US Govt Announcement on Chinese Malicious Cyber Activity
BartSimpson @ Fri Dec 21, 2018 9:36 am
From email:
$1:
DATE: December 20, 2018
SUBJECT: U.S. Government Announcement on Chinese Malicious Cyber Activity
Sent on behalf of the U.S. Department of Homeland Security (DHS). Recipients are encouraged to broadly share this information within the state, local, tribal, and territorial (SLTT) government community.
Today the U.S. Government announced that a group of Chinese cyber actors associated with the Chinese Ministry of State Security has carried out a campaign of cyber-enabled theft targeting global technology service providers and their customers. Over the past four years, these actors have gained access to multiple U.S. and global managed-service and cloud providers and their customers in an effort to steal the intellectual property and sensitive data of companies located in at least 12 countries. The U.S. Government is taking steps to hold the Chinese government accountable for these unacceptable actions and help victim organizations secure their networks and data.
In 2017, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) issued a Technical Alert (TA17-117) that described an emerging, sophisticated campaign using multiple malware implants. Among other services, CISA provided mitigation techniques, including recommending monitoring activity of domains and IP addresses listed in the technical alert, as well as scanning for evidence of the file hashes as potential indicators of infection.
In the coming weeks, CISA will provide additional support and mitigation tips to assist service providers in securing their infrastructure and help end-customers understand and manage risks associated with outsourced services. In the meantime, organizations and the public should visit the US-CERT website for information and resources regarding this malicious activity: https://www.us-cert.gov/China.
We encourage any questions or feedback related to this activity. Related activity can be reported to CISA NCCIC at NCCICcustomerservice@hq.dhs.gov or 888-282-0870 and the FBI Cyber Watch (CyWatch) at CyWatch@fbi.gov or 855-292-3937.
SUBJECT: U.S. Government Announcement on Chinese Malicious Cyber Activity
Sent on behalf of the U.S. Department of Homeland Security (DHS). Recipients are encouraged to broadly share this information within the state, local, tribal, and territorial (SLTT) government community.
Today the U.S. Government announced that a group of Chinese cyber actors associated with the Chinese Ministry of State Security has carried out a campaign of cyber-enabled theft targeting global technology service providers and their customers. Over the past four years, these actors have gained access to multiple U.S. and global managed-service and cloud providers and their customers in an effort to steal the intellectual property and sensitive data of companies located in at least 12 countries. The U.S. Government is taking steps to hold the Chinese government accountable for these unacceptable actions and help victim organizations secure their networks and data.
In 2017, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) issued a Technical Alert (TA17-117) that described an emerging, sophisticated campaign using multiple malware implants. Among other services, CISA provided mitigation techniques, including recommending monitoring activity of domains and IP addresses listed in the technical alert, as well as scanning for evidence of the file hashes as potential indicators of infection.
In the coming weeks, CISA will provide additional support and mitigation tips to assist service providers in securing their infrastructure and help end-customers understand and manage risks associated with outsourced services. In the meantime, organizations and the public should visit the US-CERT website for information and resources regarding this malicious activity: https://www.us-cert.gov/China.
We encourage any questions or feedback related to this activity. Related activity can be reported to CISA NCCIC at NCCICcustomerservice@hq.dhs.gov or 888-282-0870 and the FBI Cyber Watch (CyWatch) at CyWatch@fbi.gov or 855-292-3937.
DrCaleb @ Fri Dec 21, 2018 9:48 am
I am shocked. Shocked, I tell you!
BartSimpson @ Fri Dec 21, 2018 9:51 am
I figured you would be! 
Might want to pass this on to your security folks.
Thanos @ Fri Dec 21, 2018 9:51 am
Odd what starts to happen when for their own benefit someone tries to draw the Chinese into the retard-bingo of American politics.
DrCaleb @ Fri Dec 21, 2018 10:00 am
BartSimpson BartSimpson:
Might want to pass this on to your security folks.
Way ahead of you. We've been seeing the Chinese knock at our 'doors' for years. We also know that we can never know for sure whether they have broken our systems or not, so we prepare. Anything of value isn't internet connected, and it is encrypted. Encryption keys are stored securely. And we monitor data flows just as a precaution. There are also a whole suite of analytics that I won't post online about.
I was actually just having a doughnut with the CIO/CSO . None of the revelations in the news recently are surprises to us. Except that one about IBM. That is one company I would't expect to be vulnerable to hacks. Their Weapons Research division was a pretty scary place.
