FlowerStorm Targets Microsoft 365, Set to Replace Rockstar2FA

The Chinese National Computer Network Emergency Response Technical Team/Coordination Centre accused the U.S. of launching cyberattacks. In August 2023, U.S. intelligence agencies allegedly exploited a vulnerability in an electronic document security management system to compromise a research unit’s server. 

A Trojan horse virus was subsequently deployed via a software upgrade service, infecting over 270 hosts and exfiltrating trade secrets. In May 2023, another attack leveraged a Microsoft Exchange Server vulnerability to infiltrate the email server of a smart energy and digital information company.

The National Computer Emergency Response Team (or equivalent) coordinated with various entities to address 146 network security incidents, 92 of which were cross-border. 

Attackers exploited vulnerabilities in the company’s server, compromising email data and gaining control of over 30 devices, which facilitated the theft of commercial secrets. 

2,950 data security breaches were identified, and advisories were issued regarding vulnerabilities in Adobe Illustrator, Android, IBM Cognos Controller, and Apache NimBLE.

The US government has initiated an investigation into TP-Link, a Chinese router manufacturer, following reports of Chinese cyberattacks exploiting vulnerabilities in their devices. 

It follows a broader US crackdown on Chinese technology companies suspected of posing security risks, as the US alleges a recent Chinese hacking campaign compromised at least eight US telecom firms and impacted numerous countries.

China vehemently denies these accusations, countering with claims of US-led cyberattacks, citing evidence of CIA-developed Trojan programs and attack platforms, highlighting the escalating tensions between the two nations, with both sides accusing the other of malicious cyber activities.

New Zealand, alongside Australia, Canada, and the US, issued an advisory this week warning of a significant cyber espionage campaign conducted by Chinese-affiliated threat actors, which compromised major global telecommunications providers’ networks to gain broad access. 

It provides guidance to network engineers and defenders to enhance network security against these threats, focusing on identifying anomalous behavior, mitigating vulnerabilities, and improving secure configurations to limit potential entry points for malicious actors.

The Chinese embassy in New Zealand accused the US of conducting malicious cyber activities, including: 

1) utilizing advanced techniques to falsely attribute cyberattacks to other nations, potentially by “inserting strings in other languages,” such as Chinese, to manipulate source tracing; 

2) exploiting its dominance over undersea fiber-optic cables for large-scale global surveillance and espionage, even targeting allies; and 

3) conducting online campaigns to malign other countries. 

The embassy voiced its support for international collaboration in the fight against cybercrime, putting an emphasis on dialogue and mutual respect.

According to SCMP, cyber espionage campaigns, attributed to Chinese state-sponsored actors such as APT40, have targeted critical infrastructure in Western countries. The US identified a broad campaign compromising telecommunications companies to steal customer data. 

New Zealand confirmed APT40’s involvement in a 2021 operation targeting its parliament, while Australia’s cyber intelligence agency also warned of ongoing threats from APT40, highlighting their active targeting of Australian and regional networks.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here