Up until now, the longest undetected hacking operation that I was aware of was at Nortel Networks. It lasted 12 years and resulted in the company shutting down in bankruptcy and sold for scrap. This one beats that one. The DoJ unsealed indictments today for 7 Chinese nationals (note to these folks: do not travel […]
Continue reading → [DISPLAY_ACURAX_ICONS]A large and revealing leak from China was released earlier this month. It shows how much the hacking world in China has turned into a business. The company, i-SOON, was the victim of a leak. So sad! Not! The hacker posted a collection of 500 internal documents to GitHub. The documents reveal details of China’s […]
Continue reading → [DISPLAY_ACURAX_ICONS]U.S. Intelligence agencies say that China is shifting tactics. Or, maybe just adding new ones. The NSA, CISA and FBI said, in a joint advisory, that China-backed hackers have maintained access inside U.S. critical infrastructure such as aviation, rail, mass transit, highway, maritime, pipeline, water and sewage to prepare to launch a catastrophic attack at […]
Continue reading → [DISPLAY_ACURAX_ICONS]Myanmar Cyber Crime Bosses Handed to China You may remember that a couple of weeks ago I reported that the Myanmar government turned over control of the part of the country where Crime bosses were running various social engineering scams and human trafficking to the rebels who threatened to shut them down. Now there are […]
Continue reading → [DISPLAY_ACURAX_ICONS]As is often the case, humans and process represent the biggest failure window. Microsoft, to its credit, is being public about its own failures and pretty quickly. The Chinese hackers, Storm-0558, obtained a “golden cryptographic key” which allowed them to generate tokens so that they could masquerade as other users. I don’t know why you […]
Continue reading → [DISPLAY_ACURAX_ICONS]In light of the most recent Chinese attack on Azure, several people are speaking out. Amit Yoran, chairman of security firm Tenable, former president of RSA and former Homeland Security National Cyber Security Division director, says this in a LinkedIn post: Cloud providers have long espoused the shared responsibility model. That model is irretrievably broken […]
Continue reading → [DISPLAY_ACURAX_ICONS]