June 14, 2021

Chinese hackers reportedly breached White House systems used for nuclear commands

(LiveHacking.Com) – The Washington Free Beacon is reporting that hackers with connections to the Chinese government have breached one of the U.S. government’s computer systems used for nuclear commands. The hack, which is said to have taken place earlier this month, used servers in China to access the computer network used by the White House Military Office (WHMO).

The WHMO is the president’s military office which handles not only presidential communications and inter-government teleconferences, but also communications relating to strategic nuclear commands. The so-called “nuclear football” is the nuclear command and control suitcase used by the president which enables him to be in constant communication with the USA’s strategic nuclear forces.

According to an unidentified national security official the instant the attack was identified, the system was isolated, and there are no indications that any data was copied. It is thought that since the WHMO handles such important communications it is likely the work of Chinese military cyber warfare specialists under the direction of a unit called the 4th Department of General Staff of the People’s Liberation Army, or 4PLA.

“The White House network would be the crown jewel of that campaign so it is hardly surprising that they would try their hardest to compromise it,” said Former McAffee cyber threat researcher Dmitri Alperovitc who now works for Crowdstrike.

The revelation of the attack comes only days after Rear Admiral Samuel Cox, The U.S. Cyber Command’s top intelligence officer, accused China of persistent efforts to pierce Pentagon computer networks. He also said a proposal was moving forward to boost the cyber command in the U.S. military hierarchy.

The White House have so far given no comment on the cyber attack, or on whether President Obama was notified of the incident.

However, there are questions being raised over the validity of the claims made by The Washington Free Beacon. In the original report an Obama administration national security official is reported to have said “This was a spear phishing attack against an unclassified network.” This is interesting for two reasons:

  1. A spear phishing attack isn’t really a hack, but rather a targeted email which tries to solicit information from the recipient.
  2. The unclassified network mentioned means a normal non-secret network rather than a classified or “high side” encrypted network.



Chinese malware used to steal secrets from Indian Navy

(LiveHacking.Com) – Hackers, most likely from China, have infected naval systems in India and stolen classified data. According to a report in the Indian Express, the hackers breached systems at the headquarters of the Eastern Naval Command in Visakhapatnam. One possible motivation for the attack is that the Eastern Naval Command plans operations in the South China Sea including the current sea trials for India’s first nuclear submarine, the INS Arihant.

The naval computer systems were infected with malware that collected and transmitted confidential files and documents to Chinese IP addresses. However, since the Navy computers are standalone and don’t have Internet access, it is believed that the malware was transporting files via USB pen drives.  To do this the malware created a hidden folder and collected specific files and documents based on keyword searches. The documents remained hidden on the USB flash drive until it was connected to a computer with Internet access. Then the files were sent to IP addresses in China.

According to the Indian Navy,  “an inquiry has been convened and findings of the report are awaited. It needs to be mentioned that there is a constant threat in the cyber domain from inimical hackers worldwide.”

The alleged Chinese cyber attack was discovered six months ago, but only now are details coming to light. The Indian Navy called in other Indian cyber forensic agencies in an attempt to find the hackers. China has been frequently accused of launching cyber attacks on other nation states including the USA.

Did the Chinese Attack American Satellites?

(LiveHacking.Com) – Bloomberg Businessweek are reporting that the annual report by the US-China Economic and Security Review Commission, which is due to be published next month, will show that the control systems of two US satellites, Terra AM-1 & Landsat 7, both of which are used for Earth climate and terrain observations and mapping, where “interfered with” (in other words attacked) by the Chinese military.

The attacks, which happened in 2007 and 2008, where launched from a ground station in Norway. Unfortunately the report doesn’t expand on the nature of the hackers’ interference with the satellites.

“Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions,” according to the draft. “Access to a satellite‘s controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission.”

Although the report doesn’t explicitly point the finger at the Chinese government, the commission’s 2009 report said that “individuals participating in ongoing penetrations of U.S. networks have Chinese language skills and have well established ties with the Chinese underground hacker community,” although it acknowledges that “these relationships do not prove any government affiliation.”

Chinese Hackers Target Government Officials and Activists in Gmail Phishing Scam

Google has uncovered a phishing campaign, originating in Jinan – China, targeting senior U.S. government officials, Chinese political activists, officials in several Asian countries (mainly from South Korea), military personnel and journalists.

It appears that the aim of the campaign was too steal passwords and then change the settings for the automatic forwarding of emails and grant others access to the accounts. With access granted or emails automatically forwarded the perpetrators are able to monitor the accounts, presumably for political gain.

Google has now disrupted the campaign and have notified victims while securing their accounts. In addition, Google has notified the relevant government authorities.

The phishing campaign first came to light when Mila Parkour, a network security specialist, blogged about targeted attacks against personal accounts of military, government employees and their associates. According to her blog “victims get a message from an address of a close associate or a collaborating organization/agency, which is spoofed. The message is crafted to appear like it has an attachment with links like View Download and a name of the supposed attachment. The link leads to a fake Gmail login page for harvesting credentials.”

Geinimi: New Android Data Stealing Trojan

Geinimi, a new Android data stealing Trojan affecting Android cell phones in China.

According to Lookout blog reports, this Trojan can compromise a significant amount of personal data on a user’s phne and send it to remote servers. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.

“Geinimi is effectively being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets. The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.”, stated in the report.

In addition to the personal data such as address book, the Trojan can also read out the cell phone’s position data, device ID (IMEI), SIM card number (IMSI), and a list of the installed apps.

More information is available here.