Chinese military unit 61398 behind "prolific hacks"

randal

randal

randal

Soldato
Joined
1 Oct 2006
Posts
14,610
Seriously interesting article on the BBC today about China's involvement in global hacking.

http://www.bbc.co.uk/news/world-asia-china-21502088

American security firm Mandiant have made a bold move in releasing a 76 page document that details actors, methods and targets as well as all details pertaining to pretty much every aspect they could dig up.

I'm only half way through the report, but well worth a read.

http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

It points some pretty accusatory fingers at China, and Mandiant themselves debated releasing the document for fear of reprisals. Be interesting to see how this plays out, and to see if China stay silent in the wake of what is the most damning evidence suggesting their complicity and guilt yet.
 
I expect it is a good read, but it's not like the Americans and the rest of us aren't doing the same thing...

The virus that was attacking the Iranian nuclear infrastructure anyone? ;)
 
Morba said:
They will just say "so what" but in a more diplomatic way tbh.
Click to expand...

Entirely possible, but I wonder what they will do now their locations and methods have been exposed.

That is to say, there's a detection method for a lot of their attack vectors out there in the public domain meaning the likelihood of them getting caught in the act is higher. Conversely if they stop, then the incidents of hacks originating from Chinese IP space will drop - an indicator of guilt.

Freakbro said:
I expect it is a good read, but it's not like the Americans and the rest of us aren't doing the same thing...

The virus that was attacking the Iranian nuclear infrastructure anyone? ;)
Click to expand...

Fair comment. Be interesting to see if there is a retaliatory report against the Americans. Start of a Hacking Cold War? :D
 
Last edited:
every country has people like that, is normal think, but i would love to have the special fiber optic in my house.

interesting report page 7/76 long way to go!! i will report back chef randal24
 
Last edited:
Morba said:
They will just say "so what" but in a more diplomatic way tbh.
Click to expand...

Yeah, like this:

China denied hacking and questioned the validity of Mandiant's report.

"Hacking attacks are transnational and anonymous," said foreign ministry spokesman Hong Lei.

"Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable.

"Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue."

Mr Hong added that Beijing "firmly opposes hacking", has taken steps to prevent it and is also a victim of cyber attacks.
Click to expand...

kd
 
Hardly a shocker tbh, glad to see someone has released such a report, about time we tackled China blatantly ripping off other people’s ideas and research.
 
That RSA stuff that got hacked and a lot of intel taken about hashes was down to the Chinese, word on the grapevine.

I also know of several other attacks that have not made it public (due to backlash) that were narrowed down to the Chinese too.

Sneaky little...
 
I had Chinese attack one of our clients sql server, i made a post a while back in the enterprise section about it.

A previous admin had nat'ted sql to the internet, for unknown reasons, he had also nat'ted ldap to the internet. To make it worse the third party accounts within AD had the password in the description field of the account. The description field is visible to standard ldap query, so potentially people could have just run some ldap query and gain access to the network.

But the way i found the sql problem there was 10000s of failed login attempts for the SA account on the sql event logs and the IPs doing the brute attack all from China. On my home pc i block all the top spammer countries using pfblocker in pfsense.

which includes:

korea, china, india, russia, turkey, vietnam, ukraine, brazil, venzeula, pakistan
 
Stretch said:
I'm sure that has them stumped.
Click to expand...

Razor wit. It's not impregnable, but it's better than nothing. :rolleyes:

mo9204 said:
please share with us the steps of blocking.
Click to expand...

Got a friend in IT security to walk me through it, but it basically involved getting an up-to-date list of IP tables for China (or any other region you want to bar access for) and setting your htaccess file to deny the IP addresses.

Not exactly the most sophisticated measures in the world, but as I said, hopefully just enough to make it hassle enough for any would be hijacker to move on to an easier target.
 
You must log in or register to reply here.
Back
Top Bottom