エピソード

  • Digital Dragons Gone Wild: China's Cyber Scandals and US Clap Backs!
    2024/12/21
    This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

    Hey there, I'm Ting, and welcome to Digital Dragon Watch, your weekly dose of China cyber alerts. Let's dive right in because the past few days have been anything but quiet.

    First off, a Chinese cybersecurity body, the National Computer Network Emergency Response Technical Team/Coordination Centre of China, has accused the United States of hacking and stealing business secrets from a research centre. This includes an advanced material design research unit targeted since August and another attack in May 2023, where a breach in Microsoft Exchange software was used to invade the email server of a large hi-tech enterprise specializing in smart energy and digital information[1].

    But let's not forget, the US has been on high alert too. The Treasury Department recently sanctioned a Chinese cybersecurity company, Sichuan Silence Information Technology Company, Limited, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide, including many US critical infrastructure companies[4].

    Meanwhile, the House Homeland Security Committee Republicans introduced legislation to combat growing cyber threats from the Chinese Communist Party (CCP) against US critical infrastructure. This bill aims to establish an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to address these threats, including those posed by state-sponsored cyber actors like 'Volt Typhoon'[2].

    Speaking of Volt Typhoon, CISA, the National Security Agency (NSA), and the FBI have confirmed that these PRC state-sponsored cyber actors have compromised the IT environments of multiple critical infrastructure organizations, primarily in the Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors[5].

    So, what can you do to protect yourself? CISA recommends staying vigilant and using tools like the CyberSentry Program for threat detection and monitoring. It's also crucial to be aware of techniques like "living off the land," where cyber actors abuse tools already present in the environment to maintain anonymity.

    In summary, the past week has seen significant China-related cybersecurity incidents, from accusations of US hacking to sanctions against Chinese cyber actors and legislative efforts to combat these threats. Stay safe out there, and keep your digital dragons at bay. That's all for now. Stay tuned for more updates from Digital Dragon Watch.

    For more http://www.quietplease.ai


    Get the best deals https://amzn.to/3ODvOta
    続きを読む 一部表示
    3 分
  • Biden Strikes Back: China Telecom Targeted in Cyber Showdown!
    2024/12/19
    This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

    Hey there, I'm Ting, and welcome to Digital Dragon Watch, your weekly China cyber alert. Let's dive right in because the past few days have been anything but quiet.

    Just yesterday, the Biden administration took a significant step against China, retaliating for the sweeping hack of U.S. telecommunications companies earlier this year. The Commerce Department issued a notice to China Telecom Americas, alleging that its presence in American telecom networks and cloud services poses a national security risk[3]. This move is a direct response to the China-backed hacking group known as Salt Typhoon, which penetrated the networks of numerous companies including Verizon, AT&T, and Lumen Technologies.

    But that's not all. The House Homeland Security Committee Republicans recently introduced legislation to combat growing cyber threats from the Chinese Communist Party (CCP) against our critical infrastructure. Representative Laurel Lee introduced the "Strengthening Cyber Resilience Against State-Sponsored Threats Act," which aims to establish an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to address these threats[1].

    CISA has been at the forefront of this battle, working to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against Chinese State-Sponsored cybersecurity risks. They've confirmed that PRC state-sponsored cyber actors known as Volt Typhoon have compromised the IT environments of multiple critical infrastructure organizations, primarily in the Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors[5].

    So, what can you do to protect yourself? First, stay informed. CISA's CyberSentry Program provides persistent visibility into adversary activity targeting critical infrastructure networks and can drive urgent mitigation where activity is identified. Second, focus on defending against "living off the land" techniques used by cyber actors to maintain anonymity within IT infrastructure by abusing tools already present in the environment.

    In the words of CISA Director Easterly, who testified before the House Select Committee on the CCP, it's crucial to take proactive measures against these threats. And as Rep. Mike Waltz, designated by President-elect Trump to be national security adviser, put it, "We need to start going on offense and start imposing higher costs and consequences to private actors and nation state actors that continue to steal our data, that continue to spy on us."

    That's all for today, folks. Stay vigilant, and until next time, keep your digital dragons at bay.

    For more http://www.quietplease.ai


    Get the best deals https://amzn.to/3ODvOta
    続きを読む 一部表示
    3 分
  • Exposed! China's Cyber Spy Ring Targets US Firms & SE Asia in Massive Hacking Spree - Congress Fights Back!
    2024/12/17
    This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

    Hey there, I'm Ting, and welcome to Digital Dragon Watch, your weekly China cyber alert. Let's dive right into the latest updates from the past seven days.

    First off, a significant U.S. organization with a substantial presence in China was targeted by a China-based threat actor earlier this year. According to Symantec researchers, the attack, which began in April 2024 and continued until August 2024, involved lateral movement across the organization's network, compromising multiple computers, including Exchange Servers. This suggests the attackers were gathering intelligence by harvesting emails and deploying exfiltration tools to steal targeted data[1].

    In response to such growing threats, the U.S. House of Representatives unanimously approved the "Strengthening Cyber Resilience Against State-Sponsored Threats Act" on December 11, 2024. This legislation, introduced by Representatives Laurel Lee, Mark E. Green, and John Moolenaar, aims to enhance cyber resilience against state-sponsored threats, particularly those posed by the Chinese Communist Party (CCP). The bill establishes an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to address these threats and requires annual classified reports and briefings to Congress for five years[2][5].

    Furthermore, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Sichuan Silence Information Technology Company, Limited, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide, including those of U.S. critical infrastructure companies[4].

