Google has disrupted over 175,000 YouTube and Blogger instances related to the Chinese influence operation Dragonbridge.

The post Google Disrupts More China-Linked Dragonbridge Influence Operations appeared first on SecurityWeek.

A journalist merges family history with his own experience in Beijing to provide a fascinating insight into Chinese life and politics

It’s hard to think of a country that has changed as fundamentally as China without altering its basic political system. When I first visited Beijing, three weeks before the Tiananmen massacre in 1989, the main avenues of the city were rivers of bicycles. The very few cars you saw were official ones, with senior party figures sitting stiffly in the back. In the street, you’d be surrounded by staring, smiling people who had never seen a European before. When I jotted things in my notebook, they would crane their necks to see the strange, barbaric signs I was making. If you asked the students in Tiananmen Square what they wanted, they invariably said “democracy”; yet scarcely any of them had the slightest idea what that meant.

Deng Xiaoping, who ultimately gave the order to open fire on the demonstrators, was responsible for the extraordinary enrichment of ordinary Chinese people, eventually lifting hundreds of millions out of poverty. It’s conventional to say that modern China is based on a compromise: we’ll make you rich, if you don’t ask for political change. But that makes it sound as though it’s an open choice. In fact, the Chinese Communist party decided after 1989 that even the slightest letup in its fierce control over society might lead to a new Tiananmen, or to the kind of collapse which happened to the Soviet Union. There’s very little ideology in today’s Chinese system, as anyone who has had to plough through the basic documents of “Xi Jinping Thought” can attest. It’s all about keeping control.

Global demand for renewable energy is surging so why make solar panels, wind turbines and EVs dearer for western consumers?

With historic heatwaves sweeping across the US and other parts of the northern hemisphere, June is expected to be the 13th consecutive month of record-breaking global temperatures. The primary cause, of course, is the enormous amount of greenhouse gases in the atmosphere. Despite the existential threat posed by rising atmospheric concentrations of greenhouse gases, emissions continue to increase at a faster pace than previously anticipated.

On one front, however, progress in the fight against the climate crisis has exceeded expectations. Amid the global shift from internal combustion engines to electric vehicles and the accelerated adoption of solar and wind power, demand for renewable energy is rapidly rising in the US and the EU.

Read more of this story at Slashdot.

Read more of this story at Slashdot.

Enlarge / This photo taken on June 25, 2024, shows the retrieval site of the return capsule of the Chang'e-6 probe in Siziwang Banner, north China's Inner Mongolia Autonomous Region. (credit: Xinhua/Lian Zhen)

A small spacecraft landed in Inner Mongolia on Tuesday, bringing samples from the far side of the Moon back to Earth.

This was not China's first robotic mission to return a few pounds of dust and pebbles from the lunar surface—that came with the Chang'e 5 mission in December 2020. However, this was the first time any space program in the world returned material from the Moon's far side.

The successful conclusion of this mission, which launched from Earth nearly two months ago, marked another significant achievement for China's space program as the country sets its sights on landing humans on the Moon by the year 2030.

Read 7 remaining paragraphs | Comments

Read more of this story at Slashdot.

Read more of this story at Slashdot.

A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy.

The post Chinese Hackers Have Stepped Up Attacks on Taiwanese Organizations, Cybersecurity Firm Says appeared first on SecurityWeek.

Last week I was reviewing a publication by the United Nation Office on Drugs and Crime published in January 2024, titled "Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden and Accelerating Threat."

(URL to the UNODC report: UNODC: Casinos, Money Laundering, Underground Banking ... full report)

(URL to the USIP report: https://www.usip.org/node/160386 )

The reason I was looking into the report is that this 106 page report is about how Chinese organized crime has planted themselves in Casino complexes across Cambodia, Indonesia, Lao PDR, the Philippine, Thailand, and Viet Nam. The same modus operandi that we associate with the crypto investment scams that use the horrible name "pig butchering" to describe the financial grooming that leads to the complete financial devastation of so many Americans. In fact, I discovered the UN report, only by seeing it quoted in he report by the United States Institute of Peace, "Transnational Crime in Southeast Asia: A Growing Threat to Global Peace and Security" where it was mentioned in a footnote.

Examining Chinese Ministry of Public Security reports

The UNODC report shares statistics from a Ministry of Public Security of China note, without providing a URL, that "between January to November 2023, authorities in the country successfully resolved 391,000 cases related to telecommunications and network fraud, totaling the arrest of 79,000 suspects, including 263 'backbone members or paymasters' of cyberfraud groups" (in the countries mentioned above.) This included:

• interception of 2.75 BILLION fraud calls
• interception of 2.28 BILLION fraud messages
• the removal of 8.36 million fraud-related domain names
• and 328.8 billion yuan (US $46 billion) in funds related to fraud cases.

Since I am working on a project that we call "Twenty Targets for Takedown" that is attempting to shut own illicit websites by terminating their domain registrations and hosting arrangements, the number "8.36 million fraud-related domains" made me shudder.
I am fortunate to count among my network some of the leading experts in domain-name related fraud and abuse, the number seemed overwhelmingly high, and I asked my colleagues from CAUCE, the Coalition Against Unsolicited Commercial Email, for assistance in looking into it. One quick opinion was that this could include a definition of domain name that would be more akin to a hostname, similar to what we have on Blogspot. "garwarner.blogspot.com" is a hostname on the domain "blogspot.com" ... but some would call it a "fully qualified domain name" and consider it a separate FQDN than other xyz.blogspot.com or abc.blogspot.com "domains."

John Levine helped me solve the "did they really mean millions, or is this possibly a bad translation" by helping me find the Ministry of Public Security site where the article was coming from and share several updated versions of these statistics.

MPS Article: Significant success in combating telecom and internet fraud

18 Million Websites! 

The latest article we can find, dated 31MAY2024, quotes Li Guozhong ( 李国中 ) the Spokesman for China's Ministry of Pubic Security describing their successes over the past five years.  In 2021, they established a National Anti-Fraud Center which sent out 660 million notices and were able to help stop fraud against 18.44 million people. This most recent article, which is focused on fraud and doesn't mention gambling at all, says that they have "handled 18 million domain names and websites."  That's a machine translation of ( 处置涉案域名网址1800万个 ).  I can confirm the 18 million ... written as 1800 ten thousands - 1800万个.  Handled is perhaps better rendered "disposed of" 处置  (Chǔzhì).  Still unsure how to interpret 域名 ( Yùmíng - Domain name) 网址 (Wǎngzhǐ - website), but I think for now, I'm going to assume it means "URLs" or "FQDNs" as opposed to only registered domains 

The Anti-Fraud Center has intercepted 6.99 billion fraud calls and 6.84 billion text messages and intercepted 1.1 trillion yuan of funds. At current exchange rates, that would be around $151 Billion US Dollars!   

Just since July 2023, 49,000 cyber fraud suspects have been transferred to China from northern Myanmar. 82,000 criminal suspect have been arrested, including 426 key "financial backers" behind the fraud groups.  

Several maps help to demonstrate what's going on in Southeast Asia: 

(Source: Figure 1 from the afore-mentioned USIP report) 

Source: afore-mentioned UNODC report -- note the Myanmar/China border, which is where most of the Chinese rescues and raids have been conducted.

How Much Fraud? $64 Billion to $157 Billion per year!

The US Institute of Peace report estimates that there are as many as 500,000 scammers deployed in the region, earning potentially $64 Billion per year in fraud. The methodology they used for this calculation came from the UNODC report above. On p. 55 of that report, the UN said that they estimated each scammer was earning between $300 and 400 per day, and that they believed there were 80,000 to 100,000 scammers working six days per week in one unnamed Mekong country.  Using that estimate, they gave a "range" of $7.5 Billion to $12.5 billion in scam revenue for that country.  These numbers were calculated consistently with a Chinese MPS report about an initiative they called "Operation Chain Break" which estimated that scam compounds, including gambling and cyber scams, were generating $157 Billion per year. 

China's Ministry of Public Security is actively conducting military style raids to help recover these fraud suspects from northern Myanmar, where China shares a long border with the country, which remains deeply embroiled in a state of civil war. MPS is also working collectively with other Southeast Asian countries and says it has "destroyed 37 overseas fraud dens." 

