Archive for China

« Older Entries

Nation-state hackers aren’t breaking through the front door— they’re walking in through third-party relationships

Posted in Commentary with tags on June 15, 2026 by itnerd

Chinese state-sponsored actors are actively targeting medical, military, and AI research institutions across North America—and the campaigns are persisting precisely because most organizations in these sectors still run annual point-in-time assessments on their third-party relationships. By the time the review runs, the intrusion is months old. An example of this is this National Defence report which is close to 2 months old.

Justin Beals, CEO & Co-Founder, Strike Graph had this to say:

“Nation-state actors aren’t breaking through the front door—they’re finding the unlocked windows in research partnerships, vendor integrations, and shared infrastructure. What makes these campaigns so persistent is that most organizations in medical and AI research are still running point-in-time assessments on their third-party relationships. By the time the annual review runs, the intrusion is already months old. Continuous, evidence-based monitoring isn’t a nice-to-have in sectors handling sensitive research—it’s the only posture that gives you a real shot at catching this activity before the damage is done.”

Ensar CISO at SOCRadar, provided the following comment:

“This campaign reflects a growing trend where nation-state actors target research institutions because they often hold the same strategic information as defense contractors but typically operate with fewer security controls. Universities, medical research centers, and AI labs have become high-value intelligence targets due to their work on emerging technologies, defense-related research, and scientific innovation.

The most concerning aspect is the duration of the intrusion. Remaining undetected for more than a year suggests the attackers prioritized stealth, persistence, and intelligence gathering over disruption. That level of patience is characteristic of advanced state-sponsored espionage operations.

The targeted sectors align closely with China’s strategic priorities, including artificial intelligence, autonomous systems, military modernization, cyber capabilities, and advanced medical research. Access to this information can accelerate domestic research programs, support military planning, and provide insight into future technological developments without the cost and time associated with independent research. From an intelligence perspective, academic institutions often serve as gateways into broader research ecosystems that include government agencies, defense organizations, private contractors, and international partners.


Organizations should assume that sophisticated threat actors are willing to invest years—not days or weeks—to achieve intelligence objectives. Traditional perimeter-focused security is no longer sufficient against these adversaries.

Research institutions should focus on continuous threat hunting, privileged access monitoring, identity security, and protection of intellectual property. The challenge is not simply preventing initial access but detecting subtle, long-term activity that blends into normal research and collaboration workflows.

This case reinforces that cyber espionage is increasingly centered around knowledge acquisition. The battleground is no longer limited to government networks; universities, AI labs, healthcare researchers, and innovation centers are now critical strategic assets. Any organization conducting research with military, AI, biotechnology, or geopolitical relevance should consider itself a potential nation-state target.”

Consider yourself warned that nation state actors are coming for you and coming for you quickly. Thus you need to step up your game in order to counter these threats today.

Leave a comment »

China Warns of OpenClaw Open-Source AI Agent Security Risks

Posted in Commentary with tags on February 5, 2026 by itnerd

China’s industry ministry has warned that the OpenClaw open-source AI agent could pose significant security risks when improperly configured and expose users to cyberattacks and data breaches.

More info can be found here: https://www.reuters.com/world/china/china-warns-security-risks-linked-openclaw-open-source-ai-agent-2026-02-05/

Ensar Seker, CISO at SOCRadar:

“This warning isn’t really about China versus open source, it’s about a familiar pattern we’ve seen repeatedly with fast-moving AI agent frameworks like OpenClaw. When agent platforms go viral faster than security practices mature, misconfiguration becomes the primary attack surface. The risk isn’t the agent itself; it’s exposing autonomous tooling to public networks without hardened identity, access control, and execution boundaries.

“What’s notable here is that the Chinese regulator is explicitly calling out configuration risk rather than banning the technology. That aligns with what defenders already know: agent frameworks amplify both productivity and blast radius. A single exposed endpoint or overly permissive plugin can turn an AI agent into an unintentional automation layer for attackers.

“This should be a wake-up call globally. AI agents need to be treated like internet-facing services, not experimental scripts. That means threat modeling, least-privilege identities, continuous monitoring, and clear separation between reasoning, action, and data access. Without that, “agentic” systems don’t just scale intelligence, they scale mistakes.”

Henrique Teixeira, SVP of Strategy at Saviynt:

“The Chinese Ministry of Industry and Information Technology warning is valid. The point most people miss, however, is that OpenClaw (aka Moltbot, Clawdbot), even when properly configured, still poses a lot of identity security risks. If I had to simplify how OpenClaw credentials work it’s basically this: if you want your bot to do useful stuff, you need to provide it credentials (either username and passwords, cryptographic keys, etc.) with high levels of permissions. For example: if you want to have OpenClaw streamline your Gmail inbox, you need to give it a full pass to your email account. How most people will handle that poses a huge risk of credential exposure. Best case, they will follow steps like this  https://setupopenclaw.com/blog/openclaw-gmail-integration). This is the best case, which is using an OAuth flow for consent, instead of simply hardcoding your email and password somewhere. But it still involves steps like generating JSON files and some light coding that not everyone may feel comfortable with. And in the end, this process is still flagged as “unsafe” by Google, as OpenClaw’s app has not been verified by them. That’s a warning that some people will ignore, but identity security-conscious people shouldn’t. Assuming that OpenClaw is “my app” and it’s accessing “my inbox” is all the security vetting necessary is the same as accepting that it’s ok for me to use a very weak password on my company laptop, because I don’t have anything important in it. It glosses over the fact that most modern breaches according to research, were initiated by abusing existing credentials from employees and contractors. Anyone is a valid target, and attackers can use that initial access to move laterally and escalate privileges to access more sensitive stuff. In the OpenClaw Gmail example, that OAuth token is not immune from being stolen or reused. The user just created one more spot where credentials are now exposed. And the bot itself could be poisoned with external prompts to share more details of the permissions it carries. In summary the alarm is valid. But not for the reasons most people think it’s valid!”

AI is the new hotness as the kids say. But it has risks. This is the latest of those risks. So this is a case of user beware that you should likely pay attention to.

1 Comment »

UK and China establish “Cyber Dialogue”, while EU targets “high-risk” foreign tech suppliers

Posted in Commentary with tags , , on January 21, 2026 by itnerd

British and Chinese security officials are seeking to established a “Cyber Dialogue” to discuss cyberattacks amidst hacking accusations by both sides, according to Bloomberg.

The forum is supposedly designed for security officials to manage threats to each other’s national security, by improving communication, allowing, for the first time, private discussion of deterrence measures, and avoiding and preventing escalation, as communicated by people familiar with the matter who spoke on condition of anonymity.

The collaboration comes after China’s top diplomat Wang Yi and British National Security Adviser Jonathan Powell met in Beijing in November agreeing to “confront and resolve issues” and “further enhance regular dialogues” after British officials said a month earlier that they believed Chinese hackers had spied on UK government computer systems for over a decade, and Chinese state-backed actors had compromised its critical infrastructure.

Meanwhile, the European Commission unveiled an updated cybersecurity framework that would tighten protections for critical infrastructure by targeting “high-risk” foreign suppliers of digital equipment and services. 

The proposed legislation marks a shift from previous voluntary guidelines toward mandatory rules giving the Commission the authority to require removal of these high-risk vendors from key sectors such as telecommunications and other infrastructure essential to the EU’s economy and security. 

Although the proposal doesn’t explicitly name specific companies, officials have previously singled out concerns over equipment from Chinese technology firms like Huawei and ZTE.

The overhaul also includes a revised Cybersecurity Act designed to secure information and communications technology supply chains, streamline certification processes, and improve incident reporting and threat alerts.

The updated law would also empower the EU Agency for Cybersecurity (ENISA) to issue early warnings and support collaboration with Europol and national response teams.

Michael Bell, Founder & CEO, Suzu Labs had this comment:

“The Cyber Dialogue is a pragmatic move, not a naive one.

   “In March 2024, the UK publicly accused China of breaching the Electoral Commission and targeting parliamentarians’ email accounts. They sanctioned individuals linked to APT31. They summoned China’s ambassador. Beijing called the accusations “fabricated and malicious slanders.”

   “Eight months later, Wang Yi and Jonathan Powell met in Beijing and agreed to establish a Cyber Dialogue. That looks like whiplash, but there’s logic to it.

   “Cyber operations exist in a gray zone. They’re not acts of war, but they’re not peacetime activity either. Without communication channels, an incident response could be misread as aggression. Escalation becomes more likely when neither side understands the other’s red lines.

   “There’s precedent. In 2015, Obama and Xi established a cyber agreement with hotlines and joint dialogue mechanisms. US officials reported a drop in certain Chinese intrusions afterward. It wasn’t perfect. The US later accused China of violations. But it created a framework for managing the problem.

   “The UK is trying something similar. They’re not pretending the threat doesn’t exist. They publicly attributed attacks, imposed sanctions, and issued warnings about Volt Typhoon pre-positioning in critical infrastructure. Now they’re opening a channel to discuss deterrence and prevent miscalculation.

   “Whether it works depends on whether both sides actually use it. The 2015 US-China agreement produced results until it didn’t. The UK-China dialogue could follow the same trajectory. But having the channel is better than not having it.

   “The alternative, pure confrontation without communication, creates its own risks. In cyberspace, those risks are harder to see until they materialize.

   “In regards to the EU targeting “high-risk” tech suppliers, honestly, it sounds like Brussels ran out of patience.

   “The 5G Security Toolbox has been voluntary guidance since January 2020. It recommended that member states assess high-risk vendors and impose restrictions where necessary. Six years later, only 10 of 27 member states actually did anything meaningful about Huawei and ZTE. The patchwork approach created exactly the security gaps the Toolbox was supposed to prevent.

   “The new legislation fixes that by making removal mandatory. High-risk suppliers must be phased out within three years of the law taking effect. The scope expands beyond mobile networks to fixed and satellite infrastructure across 18 critical sectors: water, electricity, cloud services, semiconductors, medical devices.

   “The Commission will conduct EU-wide risk assessments based on country of origin and national security implications. ENISA gets real authority: early threat alerts, centralized incident reporting, coordination with Europol. A formal catalogue of high-risk suppliers will follow via implementing act. Huawei and ZTE are expected to be on it.

   “This is expensive. Germany alone faces an estimated €2.5 billion to replace Huawei equipment across Deutsche Telekom, Vodafone, and Telefónica. EU-wide, operators are looking at roughly €3 billion annually in higher infrastructure costs. That’s not a rounding error. It’s why voluntary guidelines failed. Member states and operators kept finding reasons to delay.

   “The legislation removes the option to delay. It’s regulatory coercion, and it’s probably necessary. Security through voluntary compliance only works when everyone complies. When half the member states ignore the guidance, you get exploitable gaps.

   “For enterprises operating in the EU, this means vendor audits, procurement changes, and certification requirements through ENISA. The three-year timeline sounds manageable until you account for supply chain constraints and the reality that everyone will be competing for the same alternative equipment.

   “Both approaches respond to the same underlying reality: Chinese state-affiliated actors have demonstrated capability and intent to compromise Western infrastructure. The UK and EU are choosing different tools to manage that risk.

   “The UK is betting that communication reduces the chance of catastrophic miscalculation. The EU is betting that removing the attack surface is more reliable than trusting dialogue.

   “Neither approach is wrong. They’re addressing different aspects of the same problem. The UK approach manages the state-to-state relationship. The EU approach manages the technical supply chain risk.

   “For enterprises, the implication is clear: you can’t rely on a single approach. You need security architecture that accounts for both diplomatic uncertainty and regulatory mandates. The technology landscape is fragmenting, and your vendor strategy needs to fragment with it.”

John Carberry, Solution Sleuth, Xcape, Inc. follows with this comment:

   “The UK-China cyber dialogue signals a shared understanding that unchecked cyber tensions pose serious escalation risks for global powers. Creating forums for discussing deterrence and intentions could minimize miscalculations, even if persistent accusations of espionage between the two nations remain unresolved.

   “Concurrently, Europe’s implementation of mandatory restrictions on “high-risk” suppliers demonstrates that dialogue doesn’t automatically equate to trust. The EU’s framework signifies a stricter stance on supply-chain security, transitioning from voluntary recommendations to legally binding regulations with tangible economic impacts. This shift from voluntary guidelines to mandatory exclusions for companies like Huawei and ZTE suggests that while the UK pursues dialogue, the wider Western approach is leaning towards complete technological decoupling.

