Thursday, December 27, 2018

Chinese hacking update

GAO Qiang (高/郜 强)

Many of the personal details for GAO were scrubbed shortly after IntrusionTruth’s post introducing him went live, including his Tencent QQ account. The blog connects him to the moniker fisherxp via an initial spear-phishing campaign from 2010 previously attributed to STONE PANDA.


ZHANG Shilong (张世龙)  ZHANG was originally introduced by IntrusionTruth as a reciprocal follower of fisherxp’s Twitter account via his own @baobeilong account. Baobeilong (宝贝龙/”Baby Dragon”) also maintained a GitHub account that had forked both the Quasar

 and Trochilus RATs, two open-source tools historically used by STONE PANDA, but the account has since been scrubbed. 





There are no markers on the building and no government listed address; however, it is apparently difficult for locals to determine where the Tianjin Bureau’s location is as well. There are several Baidu questions asking what transportation routes are best to get to that specific address. Three separate ones specifically mention the 85 Zhujiang Road address as the headquarters for the MSS’s Tianjin Bureau and the difficulty in finding its location9 10 11.         8-30-18    https://www.crowdstrike.com/blog/two-birds-one-stone-panda/
……………………………………................................................….
12-20-18    Both
Zhu Hua and
Zhang Shilong worked for Huaying Haitai Science and Technology Development Company and are alleged to have committed these crimes at the direction of Tianjin State Security Bureau, a department of China's Ministry of State Security.

  The victims included numerous managed service providers (MSPs), the U.S. Navy, NASA Goddard Space Center, and Jet Propulsion Laboratory, and the Department of Energy's Lawrence Berkeley National Laboratory….
  The indictment against two hackers came less than two months after the DoJ charged 10 Chinese hackers also linked to APT10, including two intelligence officers, for stealing aircraft engine technology from American and French aerospace firms. https://thehackernews.com/2018/12/chinese-hacker-wanted-by-fbi.html
…………………………………..….....................................................…
11-27-17   An internal report by the Pentagon's J-2 intelligence directorate identified Boyusec and Huawei as working together to produce security products used in Chinese-manufactured computer and telephone equipment that could allow Chinese intelligence to remotely steal data on the computers.    https://freebeacon.com/national-security/u-s-indicts-three-chinese-hackers-linked-security-firm/
………………………………………………………………........................................…
10-10-18      
Yanjun Xu, a deputy division director for the ministry’s Jiangsu state security department, is accused of targeting several aerospace companies, including GE Aviation, a subsidiary of General Electric Co, the justice department said in a statement….According to the indictment, Xu recruited a GE Aviation employee, who sent him a presentation in February that contained the company’s proprietary information.  Xu later followed up with the employee asking for specific technical information and then asked the employee to meet in Europe, where he wanted the worker to provide additional information from GE, according to court papers.
  GE Aviation is a top manufacturer of jet and turboprop engines and components for commercial, military, business and general aviation aircraft.  It has supplied engines for large Boeing Co and Airbus SE planes, and is working on a new generation of engines for commercial planes and heavy-lift military helicopters.  https://www.theguardian.com/world/2018/oct/10/chinese-official-charged-stealing-us-trade-secrets-yanjun-xu

No comments:

Post a Comment