U.S. hacker groups carried out cyber attacks on many important sensitive units in China

U.S. hacker groups carried out cyber attacks on many important sensitive units in China

Source: World Wide Web

For a long time, American hacker organizations have continued to carry out cyber attacks on our country. Through monitoring and analysis, it has been discovered that many American hacker organizations have carried out vulnerability scanning attacks, brute force cracking, DDoS attacks and other attacks with the websites and related hosts of important and sensitive units such as our party and government agencies, institutions, scientific research institutes and other important and sensitive units as their main targets. . This article selects three more typical American hacker organizations for research, and analyzes the characteristics of their attack behavior as follows:

Hacker Group A

The hacker organization A discovered in October 2020 controlled 1,065 hosts located in the United States to attack 2,426 target hosts in China. The targets were mainly party and government agencies, enterprises and institutions, such as an automobile powertrain company and a steel company. Companies and some universities, etc. Attack methods are mainly SSH brute force cracking, SNMP brute force cracking, etc.

Hacker Group B

The hacker organization B discovered in October 2020 controlled 24 hosts located in the United States to attack 993 target hosts in China. The targets were mainly universities, involving Shanxi, Guangxi, Guangdong and other provinces; there were also some party and government agencies, such as a certain province. Science and Technology Committee, a certain city’s commerce bureau, etc. Attack methods mainly include brute force cracking and Web scanning attacks such as SNMP brute force cracking, PHP code execution vulnerabilities, Struts2 remote command execution vulnerabilities.

Hacker Group C

The hacker organization C discovered in August 2020 controlled 5 hosts located in the United States to attack 119 target hosts in China. The targets were mainly universities, involving Guangdong, Beijing and other places. The attack methods are mainly web attacks such as PHP vulnerability attacks and SQL injection.

Monitoring found that a considerable number of American hacker organizations tend to try to use a large number of hosts, through a wide range of Web and system vulnerability scanning attack methods, and high-frequency brute force cracking methods to carry out reconnaissance and step-on attacks to lock the target. Through targeted high-frequency detection attacks, these hacker organizations try to use a relatively small attack cost to find the weak links of important and sensitive unit assets and provide opportunities for later intrusion and penetration.

China intensively counters rumors

Source: Chinese Embassy website in the UK, Chinese Embassy website in Canada, Chinese Embassy website in New Zealand, Chinese Embassy website in Norway, Chinese Embassy in the European Union WeChat official account

The United States gathered rumors from many countries to “Chinese cyberattacks”, and the Chinese embassies in the United Kingdom, Canada, Norway, New Zealand and the European Union responded one after another!

The spokesperson of the Chinese Embassy in the UK answers questions from reporters on the British side’s erroneous remarks related to cyber attacks

Reporter: The British Ministry of Foreign Affairs and Development issued a statement today (19th) stating that organizations in the United Kingdom and countries with similar views believed that an organization supported by the Chinese government launched a cyber attack on the Microsoft Exchange server earlier this year, and claimed that there is evidence that such cyber attacks by China are still continuing. , Asking the Chinese government to stop this systematic cyber attack. Does the Chinese Embassy in the UK have any comment on this?

Embassy Spokesperson: The British accusations against China are completely out of nothing and deliberately slander. China is strongly dissatisfied with this and resolutely opposes it. We ask the British side to immediately stop such unwarranted accusations against China.

China is a staunch defender of cyber security and one of the main victims of cyber theft and attacks. According to a report from the China National Internet Emergency Response Center, in 2020, a total of about 52,000 computer malicious program control servers located outside China controlled about 5.31 million hosts in China, which caused serious damage to China’s national security, economic and social development, and people’s normal production and life. harm. In February this year, as many as 830,000 IP addresses in China were attacked by unknown cyber attacks, and more than 70% came from overseas.

For a long time, the United States has violated international law and the basic norms of international relations, and carried out large-scale, organized, and indiscriminate cyber theft, surveillance and attacks on foreign governments, enterprises and individuals, from “WikiLeaks”, “Snowden Incident”, and “Swiss Encryption”. “Aircraft incidents” to the use of third-country intelligence agencies to steal information about European heads of state and other bad practices have long been known to the world. If the British side really cares about network security issues, it should not be indifferent or even act as an accomplice, which relies on its own technological advantages to unscrupulously engage in large-scale, undifferentiated eavesdropping and eavesdropping of the world, even its allies. We firmly oppose the practice of double standards and “thieves calling out and catching thieves” in cyber security in some Western countries.

Cybersecurity is a global issue that concerns the common interests of all countries and needs to be jointly maintained by the international community. China is open and honest on the issue of cyber security. We are willing to work hand in hand with all parties to build a community of digital destiny. In September last year, China launched the “Global Data Security Initiative”, clearly advocating that countries oppose the use of information technology to damage other countries’ critical infrastructure or steal important data, and oppose the abuse of information technology for large-scale surveillance against other countries and illegal collection of personal information from citizens of other countries. We look forward to all countries including the United Kingdom participating in this initiative, making clear commitments on cybersecurity issues, and jointly creating a peaceful, safe, open and cooperative cyberspace.

The spokesperson of the Chinese Embassy in Canada refutes Canada’s groundless accusations against China on cybersecurity issues

On July 19, the Minister of Foreign Affairs of Canada, the Minister of Defense, and the Minister of Public Security and Emergency Preparedness issued a joint statement, falsely claiming that an organization supported by the Chinese government invaded Microsoft’s email server and stole intellectual property and personal identification information. The above-mentioned accusations by the Canadian side are groundless, purely out of nothing and malicious smear. The Chinese side expressed strong dissatisfaction and firm opposition, and has lodged solemn representations with the Canadian side.

The Chinese government’s position on cybersecurity issues is consistent and clear. We have always resolutely maintained network security, opposed and cracked down on all forms of network hacker attacks in accordance with the law. In response to current prominent data security risks, China proposed the Global Data Security Initiative last year, which aims to maintain global data and supply chain security and promote the development of the digital economy. This initiative is receiving positive responses from more and more countries. China is willing to strengthen exchanges and cooperation with all parties, reach and abide by global rules that reflect the wishes of all countries and respect the interests of all parties, effectively block all actions that use technological advantages to endanger the security of other countries, and jointly maintain global data security.

What needs to be pointed out is that for some time, the US government and relevant departments have violated international law and basic norms of international relations by implementing large-scale, organized, and indiscriminate cyber theft, monitoring, and monitoring of foreign governments, enterprises, and individuals, including allies. . The United States is the largest “Matrix” in the world. This has long been a well-known fact. China is also a serious victim of US cyber theft, surveillance and surveillance. Facts have proved that on the issue of cyber security, the U.S. and the West have been stigmatized by themselves, and they are completely unqualified to point fingers at other countries.

China urges Canada to abandon the Cold War mentality and ideological prejudice, adopt a professional and responsible attitude to respond to cyber incidents, stop political manipulation on relevant issues, and stop unprovoked attacks and deliberate slanders against China.

Cybersecurity: To cooperate, not to be politically manipulated-the statement of the Chinese Embassy in Norway on the cyber attack

This afternoon (19th), the Norwegian side, without any contact and communication with the Chinese side, suddenly declared that the cyber attack on the Norwegian parliament came from China in March. Some Western countries and organizations suddenly spoke intensively on cybersecurity issues today (19th), and pointed the finger at China. It has to be doubted whether it is a collusive political manipulation? We hope that relevant parties can produce true and credible evidence so as to find out the truth as soon as possible.

China is a staunch defender of cyber security. China has always resolutely opposed and cracked down on any form of cyber attacks and secret theft in accordance with the law. Article 27 of the “Network Security Law of the People’s Republic of China” stipulates that no individual or organization shall engage in activities that endanger network security, such as illegally hacking into another person’s network, interfering with the normal function of another person’s network, or stealing network data. Such activities constitute a crime and will be punished by law. In fact, a series of incidents such as the “Prism Gate” in the past proved that the issue of transnational cyber security did not come from China.

Cyberspace is highly virtual, difficult to trace, and diverse actors. The determination of relevant events should be based on evidence. We have requested the Norwegian side to provide relevant evidence and look forward to the Norwegian side’s reply. China is willing to cooperate with all parties on the basis of respecting facts to investigate and deal with cybersecurity violations in accordance with the law. But at the same time, we firmly oppose unfounded smear and politicization of related issues.

China has always believed that maintaining the security and stability of cyberspace is in the common interest of all countries. China has always advocated international cooperation in cyber security. We proposed the Global Data Security Initiative, which aims to promote the construction of a global Internet governance system and jointly build a community with a shared future in cyberspace. When State Councilor and Foreign Minister Wang Yi visited Norway in August last year, he was the first to forward and introduce the Chinese proposal to the Norwegian side, and the Norwegian side gave feedback. We are still waiting for the Norwegian side’s constructive suggestions. Cyber ​​security requires cooperation and joint maintenance of all countries. We are willing to work hand in hand with the international community, including Norway, to create a good cyberspace.

The spokesperson of the Chinese Embassy in New Zealand made a statement on the issue of cyber security

Q: On July 19, the Minister of Communications Security of the New Zealand Government, Little Little issued a statement falsely claiming that an actor supported by the Chinese government was carrying out cyber attacks in New Zealand. What’s China’s response to this?

Answer: New Zealand’s accusations are groundless and extremely irresponsible. The Chinese side expressed strong dissatisfaction and firm opposition, and has lodged solemn representations with the New Zealand side.

The Chinese government is a staunch defender of cyber security and has always resolutely opposed and cracked down on all forms of cyber attacks and cyber crimes in accordance with the law. Cyberspace is highly virtual. The investigation and characterization of cyber incidents must be based on sufficient evidence, and baseless accusations are malicious smears.

Cyber ​​security is a common challenge facing all countries. China has always advocated that all countries strengthen dialogue and cooperation on the basis of mutual respect, equality and mutual benefit, and jointly respond to this challenge. We urge New Zealand to abandon the Cold War mentality, deal with cyber incidents in a professional and responsible manner, and work with all parties to jointly address cyber security challenges through dialogue and cooperation, instead of using cyber security issues to engage in political manipulation and pour dirty water on others.

The spokesperson of the Chinese mission to the European Union answers reporters’ questions on the EU and NATO’s statements on so-called China’s malicious cyber activities

Q: On July 19, the EU’s High Representative for Foreign and Security Policy issued a statement stating that malicious cyber activities from within China have damaged thousands of computers and networks in the world. At the same time, it has been found to target governments, organizations and key players in the EU and its member states. The industry’s malicious network activities are intended to steal intellectual property rights and engage in espionage activities. The EU and its member states condemned this and urged China to abide by international norms and take measures to investigate and deal with it. On the same day, NATO also issued a statement accusing China. What is China’s response to this?

Answer: We have taken note of the above statement. China is a staunch defender of cyber security and has always resolutely opposed and cracked down on cyber attacks launched in China or using Chinese network facilities in accordance with the law. The EU and NATO statements mentioned above lack any facts and evidence, and are full of speculation and groundless accusations. China expresses its strong dissatisfaction and firm opposition to this.

For a long time, individual Western countries have relied on their own technological advantages to unscrupulously carry out large-scale and indiscriminate eavesdropping on the world, even not letting off their allies; on the other hand, they claim to be cyber security guards, manipulating and commanding allies in the field of cyber security. Small groups have repeatedly smeared and attacked other countries, fully exposing their double standards and hypocrisy. It is also worth noting that NATO has repeatedly accused China of groundless attempts to achieve regional and territorial breakthroughs under the guise of cyber attacks and other issues. We are highly concerned about this trend.

In fact, China is one of the main victims of cyber attacks. According to a report from the China National Internet Emergency Response Center, in 2020, a total of about 52,000 computer malicious program control servers located outside China controlled about 5.31 million hosts in China, which caused serious damage to China’s national security, economic and social development, and people’s normal production and life. harm. In terms of the number of hosts controlled in China, the top three control servers in the scale of control are all from NATO member states, controlling 4.46 million, 2.15 million, and 1.94 million hosts in China, respectively. We urge relevant countries to abide by the international norms of cyberspace and immediately take effective measures to investigate and deal with malicious cyber activities.

Cybersecurity is a global issue that concerns the common interests of all countries and needs to be jointly maintained by the international community. Politicization and stigmatization will not only help solve the problem of network security, but will weaken mutual trust between countries and affect their normal cooperation in this field. China has put forward the “Global Data Security Initiative” in September last year, clearly advocating that countries oppose the use of information technology to damage other countries’ critical infrastructure or steal important data. We look forward to all countries participating in this initiative, making clear commitments on cybersecurity issues, and jointly creating a peaceful, safe, open, and cooperative cyberspace.

The Links:   AA104XD12 PM300DSA060