"China’s state-owned aircraft maker had just announced the Western engine it had chosen for its new aircraft.

One month later, in January 2010, American cyber researchers started to see the “preparatory activity” of a Chinese hacking group focusing on an American turbine company that made a part needed for jet engines.

For years afterwards, a division of China’s intelligence apparatus could be seen trying to steal engine design information from Western companies. By 2017 and 2018, the US government had opened indictments – with convictions to follow – against figures in the US and China trying to steal Western aerospace information.

The subterfuge, now largely forgotten by the public, is an essential chapter in the origin story of the C919, which was developed to compete with two of the world’s most widely used passenger aircraft – the Boeing 737 and the Airbus A320neo. It was also the foundation of establishing the Commercial Aircraft Corporation of China (COMAC) as a serious player in the global commercial aviation market.

The C919 is now in regular production, and it’s taking its first steps in aiding China’s systematic efforts to both develop its aerospace industry and to produce a viable passenger aircraft.
But years after concerns were raised over Chinese intellectual property theft, few of the affected parties are keen to talk openly about the alleged cyber-espionage."

https://www.smh.com.au/business/companies/prisoner-s-dilemma-how-china-is-using-the-west-to-break-an-aviation-duopoly-20250530-p5m3ir.html

#China #Boeing #Airbus #COMAC #C919 #IPTheft #StateHacking #CyberSecurity

"For maybe a decade, North Korean intelligence services have been training young IT workers and sending them abroad in teams, often to China or Russia. From these bases, they scour the web for job listings all over, usually in software engineering, and usually with Western companies. They favor roles that are fully remote, with solid wages, good access to data and systems, and few responsibilities. Over time they began applying for these jobs using stolen or fake identities and relying on members of their criminal teams to provide fictional references; some have even started using AI to pass coding tests, video interviews, and background checks.

But if an applicant lands a job offer, the syndicate needs somebody on the ground in the country the applicant claims to live in. A fake employee, after all, can’t use the addresses or bank accounts linked to their stolen IDs, and they can’t dial in to a company’s networks from overseas without instantly triggering suspicion. That’s where someone like Christina Chapman comes in.

As the “facilitator” for hundreds of North Korea–linked jobs, Chapman signed fraudulent documents and handled some of the fake workers’ salaries. She would often receive their paychecks in one of her bank accounts, take a cut, and wire the rest overseas: Federal prosecutors say Chapman was promised as much as 30 percent of the money that passed through her hands.

Her most important job, though, was tending the “laptop farm.” After being hired, a fake worker will typically ask for their company computer to be sent to a different address than the one on record—usually with some tale about a last-minute move or needing to stay with a sick relative. The new address, of course, belongs to the facilitator, in this case Chapman."

https://www.wired.com/story/north-korea-stole-your-tech-job-ai-interviews/

#CyberSecurity #NorthKorea #IT #RemoteJobs #StateHacking #AI

"Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets.

In the past, Apple has sent similar notifications to targets and victims of spyware, and directed them to contact a nonprofit that specializes in investigating such cyberattacks. Other tech companies, like Google and WhatsApp, have in recent years also periodically sent such notifications to their users.

As of Wednesday, only two people appear to have come forward to reveal they were among those who received the notifications from Apple this week.

One is Ciro Pellegrino, an Italian journalist who works for online news outlet Fanpage. Pellegrino wrote in an article that he received an email and a text message from Apple on Tuesday notifying him that he was targeted with spyware. The message, according to Pellegrino, also said he wasn’t the only person targeted."

https://techcrunch.com/2025/04/30/apple-notifies-new-victims-of-spyware-attacks-across-the-world/

#CyberSecurity #Apple #Spyware #StateHacking #Surveillance

"The office of Hannah Neumann, a member of the German Greens and head of the delegation spearheading work on European Union-Iran relations, was targeted by a hacking campaign that started in January, she said. Her staff was contacted with messages, phone calls and emails by hackers impersonating a legitimate contact. They eventually managed to target a laptop with malicious software.

"It was a very sophisticated attempt using various ways to manage that someone accidentally opens a link, including putting personal pressure on them," Neumann said.

