Home Security Chinese spying taking place from elite university: claim

Chinese state-sponsored attackers appear to be carrying out network reconnaissance of several organisations in Alaska, Nairobi, Kenya and Germany, using the assets of an elite university, the security firm Recorded Future claims.

In a research brief published on Thursday, the company, which has close links with In-Q-Tel, the CIA’s investment arm, and Google Ventures, said these findings came in the wake of its finding Chinese campaigns targeting the Tibetan community and being carried out from Tsinghua University, an elite Chinese institution.

The Tibetans were being targeted via a Web server that was running on a CentOS system – a clone of Red Hat Enterprise Linux. It had what was described as "a novel Linux backdoor called 'ext4'".

Recorded Future's Sanil Chohan, Winona DeSombre and Justin Grosfelt said among the targets were the Alaskan State Government, its Department of Natural Resources, the UN office in Nairobi and the Kenya Ports Authority.

Apart from these, targeted scanning was noticed to be aimed at the office of Germany's Daimler AG, a day after it reduced its profit outlook for the year due to the growing US-China trade tensions.

"In several cases, these activities occurred during periods of Chinese dialogue for economic co-operation with these countries or organisations," the trio wrote.

"We assess with medium confidence that the network reconnaissance activities we uncovered were conducted by Chinese state-sponsored actors in support of China’s economic development goals."

The three researchers found the following:

  • Tsinghua IP 166.111.8[.]246 engaged in network reconnaissance targeting organisations in Alaska, Kenya, Brazil, and Mongolia during times of economic dialogue or publicity around China’s investment in foreign infrastructure projects concerning China’s flagship Belt and Road Initiative.
  • The network reconnaissance activity against Alaskan organisations increased following a trade delegation trip led by the Alaska governor to China in late May. Organisations targeted by the reconnaissance activity were in industries at the heart of the trade discussions, such as oil and gas.
  • The targeting of Daimler AG was observed a day after it announced a profit warning in light of the growing US-China trade tensions.
  • The Tsinghua IP made at least one attempt to subscribe to a US-based hotel’s high-speed Internet portal. It was assessed with low confidence that this may demonstrate an intent to breach Nomadix Internet gateways within the hospitality sector running vulnerable WindWeb servers.
  • The Tsinghua IP repeatedly attempted to connect with a Tibetan network that was compromised with a highly sophisticated backdoor, “ext4.”
  • “ext4” only allowed incoming TCP 443 connections to the compromised network during a 180-second window every hour, with packets requiring a unique combination of TCP header options to successfully connect. In over 20 observed attempts, the Tsinghua IP did not transmit the correct TCP options to activate the backdoor. This suggested:
  • The threat actors connecting from the Tsinghua IP were ill-informed of the correct “ext4” backdoor connection sequence and were making mistakes.
  • The targeting of the Tibetan network is not associated with the presence of the “ext4” backdoor and the network was being probed in line with wider geopolitical and economic network reconnaissance activity being conducted by the Tsinghua IP.

The detailed research report is here.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect