Tag: China

  • UK National Cyber Security Centre Reports Surge in Significant Cyber Incidents

    UK National Cyber Security Centre Reports Surge in Significant Cyber Incidents

    The UK National Cyber Security Centre (NCSC) has reported a dramatic increase in the number of “nationally significant” cyber incidents, with over 200 such incidents managed from September 2024 to May 2025. This figure represents twice the number of incidents compared to the same timeframe last year, according to NCSC CEO Richard Horne during his keynote address at the CYBERUK conference in Manchester.

    The NCSC categorizes nationally significant cyber events as those with a substantial impact on the UK, affecting medium-sized organizations or posing considerable risks to larger entities and government operations. The rise in incidents aligns with confirmed ransomware attacks impacting major UK retailers like Marks & Spencer, Harrods, and Co-op, which have faced operational disruptions due to these threats.

    During the conference, Chancellor of the Duchy of Lancaster, Pat McFadden, highlighted alarming statistics from the NCSC’s 2024 Annual Review, revealing nearly 2,000 reports of cyber-attacks last year, with 89 classified as nationally significant, including 12 critical incidents. This marked a threefold increase in severe attacks compared to 2023, escalating concerns about the continuing threats posed by malicious cyber activities.

    In addition, Horne underscored that hostile nation-states operate within a “grey zone” that exists between peace and war, using cyber-attacks to achieve disruptive objectives while maintaining plausible deniability. He identified China as the primary threat to the UK cyber landscape, with the Chinese Communist Party leveraging vast capabilities. The NCSC has also noted increased cyber espionage activities from Russia, particularly as geopolitical tensions rise concerning Ukraine, demonstrating a worrying convergence of cyber and physical attacks against UK interests.

    As ransomware continues to be a persistent risk, Horne supports the Home Office’s proposed ban on ransom payments in the public sector, asserting the need for a future where paying ransoms is not an option. He described the threat of ransomware as possibly the most pressing challenge the UK faces in cybersecurity today.

  • China Emerges as Major Cyber Threat to US, Experts Warn

    China Emerges as Major Cyber Threat to US, Experts Warn

    In a striking revelation at the RSA Conference in San Francisco, retired Rear Admiral Mark Montgomery highlighted a significant shift in the cyber threat landscape, indicating that China has surpassed Russia as the primary adversary in cyber warfare against the United States. This transformation has been exemplified by the Volt Typhoon attacks that targeted US critical infrastructure last year.

    Montgomery detailed how these attacks were not only highly effective but also acknowledged by Chinese officials in a December 2024 meeting with the Biden administration, where they admitted their role in the hacks. His comments underscore a troubling trend: while the US has focused on defensive strategies, other nations, especially China, have made significant advancements in their cyber capabilities.

    Montgomery emphasized the evolving nature of China’s cyber strategy, stating that the Chinese Communist Party has become exceptionally skilled in cyber operations. “What was once seen as intellectual property theft and espionage has now escalated into a formidable cyber threat,” he stated, describing the Volt Typhoon as a sophisticated operation aimed directly at undermining American infrastructure.

    He also raised concerns regarding the inadequacy of US infrastructure protections, noting that while military bases are well-defended, the commercial systems that constitute much of America’s critical infrastructure are vulnerable. Montgomery drew attention to a troubling statistic about the ownership of these networks, stating that while previous claims suggested 85% were privately owned, the more accurate figure lies between 82% and 86%.

    As Montgomery laid out his recommendations, he called for a substantial increase in the recruitment of offensive cyber operators within the US military. He proposed leveraging untapped talent in the National Guard and suggested extending the requirements of the 2002 Sarbanes-Oxley Act to enhance cybersecurity measures for American companies.

    Looking ahead, Montgomery cautioned that the combination of a cyber crisis and geopolitical tensions, such as potential conflicts over Taiwan, could have disastrous effects. By compromising public confidence in government and critical infrastructure, adversaries like China may seek to exploit vulnerabilities during times of crisis.

    In addition to China, he briefly mentioned the threats posed by Russia and North Korea, labeling the latter as a “cyber gang masquerading as a nation state.” Montgomery’s insights present a stark warning: without immediate action to bolster defenses and improve cybersecurity, the US may be ill-equipped to face the rising tide of cyber threats.

  • China’s Mustang Panda Expands Malware Arsenal Amid Surveillance Efforts

    China’s Mustang Panda Expands Malware Arsenal Amid Surveillance Efforts

    In a significant enhancement of its cyber capabilities, the Chinese state-sponsored hacking group known as Mustang Panda has reportedly developed or upgraded various malware tools. This move signals a strategic refresh of their arsenal, alerting cybersecurity defenders of potential threats. Mustang Panda, also referred to as Bronze President or TA416, has a history of conducting espionage against military and governmental organizations, NGOs, and corporations across East and Southeast Asia and beyond.

