Latest news with #Chinese-linked
Time of India
11 hours ago
- Politics
- Time of India
China-Russia trust erodes as Beijing's hackers go rogue, launch cyberattacks to steal Ukraine war secrets
China hackers target Russia despite alliance, seeking war secrets and battlefield data- China hackers targeting Russia have raised serious concerns as multiple cyberattacks linked to Chinese state-sponsored groups have reportedly breached Russian military and defense systems since the Ukraine war began. Despite public declarations of friendship between Moscow and Beijing, cyber analysts say the Chinese government has been actively spying on Russian technologies, including nuclear submarines, drone systems, and battlefield tactics. The breach highlights a growing undercurrent of distrust and strategic intelligence gathering even among so-called allies. Cyber groups tied to Beijing—like APT27 and APT31—are believed to be behind these stealthy operations, using phishing emails and malware to infiltrate sensitive Russian networks. Why are China hackers targeting Russia amid growing friendship? Despite a publicly strong relationship between China and Russia, cybersecurity experts say China hackers have been quietly breaching Russian systems since May 2022 — just months after Russia launched its full-scale invasion of Ukraine. These hacking attempts have continued steadily, with Chinese-linked groups digging into Russia's defense and military data. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Air conditioners without external unit. (click to see prices) Air Condition | Search Ads Search Now Undo According to cybersecurity researchers from TeamT5, one group named Sanyo impersonated a Russian engineering firm's email to seek data on nuclear submarines. The intention behind these cyber intrusions appears to be collecting information about Russia's battlefield operations, modern warfare tactics, and Western weapon technologies seen in Ukraine. Che Chang, a TeamT5 researcher, stated, 'China likely seeks to gather intelligence on Russia's military operations, defense progress, and geopolitical strategies.' This information could help China boost its own military readiness for future conflicts — particularly in regions like Taiwan, which remains a hotbed of geopolitical tension. Live Events What exactly did China's hackers target in Russia? According to cybersecurity researchers at SentinelLabs and Recorded Future, Chinese Advanced Persistent Threat (APT) groups , including APT27 (Emissary Panda) and APT31 (Zirconium) , have been aggressively targeting: Russian military contractors Government departments involved in defense R&D Email servers and document archives linked to Ukraine war planning The hackers reportedly used spear-phishing campaigns , spoofing Russian Ministry of Health notices to plant malware into classified internal systems. One malware strain, called PlugX , known for remote access and data exfiltration, was flagged in these Russian environments—previously used by China in espionage campaigns across Southeast Asia and the Middle East. What kind of information are Chinese hackers after in Russia? The China hackers targeting Russia campaign has been aimed at extracting sensitive military intelligence, especially battlefield-tested insights. Russian defense firms, including Rostec , were among the major targets. Cyber experts from Palo Alto Networks revealed that Chinese hacking groups have sought data on radar systems, satellite communications, drone warfare, and electronic warfare technology. Another method used by these hackers involved Microsoft Word-based malware files, which exploited software vulnerabilities to breach aviation and defense sectors. One particularly dangerous tool spotted in these attacks was Deed RAT , malware considered 'proprietary' among Chinese state-sponsored groups. According to Russian cybersecurity firm Positive Technologies, this malware has been used to attack Russian aerospace, security, and military sectors. Though Russian authorities have not officially acknowledged these attacks, a leaked classified document from Russia's FSB — the domestic security agency — described China as an 'enemy,' confirming internal concerns about Chinese espionage. While China and Russia continue to cooperate publicly, including military drills and joint diplomatic efforts, cyber experts say Beijing has long pursued a "friend-but-watcher" strategy . This means China often spies on both allies and adversaries to: Gauge battlefield conditions in Ukraine Evaluate Russia's military capabilities and vulnerabilities Shape its own geopolitical strategies, including Taiwan preparations According to Recorded Future, China increased cyber-espionage targeting Russia by 87% since early 2023 , focusing particularly on regions near Ukraine and Crimea . Who are the major Chinese hacking groups involved? Several well-known Chinese hacking groups have been identified by cybersecurity teams as being behind these operations. Mustang Panda , one of China's most active state-backed cyber espionage groups, expanded its activities after the war in Ukraine began. TeamT5 and Sophos researchers found that Mustang Panda targeted Russian government agencies and military officials — particularly near the China-Russia Siberian border. According to Rafe Pilling from Sophos, the group's operations often follow China's political or economic interests. 'Wherever China invests — whether West Africa, Southeast Asia, or Russia — Mustang Panda follows with targeted hacking,' said Pilling. He and U.S. intelligence sources believe Mustang Panda operates under the Chinese Ministry of State Security. The group even drew attention from American law enforcement. In January, the U.S. Justice Department indicted individuals tied to Mustang Panda for infecting thousands of systems worldwide, including government networks and devices used by Chinese dissidents. Another Chinese hacking group, Slime19 , has been consistently attacking Russia's energy, government, and defense infrastructure, according to TeamT5's Chang. Has China broken its cybersecurity pact with Russia? In 2009 and 2015, China and Russia publicly agreed not to hack each other's systems. However, analysts have long viewed those agreements as symbolic, lacking enforcement or trust. The evidence emerging since Russia's invasion of Ukraine proves that those deals hold little practical weight. The FSB document accessed by The New York Times shows that Russian intelligence views China's digital espionage as a serious threat. China, while outwardly cooperative with Russia in forums and bilateral trade, appears unwilling to rely on Moscow for open sharing of battlefield learnings. Instead, cyber intrusions have become the preferred route for collecting war data. 'The war in Ukraine shifted the priorities of both countries,' said Itay Cohen from Palo Alto Networks. 'Even though the public narrative was one of close ties, in reality, espionage increased.' How is Russia reacting to these cyber intrusions? Thus far, the Kremlin has not officially condemned China, possibly to avoid diplomatic fallout. However, anonymous Russian cybersecurity sources have told investigative outlet iStories that internal firewalls have been tightened and communications protocols are under review. The Federal Security Service (FSB) reportedly issued an internal memo warning of 'unusual East Asian-origin threats' in mid-2024. Still, no public attribution has been made. This silence may signal Russia's reluctance to publicly challenge China at a time when it faces intense pressure from NATO and the West. What does this mean for future China-Russia relations? While China remains one of Russia's most crucial trade partners — especially with the West largely isolating Moscow — the depth of China hackers targeting Russia reveals a fragile foundation beneath this alliance. The relationship, often described by Presidents Xi and Putin as a 'no-limits' partnership, is evidently full of limits when it comes to trust. China's hunger for military intelligence, especially regarding real-time warfare experience, is pushing it to take bold steps. For China, Russia's war offers a rare, real-world military case study that it can't afford to ignore — especially with tensions rising in the Taiwan Strait. Cyber intrusions are likely to continue, if not grow. As Russian officials stay silent and Chinese hackers grow more sophisticated, the digital battlefield between these two "allies" is already active — and evolving quickly. FAQs: Q1: Why are China hackers targeting Russia during the Ukraine war? To secretly collect Russian military intelligence and battlefield data. Q2: Who is Mustang Panda in the China hacking campaign? Mustang Panda is a top Chinese state-backed hacking group targeting Russia.
Time of India
3 days ago
- Business
- Time of India
Viasat identified as victim in Chinese Salt Typhoon cyberespionage: Report
Viasat Inc has been identified as a victim of the Chinese-linked Salt Typhoon cyberespionage operation during last year's presidential campaign, Bloomberg News reported on Tuesday. The breach at the satellite communications firm was discovered earlier this year and Viasat has been working with the government in the aftermath, the report said, citing people familiar with the matter. Viasat and its independent third-party cybersecurity partner investigated unauthorized access through a compromised device but found no evidence of customer impact, the company said in a statement. "Viasat believes that the incident has been remediated and has not detected any recent activity related to this event," the company said, adding that it was engaged with the government as part of its investigation. U.S. officials have previously alleged that hackers targeted telecom companies such as Verizon, AT&T, Lumen , and others, stealing telephone audio intercepts along with a significant amount of call record data. In December, the officials added a ninth unnamed telecom company to the list of entities compromised by the Salt Typhoon hackers and said that the Chinese operatives gained access to networks with broad and full access, enabling them to "geolocate millions of individuals, to record phone calls at will". Targets of Salt Typhoon reportedly included officials connected to the presidential campaigns of both Democrat Kamala Harris and Republican Donald Trump. Chinese officials have previously dismissed the allegations as disinformation, asserting that Beijing "firmly opposes and combats cyber attacks and cyber theft in all forms".
Straits Times
3 days ago
- Business
- Straits Times
Viasat identified as victim in Chinese Salt Typhoon cyberespionage, Bloomberg News reports
FILE PHOTO: Satellite model is placed on Viasat logo in this picture illustration taken April 4, 2022. REUTERS/Dado Ruvic/Illustration/File Photo Viasat Inc has been identified as a victim of the Chinese-linked Salt Typhoon cyberespionage operation during last year's presidential campaign, Bloomberg News reported on Tuesday. The breach at the satellite communications firm was discovered earlier this year and Viasat has been working with the government in the aftermath, the report said, citing people familiar with the matter. Viasat and its independent third-party cybersecurity partner investigated unauthorized access through a compromised device but found no evidence of customer impact, the company said in a statement. "Viasat believes that the incident has been remediated and has not detected any recent activity related to this event," the company said, adding that it was engaged with the government as part of its investigation. U.S. officials have previously alleged that hackers targeted telecom companies such as Verizon, AT&T, Lumen, and others, stealing telephone audio intercepts along with a significant amount of call record data. In December, the officials added a ninth unnamed telecom company to the list of entities compromised by the Salt Typhoon hackers and said that the Chinese operatives gained access to networks with broad and full access, enabling them to "geolocate millions of individuals, to record phone calls at will". Targets of Salt Typhoon reportedly included officials connected to the presidential campaigns of both Democrat Kamala Harris and Republican Donald Trump. Chinese officials have previously dismissed the allegations as disinformation, asserting that Beijing "firmly opposes and combats cyber attacks and cyber theft in all forms". REUTERS Join ST's Telegram channel and get the latest breaking news delivered to you.
Economic Times
13-06-2025
- Economic Times
Your VPN might be spying for China: Watchdog flags 17 apps with hidden ties on Apple and Google stores
A new report by the Technology Transparency Project warns that 17 VPN apps, available on major app stores, may be secretly linked to Qihoo 360, a Chinese cybersecurity firm under U.S. sanctions. Experts fear user data could be accessed by Chinese authorities under China's broad surveillance laws. Tired of too many ads? Remove Ads How are these VPNs tied to China? Why is Qihoo 360 a concern? Tired of too many ads? Remove Ads Which VPN apps were flagged earlier? What are Apple and Google doing about it? Tired of too many ads? Remove Ads FAQs Think your VPN is keeping you anonymous? Think again. A major watchdog report just revealed that 17 popular VPN apps available on Apple and Google stores might be quietly handing over your data with links pointing straight to to a report released on Thursday by the Technology Transparency Project, the firm involved may have discreet links to China, where the government can monitor all user report claims that 17 apps, six from Apple's App Store, four from Google Play Store, and seven from both, have hidden connections to China, as quoted in a report by NBC News.A new report by the Technology Transparency Project warns that 17 VPN apps, available on major app stores, may be secretly linked to Qihoo 360 , a Chinese cybersecurity firm under U.S. 360 is a firm sanctioned by the U.S. Commerce Department in 2020 for potential links to the Chinese military. While the apps don't explicitly name Qihoo, corporate filings and company records suggest they are operated by shell companies acquired by Qihoo in 2019, as per a are mainly utilized to safeguard a user's privacy by complicating a website's ability to identify its visitors, or to bypass censorship restrictions. However, if a VPN provider does not implement substantial measures to automatically and permanently erase its users' search histories, it is probable that the company will retain logs of its clients' online is especially significant if the company is Chinese, since national legislation requires that intelligence and law enforcement agencies can access any personal data stored there without a Katie Paul explained that VPNs carry unique risks since they reroute all of a user's internet activity through their servers. If those servers are controlled or accessed by Chinese-linked firms, it means user data, including sensitive work information and browsing habits, could end up in Beijing's Sherman, a senior fellow at the Atlantic Council focusing on data privacy, informed that utilizing a VPN owned by China would be equivalent to surrendering one's browsing history to Beijing, as per a report by NBC News. Experts fear user data could be accessed by Chinese authorities under China's broad surveillance TTP, a technology-oriented branch of the Campaign for Accountability, an investigative nonprofit aimed at uncovering "corruption, negligence, and unethical conduct," released a report on Chinese VPN applications on April 1. TTP reports that several of the VPNs are indirectly tied to Qihoo applications are all virtual private networks, or VPNs, enabling a user to route their internet traffic through a company's internet service. Names such as VPNify, Ostrich VPN, and Now VPN do not explicitly indicate any connections to China or Chinese ownership in the app Qihoo 360 isn't listed as the direct developer, many apps are operated by entities like Lemon Seed, Autumn Breeze, and Innovative Connecting all tied to Qihoo via Chinese and Cayman Islands quickly removed three apps purportedly connected to Qihoo 360: Thunder VPN, Snap VPN, and Signal Secure VPN. Turbo VPN and VPN Proxy Master, both accessible on the Google Play Store, along with three additional options provided by Google, remain availableThe findings raise important questions about who really controls these "free" VPN services and what happens to your data when you trust the wrong if it logs your data and shares it with third parties especially if it's tied to governments with wide surveillance all, but many free VPNs have vague ownership and poor privacy policies. Always research the company behind the app.
Time of India
12-06-2025
- Business
- Time of India
VPN apps spying for China: Your VPN might be spying for China: Watchdog flags 17 apps with hidden ties on Apple and Google stores
How are these VPNs tied to China? Why is Qihoo 360 a concern? ADVERTISEMENT Which VPN apps were flagged earlier? ADVERTISEMENT ADVERTISEMENT What are Apple and Google doing about it? FAQs Think your VPN is keeping you anonymous? Think again. A major watchdog report just revealed that 17 popular VPN apps available on Apple and Google stores might be quietly handing over your data with links pointing straight to to a report released on Thursday by the Technology Transparency Project, the firm involved may have discreet links to China, where the government can monitor all user report claims that 17 apps, six from Apple's App Store, four from Google Play Store, and seven from both, have hidden connections to China, as quoted in a report by NBC News.A new report by the Technology Transparency Project warns that 17 VPN apps, available on major app stores, may be secretly linked to Qihoo 360 , a Chinese cybersecurity firm under U.S. 360 is a firm sanctioned by the U.S. Commerce Department in 2020 for potential links to the Chinese military. While the apps don't explicitly name Qihoo, corporate filings and company records suggest they are operated by shell companies acquired by Qihoo in 2019, as per a are mainly utilized to safeguard a user's privacy by complicating a website's ability to identify its visitors, or to bypass censorship restrictions. However, if a VPN provider does not implement substantial measures to automatically and permanently erase its users' search histories, it is probable that the company will retain logs of its clients' online is especially significant if the company is Chinese, since national legislation requires that intelligence and law enforcement agencies can access any personal data stored there without a Katie Paul explained that VPNs carry unique risks since they reroute all of a user's internet activity through their servers. If those servers are controlled or accessed by Chinese-linked firms, it means user data, including sensitive work information and browsing habits, could end up in Beijing's Sherman, a senior fellow at the Atlantic Council focusing on data privacy, informed that utilizing a VPN owned by China would be equivalent to surrendering one's browsing history to Beijing, as per a report by NBC News. Experts fear user data could be accessed by Chinese authorities under China's broad surveillance TTP, a technology-oriented branch of the Campaign for Accountability, an investigative nonprofit aimed at uncovering "corruption, negligence, and unethical conduct," released a report on Chinese VPN applications on April 1. TTP reports that several of the VPNs are indirectly tied to Qihoo applications are all virtual private networks, or VPNs, enabling a user to route their internet traffic through a company's internet service. Names such as VPNify, Ostrich VPN, and Now VPN do not explicitly indicate any connections to China or Chinese ownership in the app Qihoo 360 isn't listed as the direct developer, many apps are operated by entities like Lemon Seed, Autumn Breeze, and Innovative Connecting all tied to Qihoo via Chinese and Cayman Islands quickly removed three apps purportedly connected to Qihoo 360: Thunder VPN, Snap VPN, and Signal Secure VPN. Turbo VPN and VPN Proxy Master, both accessible on the Google Play Store, along with three additional options provided by Google, remain availableThe findings raise important questions about who really controls these "free" VPN services and what happens to your data when you trust the wrong if it logs your data and shares it with third parties especially if it's tied to governments with wide surveillance all, but many free VPNs have vague ownership and poor privacy policies. Always research the company behind the app.
