U.S. charges seven in wide-ranging Chinese hacking effort

WASHINGTON (Reuters) – The U.S. Justice Department said on Wednesday it has charged five Chinese residents and two Malaysian businessmen in a wide-ranging hacking effort that encompassed targets from video games to pro-democracy activists.

Federal prosecutors said the Chinese nationals had been charged with hacking more than 100 companies in the United States and abroad, including software development companies, computer manufacturers, telecommunications providers, social media companies, gaming firms, nonprofits, universities, think-tanks as well as foreign governments and politicians and civil society figures in Hong Kong.

U.S. officials stopped short of alleging the hackers were working on behalf of Beijing, but in a statement Deputy Attorney General Jeffrey Rosen expressed exasperation with Chinese authorities, saying they were – at the very least – turning a blind eye to cyber-espionage.

“We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like minded states to enforce laws against computer intrusions,” Rosen said. “But they choose not to.”

He further alleged that one of the Chinese defendants had boasted to a colleague that he was “very close” to China’s Ministry of State Security and would be protected “unless something very big happens.”

“No responsible government knowingly shelters cyber criminals that target victims worldwide in acts of rank theft,” Rosen said.

The Chinese Embassy in Washington did not immediately return an email seeking comment. Beijing has repeatedly denied responsibility for hacking in the face of a mounting pile of indictments from U.S. authorities.

Along with the alleged hackers, U.S. prosecutors also indicted two Malaysian businessmen, Wong Ong Hua, 46, and Ling Yang Ching, 32, who were charged with conspiring with two of the digital spies to profit from computer intrusions targeting video game companies in the United States, France, Japan, Singapore and South Korea.

The Justice Department said the pair operated through a Malaysian firm called SEA Gamer Mall. Messages left with the company were not immediately returned. Messages sent to email addresses allegedly maintained by the hackers also received no immediate response.

U.S. Assistant Attorney General for National Security John Demers said on Wednesday that the Malaysian defendants were in custody but were likely to fight extradition.

The Justice Department said it has obtained search warrants this month resulting in the seizure of hundreds of accounts, servers, domain names and “dead drop” Web pages used by the alleged hackers to help siphon data from their victims.

The Department said Microsoft Corp. had developed measures to block the hackers and that the company’s actions “were a significant part” of the overall U.S. effort to neutralize them. Microsoft did not immediately return a message seeking comment.

(Reporting by David Shepardson, Susan Heavey, Raphael Satter and Mark Hosenball in Washington; Editing by Chizu Nomiyama and Matthew Lewis)

U.S. cybersecurity experts see recent spike in Chinese digital espionage

By Christopher Bing and Raphael Satter

(Reuters) – A U.S. cybersecurity firm said Wednesday it has detected a surge in new cyberspying by a suspected Chinese group dating back to late January, when coronavirus was starting to spread outside China.

FireEye Inc. said in a report it had spotted a spike in activity from a hacking group it dubs “APT41” that began on Jan. 20 and targeted more than 75 of its customers, from manufacturers and media companies to healthcare organizations and nonprofits.

There were “multiple possible explanations” for the spike in activity, said FireEye Security Architect Christopher Glyer, pointing to long-simmering tensions between Washington and Beijing over trade and more recent clashes over the coronavirus outbreak, which has killed more than 17,000 people since late last year.

The report said it was “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”

FireEye declined to identify the affected customers. The Chinese Foreign Ministry did not directly address FireEye’s allegations but said in a statement that China was “a victim of cybercrime and cyberattack.” The U.S. Office of the Director of National Intelligence declined comment.

FireEye said in its report that APT41 abused recently disclosed flaws in software developed by Cisco, Citrix  and others to try to break into scores of companies’ networks in the United States, Canada, Britain, Mexico, Saudi Arabia, Singapore and more than a dozen other countries.

Cisco said in an email it had fixed the vulnerability and it was aware of attempts to exploit it, a sentiment echoed by Citrix, which said it had worked with FireEye to help identify “potential compromises.”

Others have also spotted a recent uptick in cyber-espionage activity linked to Beijing.

Matt Webster, a researcher with Secureworks – Dell Technologies’  cybersecurity arm – said in an email that his team had also seen evidence of increased activity from Chinese hacking groups “over the last few weeks.”

In particular, he said his team had recently spotted new digital infrastructure associated with APT41 – which Secureworks dubs “Bronze Atlas.”

Tying hacking campaigns to any specific country or entity is often fraught with uncertainty, but FireEye said it had assessed “with moderate confidence” that APT41 was composed of Chinese government contractors.

FireEye’s head of analysis, John Hultquist, said the surge was surprising because hacking activity attributed to China has generally become more focused.

“This broad action is a departure from that norm,” he said.

(Reporting by Raphael Satter and Christopher Bing; additional reporting by the Beijing newsroom; Editing by Richard Pullin and Paul Simao)

Vietnam unveils 10,000-strong cyber unit to combat ‘wrong views’

Men use computers at an internet cafe in Bim Son town, outside Hanoi, Vietnam May 15, 2017.