Neumann was made aware of the ongoing ploy four weeks ago by the German domestic intelligence service, she said.

The group thought to be behind the attack is a hacking collective associated with the Iranian Revolutionary Guard, known as APT42, according to a report by the Parliament’s in-house IT service DG ITEC and seen by POLITICO. Another Iranian hacking group, called APT35 or Charming Kitten, was initially considered a culprit too. The two Iranian threat groups are closely related."

https://www.politico.eu/article/european-parliament-iran-delegation-chair-victim-tehran-linked-hacking-hannah-neumann/

#EU #Germany #Iran #CyberSecurity #StateHacking #Spyware #APT42 #APT35

"In security advisories posted on its website, Apple confirmed it fixed the two zero-day vulnerabilities, which “may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.”

The bugs are considered zero days because they were unknown to Apple as they were being exploited.

It’s not yet known who is behind the attacks or how many Apple customers were targeted, or if any were successfully compromised. A spokesperson for Apple did not return TechCrunch’s inquiry.

Apple credited the discovery of one of the two bugs to security researchers working at Google’s Threat Analysis Group, which investigates government-backed cyberattacks. This may indicate that the attacks targeting Apple customers were launched or coordinated by a nation state or government agency. Some government-backed cyberattacks are known to involve the use of remotely planted spyware and other phone-unlocking devices."

https://techcrunch.com/2025/04/16/apple-says-zero-day-bugs-exploited-against-specific-targeted-individuals-using-ios/

#CyberSecurity #Apple iOS #ZeroDayBugs #StateHacking

"The European Commission is issuing burner phones and basic laptops to some US-bound staff to avoid the risk of espionage, a measure traditionally reserved for trips to China.

Commissioners and senior officials travelling to the IMF and World Bank spring meetings next week have been given the new guidance, according to four people familiar with the situation.

They said the measures replicate those used on trips to Ukraine and China, where standard IT kit cannot be brought into the countries for fear of Russian or Chinese surveillance.

“They are worried about the US getting into the commission systems,” said one official.

The treatment of the US as a potential security risk highlights how relations have deteriorated since the return of Donald Trump as US president in January.

Trump has accused the EU of having been set up to “screw the US” and announced 20 per cent so-called reciprocal tariffs on the bloc’s exports, which he later halved for a 90-day period.

At the same time, he has made overtures to Russia, pressured Ukraine to hand over control over its assets by temporarily suspending military aid and has threatened to withdraw security guarantees from Europe, spurring a continent-wide rearmament effort.

“The transatlantic alliance is over,” said a fifth EU official.""

https://www.ft.com/content/20d0678a-41b2-468d-ac10-14ce1eae357b

#USA #Trump #CyberSecurity #EU #Espionage #StateHacking

"A coalition of governments has published a list of legitimate-looking Android apps that were actually spyware and were used to target civil society that may oppose China’s state interests.

On Tuesday, the U.K.’s National Cyber Security Centre, or NCSC, which is part of intelligence agency GCHQ, along with government agencies from Australia, Canada, Germany, New Zealand, and the United States, published separate advisories on two families of spyware, known as BadBazaar and Moonshine.

These two spywares hid inside legitimate-looking Android apps, acting essentially as “Trojan” malware, with surveillance capabilities such as the ability to access the phone’s cameras, microphone, chats, photos, and location data, the NCSC wrote in a press release on Wednesday.

BadBazaar and Moonshine, which have been previously analyzed by cybersecurity firms like Lookout, Trend Micro, and Volexity, as well as the digital rights nonprofit Citizen Lab, were used to target Uyghurs, Tibetans, and Taiwanese communities, as well as civil society groups, according to the NCSC.

Uyghurs are a Muslim-minority group largely in China that has for years faced detention, surveillance, and discrimination from the Chinese government, and thus has frequently been the target of hacking campaigns."

https://techcrunch.com/2025/04/09/governments-identify-dozens-of-android-apps-bundled-with-spyware/

#CyberSecurity #China #Android #Spyware #StateHacking #Uyghurs #Tibet #Taiwan

"Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate.

