Feds Crack Down on Pernicious Chinese Hacking Group that Targeted U.S. Gov’t, Dissidents

Hacker mugshots

The U.S. on Monday announced actions aimed at exposing a sweeping Chinese hacking campaign that has targeted U.S. government institutions, critical infrastructure, media and political dissidents for more than a decade.

Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), served as a front company for China’s Ministry of State Security (MSS), which deals with overseas policing and espionage, allowing Chinese hackers to hide a multitude of malicious cyber operations, the Treasury Department said after sanctioning the organization on Monday in a statement alongside other U.S. agencies and the United Kingdom. In an indictment unsealed separately, the Department of Justice accused Chinese nationals Zhao Guangzong, Ni Gaobin and five others for their role “in furtherance of [China’s] economic espionage and foreign intelligence objectives” over the past 14 years.

Read More

Beijing’s Military Hacked U.S. Nuclear Firm Before Hunter Biden Aided Chinese Bid to Acquire It

U.S. officials were acutely aware that Beijing was trying to obtain America’s premiere nuclear reactor technology, including through illicit hacking, months before Hunter Biden and his business partners sought to arrange a quiet sale of an iconic U.S. reactor company to a Chinese firm, according to court records and national security experts.

Read More

DOJ Announces ‘Disruption’ of Hacking Group That Targeted Fulton County, Georgia

Merrick Garland

The Department of Justice (DOJ) on Tuesday announced the “disruption” of a Russia-based hacking and ransomware group that targeted Fulton County last month as the result of a joint operation that involved both the Federal Bureau of Investigation (FBI) and “international law enforcement partners in London” to seize the group’s infrastructure.

In its press release, the DOJ announced “the disruption of the LockBit ransomware group, one of the most active ransomware groups in the world,” which came as the result of “seizing numerous public-facing websites used by LockBit to connect to the organization’s infrastructure and seizing control of servers used by LockBit administrators.”

Read More

‘We Can Not Back Down’: GiveSendGo Comes Back Online After Hackers Stole Donor Information

Crowdfunding service GiveSendGo came back online Tuesday after a Sunday hack forced the site to temporarily shut down.

“Sunday evening, February 13th, GiveSendGo was attacked by malicious actors attempting to eliminate the ability of its users to raise funds,” the company said in a statement posted to Twitter, acknowledging the hack publicly for the first time and announcing that the site was back online.

Read More

Federal Indictment Alleging Iranian Hack Further Erodes Narrative of Perfect 2020 Election

During the dizzying days after the November 2020 election, the Homeland Security cyber-security chief was fired by a frustrated President Donald Trump, then went on national TV to insist the election was fully secure.

“There was no indication or evidence that there was any sort of hacking or compromise of election systems on, before or after November 3,” ex-Cyber-Security and Infrastructure Agency Chief Chris Krebs declared on “60 Minutes.”

On Thursday, nearly a year later, federal prosecutors in New York unsealed a dramatic indictment that conflicts with that clean bill of health.

Read More

Hackers Allegedly Breach Nine Companies Involved in Defense, Energy, and Other Vital Sectors

Ryan Olson

A security firm claims that foreign hackers have infiltrated at least nine companies in several crucial sectors of the economy and government, including defense, energy, technology, and others, according to CNN.

Palo Alto Networks (PAN) shared the information on the breaches with CNN, showing that other affected sectors include education and healthcare. They say that the National Security Agency (NSA) is working with cybersecurity researchers to expose this and other ongoing efforts by foreign entities to hack American infrastructure. PAN’s report included information contributed by a division of the NSA which focuses exclusively on threats against American industrial defense bases by foreign hackers.

Examples of the breaches include the inconspicuous theft of passwords, with the goal of using these passwords to remain inside these networks for a prolonged period of time without anyone even being aware that there was a breach. This would allow hackers to freely receive sensitive data sent over basic communications such as email or information contained on internal storage drives.

Read More

Hackers Steal Customer Information in McDonald’s Cyberattack

McDonald's at sunset

Hackers obtained customer data from McDonald’s after breaching the company’s systems in the U.S., South Korea and Taiwan, according to The Wall Street Journal.

U.S. employees’ and franchisees’ contact information, seating capacity of U.S. locations and the dimensions of play areas at restaurants in the U.S were all exposed during the breach, McDonald’s said Friday, The Wall Street Journal reported. While McDonald’s said the hack didn’t cause disruptions at any of its locations, it vowed to launch an investigation into the breach and continue to invest in bolstering its cybersecurity protocol.

“McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the global fast food chain told U.S. employees in an internal message, according to the WSJ.

Read More

Hacker Accessed D.C. Donor Information from Virginia Hospital Center For Months

An unauthorized party accessed donor and fundraiser information for months from Virginia Hospital Center (VHC), who has served the Washington, D.C. area for 75 years. The company, Blackbaud, also reported many of its other clients’ donor and fundraising data jeopardized by the hackers.

VHC stored donors’ personal information. This included names, addresses, phone numbers, email addresses – even birth dates and the last four digits of credit card numbers. Hackers had access to these records for approximately three months, from February to May. However, the last traces of hacking didn’t cease until early June.

Read More