   “ENISA’s augmented responsibilities for early warnings, incident reporting, and cross-border responses further underscore Europe’s focus on cybersecurity as a matter of technological sovereignty rather than mere IT best practices. By granting ENISA and Europol enhanced early-warning capabilities, the EU is fortifying itself against the very state-sponsored actors the UK is now engaging with diplomatically.

   “Collectively, these trends illustrate a two-pronged strategy: diplomatic efforts to influence state conduct, combined with structural defenses to mitigate systemic vulnerabilities. Cybersecurity policy is increasingly serving as both a diplomatic instrument and a component of industrial strategy.

   “You can’t build a bridge of trust with diplomacy while simultaneously bricking up the windows to keep the “partners” out of the house.”

Trust isn’t built overnight. Which I suspect will mean that any real traction on this will take a while to materialize any results. Which is fine as long as everyone sticks to it.

Leave a comment »

Five Eyes’ Intelligence Chiefs Accuse China Of IP Theft And ‘new cold war

Posted in Commentary with tags , on October 19, 2023 by itnerd

n an “unprecedented” joint call by the Five Eyes on Tuesday, the intelligence chiefs of the countries accused China of intellectual property theft and using AI for hacking and spying against its nations and called for private industry and academia to help counter those threats.

“China has long targeted businesses with a web of techniques all at once: cyber intrusions, human intelligence operations, seemingly innocuous corporate investments and transactions. Every strand of that web had become more brazen, and more dangerous,” FBI Director Christopher Wray said.

The FBI and the White House sent a warning Tuesday about how technology is being used dangerously, calling it the “new Cold War.”

“Because back in the day, it was more, ‘can I put more bombs and more missiles that point to you?’ Whereas these days it’s truly digital, where the information is, and also the spy component,” said Wray.

This meeting comes shortly after the Biden administration issued new restrictions on companies exporting AI technology to China and other countries.

Despite China having a bigger hacking program than that of every other nation combined, the Chinese government spokesman Liu Pengyu said the country was committed to intellectual property protection and denied the “groundless” allegations.

Ted Miracco, CEO, Approov Mobile Security had this comment:

   “Statements from the intelligence communities at the Five Eyes countries are a positive recognition of the persistent threat of Chinese espionage. However, this escalation is coming years, perhaps decades, after we had known about the blatant theft of intellectual property from China.

   “As open societies, we face significant challenges in competing against a closed society like China in the field of AI. China has a centralized governance structure, which gives it access to a large amount of diverse and centralized data, without a lot of ethical restrictions on how it will be used. In contrast, the Five Eyes countries face challenges in accessing similar volumes and types of data due to privacy concerns and legal frameworks that prioritize individual rights. China has also been aggressively investing in AI research and development, leading to a significant pool of talented scientists, engineers, and researchers.

   “The Five Eyes countries have well-established innovation ecosystems, including leading universities, research institutions, and a vibrant private sector that fosters a culture of innovation which can lead to breakthroughs in AI technologies. However, the question that remains is can open societies capitalize on these innovations, safeguard individual freedoms, and protect their valuable IP over the long term?”


David Mitchell, Chief Technical Officer, HYAS follows with this comment:

   “The PRC has been a cyber concern for as long as I can remember but has grown to become an existential threat over the last few years. The sheer number of motivated hacking teams, the scale of the toolsets and the coordination are unlike anything we’ve ever seen — and add AI to the equation and we have a serious problem. The private sector is not equipped to deal with such skilled nation state teams for a variety of reasons — a lack of network visibility, disjointed security platforms and understaffed organizations.

   “Without improvements in our security posture, products, and response, along with coordination between the private sector and government, it is hard to see this threat dissipating anytime soon.”

While China isn’t the only state actor that is out to steal all the IP that it can get, it is the biggest. Thus the threat that China poses must be taken seriously, along with doing everything possible to stop them from profiting from their desire to steal all the IP that they can.

Leave a comment »

Two File Management Apps On The Google Play Store Sending The Data Of 1.5 Million To China 

Posted in Commentary with tags , on July 11, 2023 by itnerd

A detailed in a report published by Pradeo, analysts discovered two file management apps on the Google Play Store to be spyware, secretly sending the user data of 1.5 million Android users to servers in China. 