China Launches Month of National Anti-Fraud Action

Today (24JUN2024) China launched a new month-long "National Anti-Fraud Action" with a nation-wide campaign that declares "Beware of new fraud methods and don't be a tool for telecom fraud."  The campaign uses what China calls a "Five-In" approach, meaning that Chinese citizens will see and spread anti-fraud messages in Communities, Rural Areas, Families, Schools, and Businesses.  Students will be provided materials to share with their families, Employees will be encouraged to share anti-fraud messages and materials with their families and communities, and Chinese Communist Party offices in rural areas and civic organizations will make sure the message is spread in those areas as well. The materials being prepared will be written separately to address the awareness needs of merchants, accounting personnel, minors, and the elderly, describing each fraud typology and helping to describe methods to safeguard from these typologies. A major objective will also be to help understand how to avoid becoming a "tool" or an "accomplice" of these fraud rings, who prey on the financially vulnerable to help them launder the proceeds of their crime.  The Ministry of Public Security will jointly publish the "Overseas Telecom Network Fraud Prevention Handbook with the Ministry of Foreign Affairs and the Ministry of Education to help improve prevention awareness especially for overseas students and diaspora Chinese communities. Major news media and new media platforms will continuously feature anti-fraud reports to strengthen and educate the public on fraud prevention and "continue to set off a new wave of anti-fraud among the whole people the whole society." 

Gee, doesn't that sound like REACT's Erin West and Operation Shamrock -- but with the full cooperation of the Government and Society? 

The announcement of the month of National Anti-Fraud Action concludes with some more recent statistics about the work of the National Anti-Fraud Center.  Just since 2023, today's report says that they have: 

• pushed out 420 million warning and dissuasion instructions
• met with 14.77 million people face-to-face to give warnings 
• made 310 million phone calls to warn vitims 
• sent 230 million dissuasion text messages
• intercepted 3.7 billion fraud calls 
• intercepted 2.96 billion fraud-related text messages
• blocked 11.619 million fraud-related domain names -- BLOCKED - this may mean "prevented access via Chinese Internet -- which may mean the sites are still available to victimize foreigners
• intercepted 452.9 billion yuan of funds ($62 Billion USD) 

What does this mean to those of us in the United States?  If China is doing an all-hands "Five-In" awareness campaign and deploying police for face-to-face dissuasion, the fraudsters may very realistically need to INCREASE their targeting of overseas victims to make up for the projected revenue hit this new effort may create. 

To quote Director Easterly at CISA: SHIELDS UP! 

The post Millions and Millions of Fraud Domains: China attacks Illegal Gambling and Telecom Fraud appeared first on Security Boulevard.

My poems were written in anger after Tiananmen Square. But what motivates most prison writing is a fear of forgetting. Today I am free, but the regime has never stopped its war on words. By Liao Yiwu

Read more of this story at Slashdot.

Void Arachne Tactics

• SEO Poisoning: The group set up websites posing as legitimate software download sites. Through SEO poisoning, they pushed these sites to rank highly on search engines for common Chinese software keywords. The sites host MSI installer files containing Winos malware bundled with software like Chrome, language packs, and VPNs. Victims unintentionally infect themselves with Winos, while believing that they are only installing intended software.
• Targeting VPNs: Void Arachne frequently targets Chinese VPN software in their installers and Telegram posts. Exploiting interest in VPNs is an effective infection tactic, as VPN usage is high among Chinese internet users due to government censorship. [caption id="attachment_77950" align="alignnone" width="917"] Source: trendmicro.com[/caption]
• Telegram Channels: In addition to SEO poisoning, Void Arachne shared malicious installers in Telegram channels focused on Chinese language and VPN topics. Channels with tens of thousands of users pinned posts with infected language packs and AI software installers, increasing exposure.
• Deepfake Pornography: A concerning discovery was the group promoting nudifier apps generating nonconsensual deepfake pornography. They advertised the ability to undress photos of classmates and colleagues, encouraging harassment and sextortion. Infected nudifier installers were pinned prominently in their Telegram channels.
• Face/Voice Swapping Apps: Void Arachne also advertised voice changing and face swapping apps enabling deception campaigns like virtual kidnappings. Attackers can use these apps to impersonate victims and pressure their families for ransom. As with nudifiers, infected voice/face swapper installers were shared widely on Telegram.

Winos 4.0 C&C Framework

Concerning Trend of AI Misuse and Deepfakes

Just have appropriate entertainment and satisfy your own lustful desires. Do not send it to the other party or harass the other party. Once you call the police, you will be in constant trouble! AI takes off clothes, you give me photos and I will make pictures for you. Do you want to see the female classmate you yearn for, the female colleague you have a crush on, the relatives and friends you eat and live with at home? Do you want to see them naked? Now you can realize your dream, you can see them naked and lustful for a pack of cigarette money.

