Cyber Warfare

Flashpoint linguists think the authors of WannaCry were native Chinese speakers

Taiwan News
Date: 2017/05/27
By: Keoni Everington, Taiwan News, Staff Writer

TAIPEI (Taiwan News) — Linguists at the dark web intelligence firm Flashpoint say the

Image of Chinese language ransom note sent by WannaCry malware. (Image from Kaspersky Lab)

Mandarin Chinese version of the ransom message sent by the WannaCry malware program was the only one composed by native speakers, indicating that it may have been made in China, not North Korea as previously suspected by antivirus company Symantec.

Flashpoint’s linguists analyzed ransom notes generated by WannaCry in 28 languages from Bulgarian to Vietnamese, and found that all had been generated by Google Translate, with the exception of English and Simplified and Traditional Chinese. However, the English message had grammatical errors indicating it was written by a non-native English speaker.

The Chinese messages, on the other hand, were composed at a native level and differed substantially from the other notes (including the English version) in content, format, tone, and length.

There are a number telltale traits in the ransom note that correspond to a native Chinese speaker. The typo “帮组” (bangzu) instead of “帮助” (bangzhu) meaning “help,” indicates that it was written with a Chinese-language input system that possibly involved keying in the mainland Chinese romanization system Pinyin, as the typo appears to result from failing to input the letter “h.”    [FULL  STORY]

A private industry IT security firm tells Fox News that personal data stolen over the span of several high-profile U.S. cyber breaches is being indexed by China’s intelligence service into a massive Facebook-like network.

According to CrowdStrike founder Dmitri Alperovitch, Chinese hackers are using information gained from the breaches of the U.S. Office of Personnel Management, as well as intrusions into the Anthem and CareFirst BlueCross BlueShield health insurance networks, to build a complete profile of federal employees in what the company calls a “Facebook of Everything.”

“That can now be used to embarrass you publicly and force you to work for the Chinese government,” Alperovitch told Fox News. “It’s, in effect, a private version of Facebook with much more detail about your life than even Facebook has that the Chinese now have access to.” Current and former intelligence officials echoed the assessment.     [FULL  STORY]

NBC News
Date: Sep 11 2015,
By: Reuters

China reacted angrily on Friday following a call by America’s top intelligence official for cyber security Clipboard01against China to be stepped up, and said the United States should stop “groundless accusations.”

Director of National Intelligence James Clapper said the United States must beef up cyber security against Chinese hackers targeting a range of U.S. interests to raise the cost to China of engaging in such activities. Clapper’s testimony adds pressure on Beijing over its conduct in cyberspace weeks before President Xi Jinping visits the United States.

China routinely denies any involvement in hacking and says it is also a victim.

“Maintaining cyber security should be a point of cooperation rather than a source of friction between both China and the United States,” Chinese Foreign Ministry spokesman Hong Lei told a daily news briefing.

“We hope that the U.S. stops its groundless attacks against China, start dialogue based on a foundation of mutual respect, and jointly build a cyberspace that is peaceful, secure, open and cooperative.”

The Obama administration is considering targeted sanctions against Chinese individuals and companies for cyber attacks against U.S. commercial targets, several U.S. officials have said.     [FULL  STORY]

Date: Jun 21, 2015
By: Jeremy Wagstaff

Security researchers have many names for the hacking group that is one of the suspects for the cyberattack

A sign marks the entrance to RSA's facility in Bedford, Massachusetts, in this March 28, 2014 file photo. REUTERS/Brian Snyder/Files
A sign marks the entrance to RSA’s facility in Bedford, Massachusetts, in this March 28, 2014 file photo. REUTERS/Brian Snyder/Files

on the U.S. government’s Office of Personnel Management: PinkPanther, KungFu Kittens, Group 72 and, most famously, Deep Panda. But to Jared Myers and colleagues at cybersecurity company RSA, it is called Shell Crew, and Myers’ team is one of the few who has watched it mid-assault — and eventually repulsed it.

Myers’ account of a months-long battle with the group illustrates the challenges governments and companies face in defending against hackers that researchers believe are linked to the Chinese government – a charge Beijing denies.

“The Shell Crew is an extremely efficient and talented group,” Myers said in an interview.Shell Crew, or Deep Panda, are one of several hacking groups that Western cybersecurity companies have accused of hacking into U.S. and other countries’ networks and stealing government, defense and industrial documents.The attack on the OPM computers, revealed this month, compromised the data of 4 million current and former federal employees, raising U.S. suspicions that Chinese hackers were building huge databases that could be used to recruit spies.     [FULL  STORY]
Submitted by charlie on Tue, Mar 31, 2015

On March 17th 2015, our websites and partner websites came under a DDoS attack (link is external). We had never been subjected to an attack of this magnitude before. This attack was unusual in nature as we discovered that the Chinese authorities were steering millions of unsuspecting internet users worldwide to launch the attack. We believe this is a major cyber-security and economic threat for the people of China.

How did that get there?

After calling on the Internet community for help and assistance, independent researchers with access to our log files discovered the following facts:

Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyberattacks against’s websites.

Baidu’s Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks. Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code. A list of Baidu resources known to be used for the attack appears in the report (link is external).

That malicious code is sent to “any reader globally” without distinguishing that user’s geographical location, meaning that the authorities did not just launch this attack using Chinese internet users –  they compromised internet users and websites everywhere in the world.

The tampering takes places someplace between when the traffic enters China and when it hits Baidu’s servers. This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved in these attacks.

More technical details of the attack can be read in a research report (link is external) titled “Using Baidu to steer millions of computers to launch denial of service attacks”.    [FULL  STORY]

Sign In

Reset Your Password