Seemingly harmless Spyware apps, File Recovery and Data Recovery (1 million plus installs) and File Manager (500k plus installs), are developed by the same malicious group and assure users that no data is collected, automatically launch when the device reboots, and hides their icons on home screens.

Pradeo’s analytics engine has found stolen data to include contact lists, media files, real-time location, mobile country code, network provider details, SIM provider network code, operating system version, device brand, and model. Each app performs more than a hundred transmissions and then transmits the data to multiple servers in China which are deemed malicious.

Ted Miracco, CEO, Approov Mobile Security had this to say:

   “The security issues related to this story are deeply concerning, albeit not surprising. The most fundamental problem is the false sense of security that consumers and businesses have related to app stores like Google Play (and Apple’s Appstore) in terms of actually protecting devices and individuals from these malicious apps. 

   “Both Apple and Google are actively promoting their security efforts at developer conferences, achieving record profits and sales while many of the apps available have huge discrepancies between their stated privacy policies and the actual information and data collected. These include both legitimate mainstream apps, that bend the rules without apparent consequences, and malicious apps that engage in deceptive behavior, claiming not to collect data while secretly doing so. 

   “App marketplaces must prioritize the implementation of more robust security measures to detect and prevent the infiltration of malicious apps that compromise user data.  It is also important for users to remain vigilant in protecting their devices and for businesses to be extremely wary of deceptive and modified apps that can compromise their data and their employers’ data. 

   “The fact that the data is being sent to malicious servers in China compounds the gravity of the threat while making it extremely difficult for consumers and businesses to mitigate the repercussions and long term damage that might occur from the stolen data. It also highlights the complex global nature of cyber threats and the importance of international collaboration in addressing such issues. 

   “Cooperation between security experts, app stores, and law enforcement agencies is vital to combatting these malicious activities and safeguarding user data, yet it is a monumental task that may take decades to be resolved, due to the complexity and competing global agendas.”

This illustrates why you shouldn’t just install anything on your Android or iPhone. Because you simply don’t know what the apps do and where your data is going.

Leave a comment »

Chinese Sponsored Hackers Target US Infrastructure

Posted in Commentary with tags , on May 25, 2023 by itnerd

Microsoft has said that it has found malicious activity by a Chinese-state sponsored hacking group that has stealthily gained access into critical infrastructure organizations in Guam and elsewhere in the US, with the likely aim of disrupting critical communications in the event of a crisis. 

In a report published Wednesday, Microsoft said the group, named Volt Typhoon, had been active since mid-2021, targeting organizations that span manufacturing, construction, maritime, government, information technology and education. 

Joe Saunders, CEO, RunSafe Security had this comment on this rather disturbing news:

“In all these attacks, denying the adversary the ability to target memory weaknesses in code is essential to thwart any additional steps in the attack, especially if  if we want to make our infrastructure resilient. Achieving cyber resilience is an urgent need for our country.”

Although Chinese state-sponsored hackers have never launched a disruptive cyberattack against the United States, even over decades of data theft from US systems, the country’s hackers have periodically been caught inside US critical infrastructure. Thus the time is to act now before these hackers escalate their activities beyond what they have done to date.

UPDATE: I have two more comments on this. The first is from Willy Leichter, VP, Cyware:

   “These state-sponsored groups are relentless in trying to get a persistent foothold in our critical infrastructure systems, and attacks are inevitable. While all organizations need to remain vigilant about tracking threats, and closing vulnerabilities, we really need to improve how quickly we disseminate critical intelligence industry-wide. Information sharing communities (ISACs) in critical infrastructure, energy, and other sectors are providing some of this intelligence, but we need much more wide-spread adoption and automation, so an attack on one system can be automatically defended against across an entire industry sector.”

Roy Akerman, Co-Founder & CEO, Rezonate followed up with this:

   “While described as novel, the TTPs mentioned in the report have been used for years. Webshells, Living-off-the-Land, command line, proxies for exfiltration. IOCs extracted are valuable but unfortunately have a short shelf life as attackers evolve their infrastructure. The report coming from CISA and NSA provide a fantastic insight on the techniques however you can also clearly identify where traditional EDR solutions will fall short against LOLBin use and how a layered defense approach is critical to augment and further provide critical context.”