    Recently, the group targeted an organization in Myanmar, prompting researchers from Zscaler to discover four previously unknown attack tools that the group has incorporated into its operations. This includes new keyloggers and other utilities designed to enhance their malicious activities. Notably, the group’s infamous backdoor tool, ToneShell, has also been upgraded to improve its functionality.

    Mustang Panda’s innovative approach to malware delivery continues to evolve. While they have historically employed unique tactics and techniques, their latest operations reflect a common Chinese method of sideloading Dynamic Link Libraries (DLLs). However, the group has gone a step further by developing a new suite of proprietary malware tools, which includes keyloggers PAKLOG and CorKLOG. These tools are aimed at capturing sensitive data without automated command-and-control capabilities, potentially enabling attackers to manually exfiltrate information.

    To facilitate lateral network movement post-compromise, Mustang Panda has introduced new tools such as StarProxy, which allows a compromised system to infect multiple other machines within a network. Additionally, the group employs a driver known as SplatCloak to disable security software like Windows Defender and Kaspersky, which may prevent detection of their malicious activities. These developments indicate a calculated effort by Mustang Panda to enhance their operational security and extend their attack efficacy.

  • China and Russia Enhance Cybersecurity Cooperation Amidst Global Tensions

    China and Russia Enhance Cybersecurity Cooperation Amidst Global Tensions

    Chinese Ambassador to Russia Zhang Hanhui has officially announced Beijing’s intention to strengthen strategic cooperation with Moscow in cybersecurity. This announcement represents a significant expansion of the partnership between the two nations as they seek to counter what they describe as Western digital hegemony while simultaneously developing a shared framework for cyber governance.

    Ambassador Zhang emphasized China’s commitment to establishing a “multilateral, democratic, and transparent global internet governance system.” In a recent article published by Sputnik News, he stated that, “While continuously enhancing its own governance of cyberspace, China will actively work to deepen cooperation in cybersecurity with countries around the world, including Russia.” The strengthened ties focus on addressing shared challenges in cybersecurity, reflecting the robust strategic relationship that has developed between the two countries over recent years.

    The cybersecurity cooperation builds on earlier commitments to collaborate in artificial intelligence technologies, an area both nations have shown keen interest in. Plans to incorporate elements from China’s 2017 International Strategy of Cooperation on Cyberspace are underway, which includes critical information infrastructure protection and cyber threat mitigation strategies. Specific technical aspects of this cooperation are expected to comprise joint protocols for Advanced Persistent Threat (APT) detection, cross-border cyber threat intelligence sharing, and coordinated incident response mechanisms.

    Moreover, the partnership highlights China’s strategy to assist developing countries with cybersecurity capacity building, including technology transfer and critical information infrastructure protection. This aligns with Russia’s interest in bolstering its digital capabilities amidst ongoing Western sanctions. Ambassador Zhang also pointed out that cybersecurity issues should not become a battleground for great power competition, but a space for cooperation. This perspective marks a united front between the two nations on global cybersecurity challenges, underscoring their commitment to maintaining international order in cyberspace.

  • China Acknowledges Cyberattacks on U.S. Infrastructure Amid Growing Tensions

    China Acknowledges Cyberattacks on U.S. Infrastructure Amid Growing Tensions

    Chinese officials have admitted to directing cyberattacks on U.S. infrastructure during a December meeting with representatives from the Biden administration in Geneva, Switzerland, as reported by The Wall Street Journal. This revelation highlights ongoing tensions between the two nations, particularly related to U.S. support for Taiwan. China, which regards Taiwan as a renegade province, has increasingly utilized cyber operations as a form of statecraft.

    According to a former U.S. official familiar with the meeting, the Chinese officials’ remarks were described as “indirect and somewhat ambiguous,” yet they carried an implicit acknowledgment of responsibility alongside a warning to the U.S. concerning Taiwan. This development comes amid broader concerns about China-backed gangs infiltrating U.S. telecommunications and potentially compromising critical infrastructures.

    In a related context, there has been increasing alarm within the U.S. about the capabilities of suspected Chinese cyber groups. Reports suggest these groups have developed botnets capable of disabling essential services and have jeopardized personal privacy by penetrating major telecom carriers, as indicated in numerous investigative reports.

    In other regional tech news, Alibaba Cloud announced expansions outside China, utilizing its Singapore datacenter to roll out advanced AI models and services tailored to the growing market for machine learning and data processing. Concurrently, India launched a $2.7 billion subsidy scheme aimed at boosting local production of critical electronic components, further developing the country’s growing electronics manufacturing sector, which now comprises a significant portion of global Apple iPhone production, as reported by Bloomberg.

    The Philippines’ National Telecommunications Commission recently shuttered Now Telecom, citing its failure to establish a network despite having been allocated spectrum. The carrier was struggling financially and lagged behind its main competitor, reinforcing the competitive pressures within the telecommunications sector.