The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said.

The first-of-its-kind signal at a Geneva summit with the outgoing Biden administration startled American officials used to hearing their Chinese counterparts blame the campaign, which security researchers have dubbed Volt Typhoon, on a criminal outfit, or accuse the U.S. of having an overactive imagination."

https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb

#USA #CyberSecurity #China #StateHacking #VoltTyphoon #Infrastructure

"We don’t know what pressure the Trump administration is using to make intelligence services fall into line, but it isn’t crazy to worry that the NSA might again start monitoring domestic communications.

Because of the Signal chat leak, it’s less likely that they’ll use vulnerabilities in Signal to do that. Equally, bad actors such as drug cartels may also feel safer using Signal. Their security against the US government lies in the fact that the US government shares their vulnerabilities. No one wants their secrets exposed.

I have long advocated for a "defense dominant" cybersecurity strategy. As long as smartphones are in the pocket of every government official, police officer, judge, CEO, and nuclear power plant operator—and now that they are being used for what the White House now calls calls "sensitive," if not outright classified conversations among cabinet members—we need them to be as secure as possible. And that means no government-mandated backdoors.

We may find out more about how officials—including the vice president of the United States—came to be using Signal on what seem to be consumer-grade smartphones, in a apparent breach of the laws on government records. It’s unlikely that they really thought through the consequences of their actions.

Nonetheless, those consequences are real. Other governments, possibly including US allies, will now have much more incentive to break Signal’s security than they did in the past, and more incentive to hack US government smartphones than they did before March 24.

For just the same reason, the US government has urgent incentives to protect them."

https://www.schneier.com/blog/archives/2025/03/the-signal-chat-leak-and-the-nsa.html

#USA #CyberSecurity #Signal #Encryption #Backdoors #Privacy #NSA #StateHacking

"The Department of Justice has announced criminal charges against 12 Chinese government-linked hackers who are accused of hacking more than 100 American organizations, including the U.S. Treasury, over the course of a decade.

The charged individuals all played a “key role” in China’s hacker-for-hire ecosystem, a senior DOJ official said on a background call with reporters, including TechCrunch, on Wednesday. The official added that those charged, which includes contract hackers and Chinese law enforcement officials, targeted organizations in the U.S. and worldwide for the purposes of “suppressing free speech and religious freedoms.”

The DOJ also confirmed that two of the indicted individuals are linked to the China government-backed hacking group APT27, or Silk Typhoon."

https://techcrunch.com/2025/03/05/justice-department-charges-chinese-hackers-for-hire-linked-to-treasury-breach/

#USA #CyberSecurity #DoJ #China #StateHacking #APT27 #SilkTyphoon

"When the Chinese hacker group known as Salt Typhoon was revealed last fall to have deeply penetrated major US telecommunications companies—ultimately breaching no fewer than nine of the phone carriers and accessing Americans' texts and calls in real time—that hacking campaign was treated as a four-alarm fire by the US government. Yet even after those hackers' high-profile exposure, they've continued their spree of breaking into telecom networks worldwide, including more in the US.

Researchers at cybersecurity firm Recorded Future on Wednesday night revealed in a report that they've seen Salt Typhoon breach five telecoms and internet service providers around the world, as well as more than a dozen universities from Utah to Vietnam, all between December and January. The telecoms include one US internet service provider and telecom firm and another US-based subsidiary of a UK telecom, according to the company's analysts, though they declined to name those victims to WIRED."

https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/

#CyberSecurity #China #SaltTyphoon #StateHacking #USA #BigTelco #Hacking

"The message from President Biden’s national security adviser was startling.

Chinese hackers had gained the ability to shut down dozens of U.S. ports, power grids and other infrastructure targets at will, Jake Sullivan told telecommunications and technology executives at a secret meeting at the White House in the fall of 2023, according to people familiar with it. The attack could threaten lives, and the government needed the companies’ help to root out the intruders.

What no one at the briefing knew, including Sullivan: China’s hackers were already working their way deep inside U.S. telecom networks, too.