HANOI (Reuters) – Vietnam has unveiled a new, 10,000-strong military cyber warfare unit to counter “wrong” views on the Internet, media reported, amid a widening crackdown on critics of the one-party state.

The cyber unit, named Force 47, is already in operation in several sectors, Tuoi Tre newspaper quoted Lieutenant General Nguyen Trong Nghia, deputy head of the military’s political department, as saying at a conference of the Central Propaganda Department on Monday in the commercial hub of Ho Chi Minh City.

“In every hour, minute, and second we must be ready to fight proactively against the wrong views,” the paper quoted the general as saying.

Communist-ruled Vietnam has stepped up attempts to tame the internet, calling for closer watch over social networks and for the removal of content that it deems offensive, but there has been little sign of it silencing criticism when the companies providing the platforms are global.

Its neighbor China, in contrast, allows only local internet companies operating under strict rules.

The number of staff compares with the 6,000 reportedly employed by North Korea. However, the general’s comments suggest its force may be focused largely on domestic internet users whereas North Korea is internationally focused because the internet is not available to the public at large.

In August, Vietnam’s president said the country needed to pay greater attention to controlling “news sites and blogs with bad and dangerous content”.

Vietnam, one of the top 10 countries for Facebook users by numbers, has also drafted an internet security bill asking for local placement of Facebook and Google servers, but the bill has been the subject of heated debate at the National Assembly and is still pending assembly approval.

Cyber security firm FireEye Inc  said Vietnam had “built up considerable cyber espionage capabilities in a region with relatively weak defenses”.

“Vietnam is certainly not alone. FireEye has observed a proliferation in offensive capabilities … This proliferation has implications for many parties, including governments, journalists, activists and even multinational firms,” a spokesman at FireEye, who requested anonymity, told Reuters.

“Cyber espionage is increasingly attractive to nation states, in part because it can provide access to a significant amount of information with a modest investment, plausible deniability and limited risk,” he added.

Vietnam denies such charges.

Vietnam has in recent months stepped up measures to silence critics. A court last month jailed a blogger for seven years for “conducting propaganda against the state”.

In a separate, similar case last month, a court upheld a 10-year jail sentence for a prominent blogger.

(Reporting by Mi Nguyen in HANOI; Additional reporting by Amy Sawitta Lefevre in BANGKOK and Eric Auchard in FRANKFURT; Editing by Amy Sawitta Lefevre and Nick Macfie)

Vietnam unveils 10,000-strong cyber unit to combat ‘wrong views’

An internet user browses through the Vietnamese government's new Facebook page in Hanoi December 30, 2015.

HANOI (Reuters) – Vietnam has unveiled a new, 10,000-strong military cyber warfare unit to counter “wrong” views on the Internet, media reported, amid a widening crackdown on critics of the one-party state.

The cyber unit, named Force 47, is already in operation in several sectors, Tuoi Tre newspaper quoted Lieutenant General Nguyen Trong Nghia, deputy head of the military’s political department, as saying at a conference of the Central Propaganda Department on Monday in the commercial hub of Ho Chi Minh City.

“In every hour, minute, and second we must be ready to fight proactively against the wrong views,” the paper quoted the general as saying.

Communist-ruled Vietnam has stepped up attempts to tame the internet, calling for closer watch over social networks and for the removal of content that it deems offensive, but there has been little sign of it silencing criticism when the companies providing the platforms are global.

Its neighbor China, in contrast, allows only local internet companies operating under strict rules.

The number of staff compares with the 6,000 reportedly employed by North Korea. However, the general’s comments suggest its force may be focused largely on domestic internet users whereas North Korea is internationally focused because the internet is not available to the public at large.

In August, Vietnam’s president said the country needed to pay greater attention to controlling “news sites and blogs with bad and dangerous content”.

Vietnam, one of the top 10 countries for Facebook users by numbers, has also drafted an internet security bill asking for local placement of Facebook and Google servers, but the bill has been the subject of heated debate at the National Assembly and is still pending assembly approval.

Cyber security firm FireEye Inc said Vietnam had “built up considerable cyber espionage capabilities in a region with relatively weak defenses”.

“Vietnam is certainly not alone. FireEye has observed a proliferation in offensive capabilities … This proliferation has implications for many parties, including governments, journalists, activists and even multinational firms,” a spokesman at FireEye, who requested anonymity, told Reuters.

“Cyber espionage is increasingly attractive to nation states, in part because it can provide access to a significant amount of information with a modest investment, plausible deniability and limited risk,” he added.

Vietnam denies such charges.

Vietnam has in recent months stepped up measures to silence critics. A court last month jailed a blogger for seven years for “conducting propaganda against the state”.

In a separate, similar case last month, a court upheld a 10-year jail sentence for a prominent blogger.

(Reporting by Mi Nguyen in HANOI; Additional reporting by Amy Sawitta Lefevre in BANGKOK and Eric Auchard in FRANKFURT; Editing by Amy Sawitta Lefevre and Nick Macfie)