    In other news, researchers uncovered espionage tactics used by China-based APT groups in Southeast Asia, involving advanced tools like PlugX and reverse proxies. Additionally, the Chinese surveillance tool EagleMsgSpy was found to have been exploiting mobile devices for data collection since 2017[3].

    To protect against these threats, experts recommend a focused, coordinated, and whole-of-government response. Chairman Green emphasized the need for a comprehensive approach, stating, "The threat actor 'Volt Typhoon' remained undetected and undeterred in our networks for far too long. The discovery of the new actor 'Flax Typhoon' further demonstrates the CCP's unabashed commitment to infiltrating our critical infrastructure."

    In conclusion, the past week has seen significant developments in China-related cybersecurity incidents and defensive measures. It's crucial for organizations to stay vigilant and implement robust security measures to counter these evolving threats. Stay safe, and we'll catch you in the next update.

    For more http://www.quietplease.ai


    Get the best deals https://amzn.to/3ODvOta
    続きを読む 一部表示
    3 分
  • Sichuan Silence Sanctioned: China's Zero-Day Exploits Exposed | Salt Typhoon Still Lurking in US Telecoms
    2024/12/16
    This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

    Hey there, I'm Ting, and welcome to Digital Dragon Watch, your weekly China cyber alert. Let's dive right into the latest threats and defensive measures from the past 7 days.

    First off, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence Information Technology Company, Limited, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Guan discovered a zero-day exploit in a firewall product and used it to deploy malware to approximately 81,000 firewalls owned by thousands of businesses globally. The purpose was to steal data, including usernames and passwords, and even attempted to infect systems with the Ragnarok ransomware variant.

    Meanwhile, the U.S. House of Representatives has unanimously approved the Strengthening Cyber Resilience Against State-Sponsored Threats Act, aimed at enhancing cyber resilience against Chinese state-sponsored threats. This legislation, introduced by Representatives Laurel Lee, Mark E. Green, and John Moolenaar, establishes an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to tackle extensive cybersecurity threats posed by state-sponsored cyber actors linked to the People's Republic of China (PRC).

    The FBI and CISA have also issued a warning that Chinese hackers, known as Salt Typhoon, are still lurking in U.S. telecom systems. This group deeply penetrated multiple telecom companies, stealing vast amounts of data on communication patterns and even intercepting audio and text. The agencies have published guidance to help engineers and network defenders identify and remove these threat actors.

    In other news, researchers have uncovered espionage tactics of China-based APT groups in Southeast Asia, using advanced tools like PlugX and reverse proxies. Additionally, the Chinese surveillance tool EagleMsgSpy has been found exploiting mobile devices since 2017.

    To protect against these threats, experts recommend a proactive approach to cybersecurity. This includes regularly updating software, using robust firewalls, and implementing advanced threat detection systems. It's also crucial to stay informed about the latest attack vectors and targeted sectors.

    In conclusion, the past week has seen significant China-related cybersecurity incidents, from the sanctioning of Sichuan Silence to the ongoing presence of Salt Typhoon in U.S. telecom systems. Stay vigilant, and remember, in the world of cybersecurity, knowledge is power. That's all for now. Stay safe out there.

    For more http://www.quietplease.ai


    Get the best deals https://amzn.to/3ODvOta
    続きを読む 一部表示
    3 分
  • Scandalous! China's Cyber Shenanigans Exposed: U.S. Fires Back with New Task Force and Sanctions
    2024/12/13
    This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

    Hey there, I'm Ting, and welcome to Digital Dragon Watch, your weekly dose of China cyber alerts. Let's dive right in because the past few days have been anything but quiet.

    First off, a large U.S. organization with a significant presence in China was targeted by hackers earlier this year. According to Symantec researchers, this attack was likely carried out by a China-based threat actor, given the tools used were previously associated with Chinese attackers. The attackers moved laterally across the organization's network, compromising multiple computers, including Exchange Servers, to gather intelligence by harvesting emails. They also deployed exfiltration tools to steal targeted data[1].

    But that's not all. The U.S. House of Representatives just passed the "Strengthening Cyber Resilience Against State-Sponsored Threats Act" to bolster cyber defenses against Chinese state-sponsored threats. This legislation, introduced by Representatives Laurel Lee, Mark E. Green, and John Moolenaar, aims to establish an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to tackle these threats. The task force will provide a classified report and briefing to Congress annually for five years on its findings, conclusions, and recommendations relating to malicious Chinese cyber activity[2][5].

    Meanwhile, the Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned Sichuan Silence Information Technology Company, Limited, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Guan used a zero-day exploit to deploy malware to approximately 81,000 firewalls, attempting to steal data and infect systems with the Ragnarok ransomware variant[4].

    So, what does this mean for you? Here are some expert recommendations for protection:

    - **Stay Vigilant**: Regularly update and patch your systems to prevent exploitation of known vulnerabilities.
    - **Network Monitoring**: Implement robust network monitoring to detect and respond to lateral movement and data exfiltration attempts.
    - **Employee Training**: Educate employees on phishing and social engineering tactics to prevent initial breaches.
    - **Collaboration**: Encourage interagency and intersectoral collaboration to share threat intelligence and best practices.

    In conclusion, the past week has seen significant China-related cybersecurity incidents and defensive measures. From targeted attacks on U.S. organizations to legislative efforts to bolster cyber resilience, it's clear that vigilance and cooperation are key to protecting against these threats. Stay safe out there, and I'll catch you next time on Digital Dragon Watch.

    For more http://www.quietplease.ai


    Get the best deals https://amzn.to/3ODvOta
    続きを読む 一部表示
    3 分