[German]Today a short collective article about China, state hackers, espionage and software products. There have been attacks on Australia and spyware has been found in a Chinese control software. Both cases point to state hackers from China as originators.
China Tax Software and some Spyware
Products from China could contain traces of spyware. The following Tweet points out such an event.
— Aryeh Goretsky (@goretsky) June 26, 2020
Earlier this year, a multinational technology provider doing business in China was instructed by its Chinese bank to install software to pay local taxes.
The tax software itself was legitimate, but embedded in it was a nasty surprise. A new report from a private security company indicates that the software was infected. The program contained a sophisticated piece of malware that gave attackers full access to the company network.
The company Trustwave, which uncovered the case, called the malicious software “GoldenSpy” and warns others to scan their networks for it in a report released on Thursday. “If you are doing business in China and someone asks you to install something, we call for extra vigilance,” Hussey said. “We urge everyone to check to see if they are affected.”
While Trustwave has not given details of the client or the case. The malware appears to have been active since April 2020 and it is believed that government actors from China may be involved. More details can be found in this article.
Malware attack on Australia
In Australia there have been massive malware attacks on Australian organizations. SPON has called it an ‘elephant in the room’ – the malware is probably caused by China.
— BleepingComputer (@BleepinComputer) June 28, 2020
Above tweet refers to this article by Bleeping Computer, which contains further details about this case. The Australian government issued a security alert at the end of last week about increased cyber-activity by a state actor against networks belonging to Australian government agencies and businesses.
Behind the attack is a “sophisticated” adversary who relies on slightly modified proof-of-concept attack code for vulnerabilities from the past, the government says in the warning, unofficially pointing the finger at China as the culprit. The attacker is targeting a publicly accessible infrastructure with exploits of remote code execution (RCE) techniques. So I automatically ask myself: How trustworthy can Chinese software be?