The two massive hacking operations have upended the West’s understanding of what Beijing wants, while revealing the astonishing skill level and stealth of its keyboard warriors—once seen as the cyber equivalent of noisy, drunken burglars.

China’s hackers were once thought to be interested chiefly in business secrets and huge sets of private consumer data. But the latest hacks make clear they are now soldiers on the front lines of potential geopolitical conflict between the U.S. and China, in which cyberwarfare tools are expected to be powerful weapons."

https://www.wsj.com/tech/cybersecurity/typhoon-china-hackers-military-weapons-97d4ef95

#CyberSecurity #USA #China #SaltTyphoon #StateHacking #CyberWarfare

"Chinese state-sponsored hackers breached the U.S. Treasury Department's computer security guardrails this month and stole documents in what Treasury called a "major incident," according to a letter to lawmakers, opens new tab that Treasury officials provided to Reuters on Monday.

The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said.

According to the letter, hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users."

"Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor," the letter said."

https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/

#USA #China #StateHacking #CyberSecurity #USTreasury #BeyondTrust

"In her remarks, Neuberger confirmed that nine telecommunications providers were impacted by the breaches, adding one more firm to the eight she acknowledged earlier this month. She noted that guidance was given to key U.S. telecommunications firms early on — a “hunting guide” and a “hardening guide” — that detailed Chinese hacking methods and allowed companies to “look for those techniques in their networks and call for help if they discover it.” This led to the determination that a ninth telco provider had been impacted by the same Salt Typhoon breach, alongside Lumen Technologies, AT&T, Verizon and others.

It’s unclear if the Chinese hackers have been fully evicted from all of the U.S. telecommunications networks. Earlier this month, Neuberger said that none of the providers have managed to oust the Chinese hackers from their networks, an assertion that some of the providers, including Lumen and AT&T, have refuted.

Neuberger explained that once Chinese hackers infiltrated telecommunication networks, they essentially had “broad and full access” to American data, which allowed them to “geolocate millions of individuals” and “record phone calls at will.”"

https://www.politico.com/news/2024/12/27/chinese-hackers-telco-access-00196082

#CyberSecurity #China #SaltTyphoon #USA #BigTelco #StateHacking

"U.S. authorities are investigating whether a Chinese company whose popular home-internet routers have been linked to cyberattacks poses a national-security risk and are considering banning the devices.

The router-manufacturer TP-Link, established in China, has roughly 65% of the U.S. market for routers for homes and small businesses. It is also the top choice on Amazon.com, and powers internet communications for the Defense Department and other federal government agencies.

Investigators at the Commerce, Defense and Justice departments have opened their own probes into the company, and authorities could ban the sale of TP-Link routers in the U.S. next year, according to people familiar with the matter. An office of the Commerce Department has subpoenaed TP-Link, some of the people said.

Action against the company would likely fall to the incoming Trump administration, which has signaled an aggressive approach to China."

https://www.wsj.com/politics/national-security/us-ban-china-router-tp-link-systems-7d7507e6?st=oP8Bk2&reflink=desktopwebshare_permalink

#USA #CyberSecurity #China #TPLink #StateHacking #TradeWar

"It's not often that a piece of FBI advice triggers a Snopes fact check. But the agency's urgent message this month to Americans, often summarized as "stop texting," surprised many consumers.

The warning from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) highlighted vulnerabilities in text messaging systems that millions of Americans use every day.

The U.S. believes hackers affiliated with China's government, dubbed Salt Typhoon, are waging a "broad and significant cyber-espionage campaign" to infiltrate commercial telecoms and steal users' data — and in isolated cases, to record phone calls, a senior FBI official who spoke to reporters on condition of anonymity said during a Dec. 3 briefing call.

The new guidance may have surprised consumers — but not security experts.

"People have been talking about things like this for years in the computer security community," Jason Hong, a professor at Carnegie Mellon University's School of Computer Science, told NPR. "You should not rely on these kinds of unencrypted communications because of this exact reason: There could be snoopers in lots of infrastructure.""

https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-security-fbi-chinese-hackers-security-encryption

#USA #FBI #SaltTyphoon #CyberSecurity #China #StateHacking

"The collective shrug around Salt Typhoon can also be seen across the news industry, where headlines about Salt Typhoon are making the rounds in the cybersecurity community, but generally aren’t splashed across front pages. In fairness, the news cycle at the moment is exhausting for reporters and readers alike — there’s a new administration forming, major global conflicts rage on and people are looking to take a break from it all over the holidays. Worrying about a massive and likely devastating global hack does not feel very merry.

