Hackers breached Afghan government in spying campaign on China,


According to cybersecurity firm Check Point, Chinese-speaking hackers breached the Afghan government to infiltrate the country’s national security leadership in a targeted espionage campaign.

The hacking campaign started as long ago as 2014. companyHeadquartered in California and Israel. Details of the campaign, announced on Thursday, are emerging as Chinese cyberespionage and influence operations are gaining increasing attention worldwide, particularly within the United States. Biden management He said the company was preparing to formally identify those responsible for the hacking of Microsoft Exchange servers, which it said was run by a state-sponsored group operating in China.

Checkpoint He said the research team did not know whether the Chinese-speaking “IndigoZebra” hacking group was managed or sponsored by the Chinese government. According to the company, hackers impersonated the Afghan Presidential Office to infiltrate the Afghan National Security Council and used file storage service Dropbox to hide their activities.

An Afghan National Security Council official opened an attachment to a press conference that allegedly came from the office of the president, but which researchers say instead creates a backdoor for hackers to steal information. The backdoor communicated with an attacker-controlled Dropbox account, and the hackers took advantage of Dropbox as their command and control center.

“What is remarkable here is how threat actors use the tactic of deception from ministry to ministry. This tactic is vicious and effective in getting someone to do anything for you; and in this case, malicious activity was seen at the highest levels of sovereignty,” Lotem Finkelstein, Checkpoint The head of threat intelligence said in a statement. “It’s also notable how threat actors use Dropbox to hide themselves from detection, a technique I believe we should all be aware of and watch out for.”

Mr Finkelstein told The Washington Times that his researchers were alerted to the espionage campaign through the discovery of files and emails uploaded online.

Company spokesman Ekram Ahmed noted that the investigators decided not to notify the Afghan government and that it was not a Check Point client. Ahmed said that the research team of 200 people regularly interacted with the FBI and Europol, the law enforcement agency of the European Union, but did not warn these institutions either.

Reporting that it has more than 5,400 employees worldwide and an annual revenue of more than $2 billion last year, Check Point instead informed the press by issuing a report.

Neither the Afghan Embassy in Washington nor Dropbox responded to requests for comment. Checkpoint He said he didn’t know how many countries outside Afghanistan were targeted by the IndigoZebra hackers, but he believed Kyrgyzstan and Uzbekistan were victims as well.

“This campaign is not limited to Afghanistan, Kyrgyzstan and Uzbekistan – these are the campaigns we are confident enough to link to IndigoZebra’s victim list,” Finkelstein told The Times. “By analyzing attack infrastructures, it is also possible that they had other targets before. [USSR countries] and wider than that.”

Other cyber-espionage efforts related to China focus more on the United States. In March, Microsoft identified Hafnium as China-based state-sponsored cyberattackers responsible for hacking Exchange servers. According to Microsoft, hackers gained access to email accounts and the ability to install malware to gain longer-term access to their targets’ digital media.

Microsoft said the material the Chinese hackers were looking for included information from infectious disease researchers — just as the coronavirus pandemic unfolded around the world — from law firms, educational institutions, think tanks and nonprofits.

Biden management According to Anne Neuberger, deputy national security adviser for cyber and emerging technologies, Microsoft is preparing to formally blame Exchange server hacking and is preparing for subsequent action.

“You’ve seen National Security Advisor Jake Sullivan say we’re going to link this activity, and with that, of course, as a follow-up to that,” Ms Neuberger told Silverado Policy. Accelerator event on Tuesday. “And I think you’ll see more in the coming weeks.”

Biden management He did not reveal how he plans to respond to cyber espionage regarding China. But in the SolarWinds computer network management software hack that compromised nine federal agencies, Administration officially blamed the Russian Foreign Intelligence Service (SVR) and imposed sanctions on Russia.

Sign up for Daily Newsletters


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *