China-linked group uses malware to try to spy on commercial shipping, new report says

May 14, 2024
2,583 Views

The cyber espionage group known as Mustang Panda introduced malware over the past five months to gain remote access to “computer systems belonging to cargo shipping companies based in Norway, Greece, and the Netherlands, including some that appeared to be aboard the cargo ships themselves,” according to the Slovakia-based cyber security firm ESET.

The report came as top U.K. and U.S. officials on Tuesday warned of a growing cybersecurity threat from China, particularly to critical infrastructure.

According to the report, Mustang Panda, which has been accused of carrying out espionage against governments and other organizations across Asia and more recently in Europe, has used similar malware tools in previous spying campaigns. The “remote access trojan” type of malware allows an attacker to gain full access to a device and issue commands, after breaking in through an email, a malicious website, vulnerable software or an unprotected machine.

It was the first time evidence had emerged that a China-linked cyber espionage group was focusing on commercial shipping, researchers said.

“We haven’t seen this in the past,” said Robert Lipovsky, principal threat intelligence researcher at ESET. “It shows a clear interest in this sector. This was not a single occurrence. These were several distinct attacks at different, unrelated organizations,” he said.

It was unclear if the cyber spying effort included the use of USB devices physically planted at the companies or on ships, he said.

At a cybersecurity conference Tuesday in the United Kingdom, British and U.S. officials described a mounting danger from Chinese cyber espionage and hacking.

China is the single biggest area of focus right now,” a British cybersecurity official told reporters on the sidelines of the conference in Birmingham organized by the U.K. government.

In a speech at the conference, the head of GCHQ, the U.K.’s cyber intelligence agency, said that although Russia and Iran posed immediate threats, China remains “the ‘epoch-defining’ challenge” and presented a risk for the security of the internet and the international order.

“China has built an advanced set of cyber capabilities and is taking advantage of a growing commercial ecosystem of hacking outfits and data brokers at its disposal,” Anne Keast-Butler said. “China poses a genuine and increasing cyber risk to the U.K.”

In a speech at the same conference, Harry Coker, White House national cyber director, said China’s cyber spying meant that Beijing had the ability to disrupt and damage America’s civilian infrastructure.

“In a crisis or conflict scenario, China could use their pre-positioned cyber capabilities to wreak havoc in civilian infrastructure and deter U.S. military action,” Coker said.

The Biden administration has accused China of carrying out a massive espionage effort known as “Volt Typhoon” that penetrated an array of critical infrastructure.

China has rejected accusations from the U.S., Britain and other governments that it is carrying out cyber espionage, cyberattacks or intellectual property theft. On Tuesday, Chinese Foreign Ministry spokesperson Wang Wenbin said the U.K. has repeatedly hyped allegations about Chinese cyber activities.

British and U.S. officials at the conference said China’s cyber tactics increasingly have shifted from trying to steal intellectual property or foreign intelligence to gaining stealthy access to critical utilities or other infrastructure organizations, using it as a potential leverage in a crisis.

China has “moved on” from intellectual property theft, Natalie Pittore of the National Security Agency said at a conference panel discussion.

“It’s increasingly what appears to be a pre-positioning (inside infrastructure) to have an effect,” said Pittore, the NSA’s cybersecurity liaison to the U.K.

“They’re not in there actively stealing information the way you would with foreign intelligence access, or even IP theft,” she said. “Instead, what we observed from these Chinese APTs (advanced pervasive threats) is that they will get in, they will get a level of control and even more so the level of ability to control a network, and they go very quiet.”


Source link

You may be interested

Carol Vorderman’s leather skirt high street alternatives
Fashion
shares3,901 views
Fashion
shares3,901 views

Carol Vorderman’s leather skirt high street alternatives

new admin - May 21, 2024

[ad_1] Carol Vorderman recently wowed her Instagram followers in an outfit consisting of a long-sleeve top and leather pencil skirt…

Growing number of travelers bringing guns to airports, TSA says
Top Stories
shares2,192 views
Top Stories
shares2,192 views

Growing number of travelers bringing guns to airports, TSA says

new admin - May 21, 2024

Growing number of travelers bringing guns to airports, TSA says - CBS News Watch CBS News The TSA expects nearly…

Horoscopes today – Russell Grant's star sign forecast for Tuesday, May 21
Lifestyle
shares2,988 views
Lifestyle
shares2,988 views

Horoscopes today – Russell Grant's star sign forecast for Tuesday, May 21

new admin - May 21, 2024

TODAY'S horoscope has one star sign having to deal with a spot of jealousy, while another is dealing with money…