And many details about the hack — when it happened, who was impacted, the extent of the damage — are slowly emerging and are still not totally clear, making it difficult for the layperson to follow.

But Beijing is taking notes on the sluggish U.S. response. At the one Senate Commerce hearing on the topic held Wednesday, JAMES LEWIS, director of the Strategic Technologies Program at the Center for Strategic and International Studies, testified about the need for the U.S. to counter Chinese hacking operations by giving Beijing a taste of its own medicine through U.S. offensive hacking. Otherwise, he warned, China would just keep going."

https://www.politico.com/newsletters/national-security-daily/2024/12/12/we-need-to-talk-about-salt-typhoon-00183727

#CyberSecurity #China #USA #SaltTyphoon #StateHacking

"U.S. government agencies legally hack into cell phones or emails all the time: think of the FBI wiretapping a suspected drug lord or the NSA monitoring emails for terrorism plots.

But now there’s rising interest in hacking other kinds of devices people use, like Wi-Fi-connected security cameras and other IoT products.

Toka, an Israeli startup backed by Andreessen Horowitz, specializes in this type of work. It previously gained attention for a 2022 Haaretz article detailing its claims about being able to obtain and even delete security camera footage.

The company is now looking to hire a “Client Director USA” to “support new business growth within the US government market.” The position requires a “strong history of technology sales within DoD and national security agencies.”"

https://techcrunch.com/2024/12/06/a16z-backed-toka-wants-to-help-us-agencies-hack-into-security-cameras-and-other-iot-devices/

#USA #Surveillance #PoliceState #StateHacking #Hacking #CyberSecurity #IoT

"Hackers weren’t able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple’s iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren’t encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times.
(...)
As for the targets, the Post reports fewer than 150 people have been identified as having their text messages or phone calls monitored and the FBI has been in contact with them. Most of the people are in the Washington DC area, which makes sense if the hackers were interested in political targets. But 150 people can communicate with a lot of people, even in a short period, so the number of targets could be in the “millions,” according to Warner. You get the sense U.S. authorities have no real idea how many people have been impacted, given the scope of the intrusion.

The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order. The monitoring of phone calls wasn’t 24/7, according to Warner, but he didn’t seem to elaborate on what that meant to the Times."

https://gizmodo.com/china-wiretaps-americans-in-worst-hack-in-our-nations-history-2000528424

#USA #CyberSecurity #StateHacking #Surveillance #PoliceState #China

"For determined hackers, sitting in a car outside a target's building and using radio equipment to breach its Wi-Fi network has long been an effective but risky technique. These risks became all too clear when spies working for Russia's GRU military intelligence agency were caught red-handed on a city street in the Netherlands in 2018 using an antenna hidden in their car's trunk to try to hack into the Wi-Fi of the Organization for the Prohibition of Chemical Weapons.

Since that incident, however, that same unit of Russian military hackers appears to have developed a new and far safer Wi-Fi hacking technique: Instead of venturing into radio range of their target, they found another vulnerable network in a building across the street, remotely hacked into a laptop in that neighboring building, and used that computer's antenna to break into the Wi-Fi network of their intended victim—a radio-hacking trick that never even required leaving Russian soil.

At the Cyberwarcon security conference in Arlington, Virginia, today, cybersecurity researcher Steven Adair will reveal how his firm, Volexity, discovered that unprecedented Wi-Fi hacking technique—what the firm is calling a “nearest neighbor attack"—while investigating a network breach targeting a customer in Washington, DC, in 2022. Volexity, which declined to name its DC customer, has since tied the breach to the Russian hacker group known as Fancy Bear, APT28, or Unit 26165."

https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/

#CyberSecurity #Russia #StateHacking #FancyBear #APT28 #Wifi