China's National Center for Internet Emergency (English abbreviation CNCERT/CC) has reportedly uncovered and solved two major cases of cyber espionage targeting Chinese technology companies and research institutes.
According to Beijing, the attacks were orchestrated by U.S. intelligence agencies and aimed at stealing critical trade secrets and intellectual property.
The intrusion, which lasted four months, from April to August 2024, allegedly allowed the attackers to maintain a persistent presence in the organization's network, primarily for intelligence-gathering purposes, China claims.
Since August 2024, a major advanced materials research and design organization in China has been the target of a sophisticated cyber attack, Chinese sources say.
Analysts revealed that the attackers allegedly exploited a vulnerability in a widely used electronic document security management system in China.
The attackers allegedly infiltrated the company's software update management server, distributing control Trojans to more than 270 hosts through the compromised software update service.
This breach resulted in the theft of substantial quantities of sensitive commercial secrets and intellectual property.
According to an analysis report published by CNIE, “the attackers exploited a vulnerability in a certain electronic document security management system in China to invade the software upgrade management server deployed by the company, and delivered control Trojans to more than 270 hosts of the company through the software upgrade service, stealing a large amount of commercial secrets and intellectual property of the company.”
In another case, dating back to May 2023, a leading enterprise in China’s smart energy and digital information sector became a victim of continuous cyber attacks. Investigation findings indicate that attackers exploited vulnerabilities in Microsoft Exchange servers and used multiple overseas springboards to execute their campaign.
In another case, “starting in May 2023, a large high-tech enterprise in the smart energy and digital information sector in my country was attacked by an alleged network of U.S. intelligence agencies. After analysis, the attackers used several foreign springboards, exploited Microsoft Exchange vulnerabilities, invaded and controlled the company's mail server, implanted backdoor programs and continued to steal e-mail data. At the same time, the attackers used the mail server as a springboard to attack and control more than 30 devices of the company and its affiliates, stealing a large amount of the company's secret business information.”
Who is CNCERT/CC
The National Computer Network Emergency Response Technology Coordination Center was established in August 2001. It is a non-governmental, non-profit network security technology center and the leading unit in China's computer network emergency response system. As the national emergency center, the main responsibilities of CNCERT/CC are: in accordance with the policy of “active prevention, early discovery, rapid response and ensuring recovery,” to carry out prevention, discovery, early warning and coordinated management of Internet network security incidents and to manage and operate the National Information Security Vulnerability Sharing Platform (CNVD) to maintain public Internet security and ensure the safe operation of critical information infrastructure.
The CNCERT/CC has branches in 31 provinces, autonomous regions and municipalities directly under the central government of mainland China, and builds China's Internet security emergency response system by organizing network security enterprises, schools, social organizations and research institutes, and coordinating with backbone network operators, domain name service providers and other emergency response organizations, etc., to jointly deal with all kinds of serious Internet network security incidents. CNCERT/CC played an active role in coordinating the industry and initiated the establishment of the China Anti-Network Virus Alliance (ANVA) and the China Internet Network Security Threat Governance Alliance (CCTGA).
At the same time, CNCERT/CC actively pursues international cooperation on cybersecurity and strives to build a rapid response and coordination mechanism for cross-border cybersecurity incidents. By 2023, CNCERT/CC has established “CNCERT/CC International Partnerships” with 289 organizations in 83 countries and regions, and is a full member of FIRST, an international emergency response and security organization, and one of the initiators of APCERT, the Asia-Pacific Cyber Emergency Response Organization. CNCERT/CC is a full member of the International Organization for Emergency Response Organization. CNCERT/CC is a full member of FIRST, an international emergency response and security organization, and one of the founders of the Asia-Pacific Computer Emergency Response Team (APCERT), as well as an active participant in the cybersecurity work of international and regional government-level organizations, such as APEC, ITU, SCO, ASEAN, BRICS, and so on.
Comments