Conversation

Notices

Embed this notice
Nonilex (nonilex@masto.ai)'s status on Tuesday, 27-Aug-2024 23:36:39 JST Nonilex

#China government #hackers penetrate #US #internet providers to #spy
 Beijing’s hacking effort has “dramatically stepped up from where it used to be,” says fmr top US #cybersecurity ofcl.  #Chinese govt-backed hackers have penetrated deep into US ISPs in recent months to spy on their #users. 
The unusually aggressive & sophisticated attacks include access to ≥2 major providers w/millions of customers as well as several smaller providers.
#InfoSec #security #geopolitics
https://www.washingtonpost.com/technology/2024/08/27/chinese-government-hackers-penetrate-us-internet-providers-spy/
In conversation Tuesday, 27-Aug-2024 23:36:39 JST from masto.ai permalink
Attachments
1. Untitled attachment
- HistoPol (#HP) 🏴 🇺🇸 🏴 repeated this.
- Embed this notice
  Nonilex (nonilex@masto.ai)'s status on Tuesday, 27-Aug-2024 23:37:00 JST Nonilex
  in reply to
  
  “It is business as usual now for #China, but that is dramatically stepped up from where it used to be. It is an order of magnitude worse,” said Brandon Wales, who until earlier this month was executive director of the #Cybersecurity & Infrastructure #Security Agency, #CISA. 
  The #hacks raise concern because their targets are believed to include #government & #military personnel working #undercover & groups of strategic interest to China.
  #InfoSec #espionage #ISP #Internet #tech #geopolitics
  
  In conversation Tuesday, 27-Aug-2024 23:37:00 JST permalink
- Embed this notice
  Nonilex (nonilex@masto.ai)'s status on Tuesday, 27-Aug-2024 23:38:04 JST Nonilex
  in reply to
  
  #Lumen researchers said they had identified 3 US ISPs that had been hacked this summer, one of them large, along w/another #US company & 1 in #India.
   In a blog made public Tues, Lumen said the #hackers used a previously unknown vulnerability, known as a #ZeroDay flaw, in a program made by #VersaNetworks for managing wide-area networks. #Versa acknowledged the critical vulnerability late last week, warning only its direct customers. 
  #InfoSec #security #China #geopolitics
  https://blog.lumen.com/taking-the-crossroads-the-versa-director-zero-day-exploitation/
  In conversation Tuesday, 27-Aug-2024 23:38:04 JST permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: blog.lumen.com
    
    Taking the Crossroads: The Versa Director Zero-Day Exploitation - Lumen
    
    from Black Lotus Labs
    
    BLL discovered an active 0day exploit in a popular SD-WAN device that is used by many ISPs, we attribute this to Volt Typhoon based on TTPs and some of their router control network
- Embed this notice
  Nonilex (nonilex@masto.ai)'s status on Tuesday, 27-Aug-2024 23:38:05 JST Nonilex
  in reply to
  
  “This is privileged, high-level connectivity to interesting customers,” said Mike Horka, a researcher at Lumen Technologies & a fmr #FBI agent. It was notable, he added, that the groups considered the effort important enough to exploit previously undiscovered #software flaws that could have been preserved for later use.
  #InfoSec #espionage #ISP #Internet #tech #cybersecurity #security #China #US #geopolitics
  
  In conversation Tuesday, 27-Aug-2024 23:38:05 JST permalink
- Embed this notice
  Nonilex (nonilex@masto.ai)'s status on Tuesday, 27-Aug-2024 23:38:05 JST Nonilex
  in reply to
  
  Though there is no evidence that the new inroads are aimed at anything other than gathering #intelligence, some of the techniques & resources employed are associated w/those used in the past year by a #China-backed group known as #VoltTyphoon…. #US intelligence ofcls said that group sought access to equipment at Pacific #ports & other #infrastructure to enable China to sow #panic & #disrupt America’s ability to move #troops, #weaponry & supplies to #Taiwan if armed conflict breaks out.
  #security
  
  In conversation Tuesday, 27-Aug-2024 23:38:05 JST permalink
  
  HistoPol (#HP) 🏴 🇺🇸 🏴 repeated this.
- Embed this notice
  Nonilex (nonilex@masto.ai)'s status on Tuesday, 27-Aug-2024 23:39:00 JST Nonilex
  in reply to
  
  #DNS manipulation is something of a specialty among Chinese govt #hacking groups. A mysterious campaign identified earlier this year by #security experts at #Infoblox & attributed to #China involved using the so-called Great #Firewall of China, which normally misdirects people on the mainland trying to reach restricted services or content.
  #InfoSec #espionage #ISP #Internet #tech #cybersecurity #US #geopolitics
  
  In conversation Tuesday, 27-Aug-2024 23:39:00 JST permalink
- Embed this notice
  Nonilex (nonilex@masto.ai)'s status on Tuesday, 27-Aug-2024 23:39:02 JST Nonilex
  in reply to
  
  In a separate report earlier this month, #security company #Volexity said it had found another high-end technique in play at a different, unnamed #ISP. In that case, it said a Chinese state #hacking group distinct from #VoltTyphoon was able to get far enough inside the service provider to alter #DNS web addresses that users were trying to reach & divert them elsewhere, allowing the #hackers to insert #backdoors for #espionage.
   #InfoSec #Internet #tech #cybersecurity #China #US #geopolitics
  
  In conversation Tuesday, 27-Aug-2024 23:39:02 JST permalink
  
  HistoPol (#HP) 🏴 🇺🇸 🏴 repeated this.
- Embed this notice
  Nonilex (nonilex@masto.ai)'s status on Tuesday, 27-Aug-2024 23:39:03 JST Nonilex
  in reply to
  
  On Mon, the Santa Clara, CA-based company published a blog post about the problem, saying that it had issued a patch & that “impacted customers failed to implement system hardening & #firewall guidelines.”
  #Lumen wrote that it located #malware inside #ISP routers serving certain groups or individual customers that could intercept passwords from those customers. Lumen said it believed the malicious #software was being used by #VoltTyphoon.
  #InfoSec #espionage #security #China #US #geopolitics
  
  In conversation Tuesday, 27-Aug-2024 23:39:03 JST permalink
  
  Mr. Bill repeated this.

Public

Conversation

Notices

Feeds