Finally Steve Stone, Head of Rubrik Zero Labs concludes with this:

“Rubrik believes the combination of multiple private companies and several governments publicly reporting their findings is a great situation for the overall cybersecurity community.  In particular, the US Government and its partners are working to publicly report activity sooner than in the past at the cost of maintaining their potential access.  This demonstrable shift by the US government is a major step forward for private organizations.

“This activity is in-line with well-established Chinese hacking efforts.  This in no way undercuts the reporting, but its critical we view this as an existing assessment confirmation instead of net new activity.

“The continued focus on valid users and valid tools by threat actors presents one of the largest threats to the industry. The valid user is the most capable attack surface an attacker can gain.  Additionally, these types of actions are notoriously difficult to detect.  For all of these reasons, Rubrik is heavily investing in user intelligence in 2023, which we will combine with data trends.  We think this remains one of the largest problems to solve from a threat perspective.”

Leave a comment »

Google Blocks Chinese App Pinduoduo Over Security Concerns

Posted in Commentary with tags , on March 21, 2023 by itnerd

Google has suspended the Chinese shopping app Pinduoduo after discovering that versions of the app not in the Play Store have been found to contain malware and the current version is “not compliant with Google’s Policy”. With approximately 900 million users, Pinduoduo is one of China’s most popular e-commerce platforms.

“Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect,” Ed Fernandez, a Google spokesperson said. 

Google Play Protect scans for malicious apps installed on Android phones and will recommend that users uninstall them. Play Protect currently prevents users from installing the Pinduoduo app.

Furthermore, a Pinduoduo spokesperson said in a statement to CNN, “We are communicating with Google for more information. We have been told that there are several other apps that have been suspended as well.” 

In a later statement Pinduoduo said it strongly rejects “the speculation and accusation that Pinduoduo app is malicious just from a generic and non-conclusive response from Google.”

It reiterated that “there are several apps that have been suspended from Google Play at the same time.”

Google Play has yet to confirm other suspended apps and has asked users with off-store, which is another way of saying side loading, versions to uninstall it.

Ted Miracco, CEO, Approov had this to say:

   “Mobile attestation is the process involved in verifying that the app was signed by a trusted party and has not been modified since it was signed. If mobile app developers use Google Play Integrity for the attestation process involved, they leave substantial end-users out of the process as both Huawei and Xiaomi smartphones typically do not have access to Google Play attestation capabilities and many Samsung devices support app attestation through their own Samsung Knox (a mobile security platform that provide security features, including app attestation). 

   “It is incumbent on developers to ensure that only genuine apps can access the APIs, otherwise they are opening up their users to the possibilities of malware or credentials being stolen from the app. Attestation across all mobile platforms is both necessary to protect APIs and to ensure the safety of the end users.”

I didn’t see a mention of the Apple versions of this app in the CNN story. I am guessing that because it’s much harder (but not impossible) to slip such code into apps on Apple’s App Store. And apps on that platform need to be signed. Plus side loading isn’t a thing on iOS. Some clarification on that would be handy. But if that’s the case, then as stated above, Google needs to move towards that sort of model as that will keep people safer.

Leave a comment »

Has A Chinese Police Force Been Pwned By Hackers Leaking The Data Of A Billion People?

Posted in Commentary with tags , on July 4, 2022 by itnerd

Reports are surfacing that a hacker is claiming to have acquired a huge dump of data containing the personal information via a hack of the Shanghai police. The dump of data would relate to one billion Chinese citizens:

The anonymous internet user, identified as “ChinaDan,” posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin BTC=, equivalent to about $200,000.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen,” the post said.

“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”

Reuters was unable to verify the authenticity of the post.

This would be really embarrassing to the Chinese government if this proves to be true. And it would be the biggest data leak in history if this were true. And clearly the Chinese government is sensitive to that:

The hashtag “data leak” was blocked on Weibo by Sunday afternoon.

While this could mean that there’s something to this. It could also mean that the Chinese government is simply reacting to this as a matter of course. We’ll have to wait and see if this data leak is real. And if it is, expect fireworks as this would be a massive story.

