 Chinese hackers 'stole data from Spanish vaccine labs': report Madrid (AFP) Sept 18, 2020 - Chinese hackers have stolen information from Spanish laboratories working on a vaccine for Covid-19, El Pais newspaper reported Friday. The report emerged as drug companies around the world race to produce an effective jab to counter a virus that has now killed more than 940,000 people and infected 30 million. It was not clear what information was taken, when it happened, nor how important it was, with the paper citing sources privy to the attack. Quoted in the article, Spain's secret service chief Paz Esteban said hackers had mounted "a particularly virulent campaign targeting laboratories working on the search for a vaccine" not only in Spain but elsewhere. Speaking to journalists on Thursday, Esteban who heads the CNI intelligence services, said there had been a "qualitative and quantitative" increase in attacks during lockdown, with hackers targeting "sensitive sectors such as healthcare and pharmaceuticals". Such attacks had multiplied in other countries involved in efforts to develop a vaccine, prompting an exchange of information between their respective spy services, she said. Most attacks were carried out by hackers from China and Russia, often from state organisations, but also by criminal organisations and universities who trade in hacked data, security sources said. But the attack in which Spanish data were stolen was launched by Chinese hackers, they said. The CNI was not immediately available to comment on the report. In July, a court in the US state of Washington charged two Chinese nationals with stealing terabytes of data from hundreds of computer systems all over the world, in some cases on behalf of Chinese government agencies. The hacking, which took place over a decade, had more recently involved looking for vulnerabilities in the systems of firms developing Covid-19 vaccines, testing technology, and treatments, the US justice department said. Spain was one of 11 countries named in the indictment as being targeted by the attacks.
|
A global hacking collective known as APT41 has been accused by US authorities of targeting company servers for ransom, compromising government networks and spying on Hong Kong activists.
Seven members of the group -- including five Chinese nationals -- were charged by the US Justice Department on Wednesday.
Some experts say they are tied to the Chinese state, while others speculate money was their only motive. What do we really know about APT41?
- Who are they? -
Five members of the group were expert hackers and current or former employees of Chengdu 404 Network Technology, a company that claimed to provide legitimate "white hat" hacking services to detect vulnerabilities in clients' computer networks.
But the firm's work also included malicious attacks on non-client organisations, according to Justice Department documents.
Chengdu 404 says its partners include a government tech security assessor and Chinese universities.
The other two hackers charged are Malaysian executives at SEA Gamer Mall, a Malaysia-based firm that sells video game currency, power-ups and other in-game items.
- What are they accused of? -
The team allegedly hacked the computers of hundreds of companies and organisations around the world, including healthcare firms, software developers and telecoms and pharmaceutical providers.
The breaches were used to collect identities, hijack systems for ransom, and remotely use thousands of computers to mine for cryptocurrency such as bitcoin.
One target was an anti-poverty non-profit, with the hackers taking over one of its computers and holding the contents hostage using encryption software and demanding payment to unlock it.
The group is also suspected of compromising government networks in India and Vietnam.
In addition it is accused of breaching video game companies to steal in-game items to sell back to gamers, the Justice Department court filings said.
- How did they operate? -
Their arsenal ran the gamut from old-fashioned phishing emails to more sophisticated attacks on software development companies to modify their code, which then allowed them access to clients' computers.
In one case documented by security company FireEye, APT41 sent emails containing malicious software to human resources employees of a target company just three days after the firm recovered from a previous attack by the group.
Wong Ong Hua and Ling Yang Ching, the two Malaysian businessmen, ordered their employees to create thousands of fake video game accounts in order to receive the virtual objects stolen by APT41 before selling them on, the court documents allege.
- Is the Chinese government behind them? -
FireEye says the group's targeting of industries including healthcare, telecoms and news media is "consistent with Chinese national policy priorities".
APT41 collected information on pro-democracy figures in Hong Kong and a Buddhist monk from Tibet -- two places where Beijing has faced political unrest.
One of the hackers, Jiang Lizhi, who worked under the alias "Blackfox", had previously worked for a hacking group that served government agencies and boasted of close connections with China's Ministry of State Security.
But many of the group's activities appear to be motivated by financial gain and personal interest -- with one hacker laughing in chat messages about mass-blackmailing wealthy victims -- and the US indictments did not identify a strong official connection.
- Where are they now? -
The five Chinese hackers remain at large but the two businessmen were arrested in Malaysia on Monday after a sweeping operation by the FBI and private companies including Microsoft to block the hackers from using their online accounts.
The United States is seeking their extradition.
None of the men charged are known to have lived in the US, where some of their targets were located.
They picked targets outside Malaysia and China because they believed law enforcement would not be able to track them down across borders, the court documents said.
tjx/apj/rma/axn
Related Links
Cyberwar - Internet Security News - Systems and Policy Issues
|
|
Tweet |
|
|
|
del.icio.us
Digg
Reddit
Google