Velvet Ant Campaign Used Evasive Tactics

• VELVETSTING - This program was configured to connect to a remote server located in China to check for encoded commands on an hourly basis. Once commands were received, the program would execute them via a Unix shell.
• VELVETTAP - Malware seems to have been monitoring and capturing data from the F5 internal network interface.
• SAMRID - This software has been identified as a publicly available tunneling program that had previously been utilized by Chinese state-sponsored groups. While dormant during the researcher's investigation, it may have provided the attackers remote access.
• ESRDE - This backdoor works similarly to VELVETSTING, running commands delivered from an external server. It was also inactive at the time of analysis.

Organizations Systems Were Reinfected Upon Malware Removal

• "members of Parliament who worked to influence their colleagues on India's behalf and proactively provided confidential information to Indian officials." (p.24)
• a PRC "network had some contact with at least 11 candidates and 13 campaign staffers, some of whom appeared to be wittingly working for the PRC" (p. 26)
• "Member of Parliament wittingly provided information *** to a foreign state . . . a particularly concerning case of a then-member of Parliament maintaining a relationship with a foreign intelligence officer" (p.26)
• "an example of the PRC using intermediaries to provide funds likely to support candidates in the 2019 federal election, including two transfers of funds approximating $250,000 through a prominent community leader, a political staffer and then an Ontario member of Provincial Parliament. CSIS could not confirm that the funds reached any candidate." (pp.28-29).

Understanding the CUHK Data Breach

Investigation Status of CUHK Data Breach

CUHK Data Breach: Institutions in Hong Kong Under Scanner

The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years.

The post Chinese Threats Aim for Government Sector  appeared first on Security Boulevard.

Enlarge / Brad Smith, vice chairman and president of Microsoft, is sworn in before testifying about Microsoft's cybersecurity work during a House Committee on Homeland Security hearing on Capitol Hill in Washington, DC, on June 13, 2024. (credit: SAUL LOEB / Contributor | AFP)

Microsoft is pivoting its company culture to make security a top priority, President Brad Smith testified to Congress on Thursday, promising that security will be "more important even than the company’s work on artificial intelligence."

Satya Nadella, Microsoft's CEO, "has taken on the responsibility personally to serve as the senior executive with overall accountability for Microsoft’s security," Smith told Congress.

His testimony comes after Microsoft admitted that it could have taken steps to prevent two aggressive nation-state cyberattacks from China and Russia.

Read 30 remaining paragraphs | Comments

A Zambian court has sentenced 22 Chinese nationals to long prison terms for cybercrimes that included internet fraud and online scams targeting Zambians and other people.

The post 22 Chinese Nationals Sentenced to Long Prison Terms in Zambia for Multinational Cybercrimes appeared first on SecurityWeek.

Potential Implications of Cyberattack on SGCC

Global Context of Cyberattacks in the Energy Sector

Enlarge (credit: FT montage/Getty Images)

The resurrection of a car plant in Brazil’s poor northeast stands as a symbol of China’s global advance—and the West’s retreat.

BYD, the Shenzhen-based conglomerate, has taken over an old Ford factory in Camaçari, which was abandoned by the American automaker nearly a century after Henry Ford first set up operations in Brazil.

When Luiz Inácio Lula da Silva, Brazil’s president, visited China last year, he met BYD’s billionaire founder and chair, Wang Chuanfu. After that meeting, BYD picked the country for its first carmaking hub outside of Asia.

Read 52 remaining paragraphs | Comments

The US government has announced sanctions against three Chinese nationals accused of creating and operating the 911 S5 proxy botnet.

The post US Sanctions Three Chinese Men for Operating 911 S5 Botnet appeared first on SecurityWeek.

Kuo Chiu, known as KC to his friends, teaches urban design at Tunghai University in Taiwan. He’s also one of many of the country's citizens who practises rifle skills in his spare time, in case of a Chinese invasion.

The population of Taiwan has long grown familiar with Beijing’s pledge to one day ‘unify’ what it claims is a breakaway province. But recently, there has been a significant increase in aggressive and intimidatory acts.

Taiwan’s 160,000 active military personnel are vastly outnumbered by China’s 2 million-member armed forces, leading many civilians to turn to voluntary medical and combat training to protect themselves.

The Guardian's video team spent time with KC to see how he is preparing