Leave a comment »

NSA, CISA and FBI Expose Chinese Backed Exploitation Of Network Providers And Devices

Posted in Commentary with tags , , on June 8, 2022 by itnerd

The NSA, CISA and FBI have released a Cybersecurity Advisory called “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices“. This advisory centers around the fact that hackers aligned with China are using a variety of techniques to exploit publicly-known vulnerabilities in equipment, allowing them to establish a broad network of compromised infrastructure. The advisory also lists a number of mitigation strategies that organizations need to take to protect themselves.

Jason Middaugh who is the Chief Information Security Officer, MRK Technologies had this to say:

The latest Cybersecurity Advisory from the NSA, CISA, and FBI drives home the importance of good cybersecurity fundamentals such as keeping assets updated/patched, changing default credentials to strong passphrases, and requiring multi-factor authentication wherever possible.

Many companies make the mistake of focusing on implementing the latest and greatest high-tech hardware/software and overlook the basics like system hardening and asset lifecycle management.

It does not matter whether it is the PRC attempting to exploit the device or an international cybercrime syndicate, if you don’t do the basics well it is only a matter of time before an internet facing asset is compromised.

Clearly this advisory is required reading for all enterprises. Because at the end of the day all enterprises are at risk. And it doesn’t matter if it’s China, or a ransomware group. All enterprises need to reduce their attack surface as much as possible to ensure that they are as safe from attack as possible.

UPDATE: Chris Olson, CEO, The Media Trust had this to say:

“Zero-days and other vulnerabilities in networked devices are an overlooked national security threat, especially in the midst of mounting geopolitical tensions. Unfortunately, the problem is not isolated to IT infrastructure, but also extends to the software supply chain, popular apps and mainstream websites. Today, foreign adversaries are targeting American consumers and businesses through code, with no borders to prevent malicious activity. In addition to following the advice published in the joint cybersecurity advisory, organizations should regularly monitor their digital ecosystem for the presence of untrusted third parties and remove bad actors to protect their users.”

Leave a comment »

Huawei & ZTE Punted From Canadian 5G Networks…. What Took Canada So Long To Do This???

Posted in Commentary with tags , , , on May 20, 2022 by itnerd

Late yesterday news filtered out that both Huawei and ZTE have been banned from Canadian 5G networks over national security concerns. And any telco that are using their gear needs to rip it out ASAP. This mirrors similar moves by the US, UK, New Zealand, and Australia who along with Canada are known as the “Five Eyes” which is an alliance of these five countries to share intelligence. The difference is that Canada was late to this decision while the other four made this call years ago. Thus one has to wonder why it took Canada so long to make this move.

In my opinion, one factor had to be the Michael Kovrig and Michael Spavor situation where those two Canadian citizens were essentially held hostage by the Chinese government in retaliation for the arrest of Meng Wanzhou who is the CFO of Huawei in Vancouver and at the request of the US government. That eventually got sorted when the US cut a deal with Wanzhou which allowed the two Michael’s to be released by China as that’s how “hostage diplomacy” works. But even then, that was over a year ago and they are only banning Huawei and ZTE now. So that can’t be the only reason. Though it’s not clear to me what other reasons exist.

Regardless of what reasons exist, here’s the thing that really bothers me about this rather late decision by the Canadian government to ban Huawei and ZTE. If you accept that both of these companies are arms of Chinese intelligence, which I happen to believe to some degree, then this inaction by the Canadian government has given both these companies an inside look at not only the telecommunications networks in Canada, but how Canadians use those networks. Not to mention that they could have been doing who knows what to gather whatever information that the Chinese government wanted them to gather. All while the Canadian government sat on its hands and did nothing. So even though they’re now banned, Huawei, ZTE, and the Chinese government still win. And that highlights how the Canadian government has failed miserably on this issue.

When it comes to national security, governments have to take it seriously. They have to make decisions that lean towards ensuring security and they have to make those decisions quickly. That didn’t happen here, and I have to wonder if it is going to cost Canada down the road. Because it’s pretty clear that the Canadian government dropped the ball here, and there needs to be some accountability on that front.

Leave a comment »

« Older Entries