different malware families and tools to accomplish their missions, including publicly available utilities, malware shared with other Chinese espionage operations, and tools unique to the group,” the report said.

In order for a firm to protect itself from potential attacks from APT41, FireEye warned firms not to open unfamiliar emails: “The group often relies on spear-phishing emails with attachments such as compiled HTML (.chm) files to initially compromise their victims.”

Best Binary Options Brokers 2020:
  • Binarium
    Binarium

    The Best Binary Options Broker 2020!
    Perfect Choice For Beginners!
    Free Demo Account!
    Free Trading Education!
    Get Your Sing-Up Bonus Now!

  • Binomo
    Binomo

    Only For Experienced Traders!

Like this post? Please share to your friends:
Binary Options Trading For Beginners
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: