US Blacklists 6 Chinese Entities Over Balloon Program

us-blacklists-6-chinese-entities-over-balloon-program

The United States on Friday blacklisted six Chinese entities it said were linked to Beijing’s aerospace programs as part of its retaliation over an alleged Chinese spy balloon that traversed U.S. airspace.

The economic restrictions followed the Biden administration’s pledge to consider broader efforts to address Chinese surveillance activities and will make it more difficult for the five companies and one research institute to obtain American technology exports.

The move is likely to further escalate the diplomatic row between the U.S. and China sparked by the balloon, which was shot down last weekend off the Carolina coast. The U.S. said the balloon was equipped to detect and collect intelligence signals, but Beijing insists it was a weather craft that had blown off course.

The incident prompted Secretary of State Antony Blinken to abruptly cancel a high-stakes trip to Beijing aimed at easing tensions.

The U.S. Bureau of Industry and Security said the six entities were being targeted for “their support to China’s military modernization efforts, specifically the People’s Liberation Army’s (PLA) aerospace programs including airships and balloons.”

“The PLA is utilizing High Altitude Balloons (HAB) for intelligence and reconnaissance activities,” it said.

Deputy Secretary of Commerce Don Graves said on Twitter his department “will not hesitate to continue to use” such restrictions and other regulatory and enforcement tools “to protect U.S. national security and sovereignty.”

The six entities are Beijing Nanjiang Aerospace Technology Co., China Electronics Technology Group Corporation 48th Research Institute, Dongguan Lingkong Remote Sensing Technology Co., Eagles Men Aviation Science and Technology Group Co., Guangzhou Tian-Hai-Xiang Aviation Technology Co., and Shanxi Eagles Men Aviation Science and Technology Group Co.

The research institute did not immediately respond to a request for comment. The other five entities could not be reached.

On Friday, a U.S. military fighter jet shot down an unknown object flying off the remote northern coast of Alaska on orders from President Joe Biden. The object was downed because it reportedly posed a threat to the safety of civilian flights, instead of any knowledge that it was engaged in surveillance.

But the twin incidents in such close succession reflect heightened concerns over China’s surveillance program and public pressure on Biden to take a tough stand against it.

The post US Blacklists 6 Chinese Entities Over Balloon Program appeared first on SecurityWeek.

Spies, Hackers, Informants: How China Snoops on the US

spies,-hackers,-informants:-how-china-snoops-on-the-us

An alleged Chinese surveillance balloon over the United States last week sparked a diplomatic furore and renewed fears over how Beijing gathers intelligence on its largest strategic rival.

FBI Director Christopher Wray said in 2020 that Chinese spying poses “the greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality”.

China’s foreign ministry said in a statement to AFP that it “resolutely opposed” spying operations and that American accusations are “based on false information and sinister political aims”.

The United States also has its own ways of spying on China, deploying surveillance and interception techniques as well as networks of informants.

Former US president Barack Obama said in 2015 that his Chinese counterpart Xi Jinping had promised not to conduct commercial cyber spying. Subsequent statements by Washington have indicated the practice has continued.

Here are some of the ways Beijing has worked to spy on the United States in recent years:

Cyber warfare

The United States warned in a major annual intelligence assessment in 2022 that the Asian giant represents “the broadest, most active, and persistent cyber espionage threat” to the government and private sector.

According to researchers and Western intelligence officials, China has become adept at hacking rival nations’ computer systems to make off with industrial and trade secrets. In 2021, the United States, NATO and other allies said China had employed “contract hackers” to exploit a breach in Microsoft email systems, giving state security agents access to emails, corporate data and other sensitive information.

Chinese cyber spies have also hacked the US energy department, utility companies, telecommunications firms and universities, according to US government statements and media reports.

Tech fears

Fears of the threat from Beijing have seeped into the technology sector, with concerns that state-linked firms would be obliged to share intel with the Chinese government.

In 2019, the US Department of Justice charged tech giant Huawei with conspiring to steal US trade secrets, evade sanctions on Iran, and other offenses.

Washington has banned the firm from supplying US government systems and strongly discouraged the use of its equipment in the private sector over fears that it could be compromised.

Huawei denies the charges.

Similar anxiety over TikTok animates Western political debate, with some lawmakers calling for an outright ban on the hugely popular app developed by China’s ByteDance over data security fears.

Industrial and military espionage

Beijing has leaned on Chinese citizens abroad to help gather intelligence and steal sensitive technology, according to experts, US lawmakers and media reports.

One of the most high-profile cases was that of Ji Chaoqun, who in January was sentenced to eight years in a US prison for passing information on possible recruitment targets to Chinese intelligence.

An engineer who arrived in the United States on a student visa in 2013 and later joined the army reserves, Ji was accused of supplying information about eight people to the Jiangsu province ministry of state security, an intelligence unit accused of engaging in the theft of US trade secrets.

Last year, a US court sentenced a Chinese intelligence officer to 20 years in prison for stealing technology from US and French aerospace firms.

The man, named Xu Yanjun, was found guilty of playing a leading role in a five-year Chinese state-backed scheme to steal commercial secrets from GE Aviation, one of the world’s leading aircraft engine manufacturers, and
France’s Safran Group.

In 2020, a US court jailed Raytheon engineer Wei Sun — a Chinese national and naturalized US citizen — for bringing sensitive information about an American missile system into China on a company laptop.

Spying on politicians

With the goal of advancing Beijing’s interests, Chinese operatives have allegedly courted American political, social and business elites.

US news website Axios ran an investigation in 2020 claiming that a Chinese student enrolled at a university in California had developed ties with a range of US politicians under the auspices of Beijing’s main civilian spy agency.

The student, named Fang Fang, used campaign financing, developed friendships and even initiated sexual relationships to target rising politicians between 2011 and 2015, according to the report.

Police stations

Another technique used by Chinese operatives is to tout insider knowledge about the Communist Party’s opaque inner workings and dangle access to top leaders to lure high-profile Western targets, researchers say.

The aim has been to “mislead world leaders about (Beijing’s) ambitions” and make them believe “China would rise peacefully — maybe even democratically,”

Chinese-Australian author Alex Joske wrote in his book, “Spies and Lies: How China’s Greatest Covert Operations Fooled the World”.

Beijing has also exerted pressure on overseas Chinese communities and media organizations to back its policies on Taiwan, and to muzzle criticism of the Hong Kong and Xinjiang crackdowns.

In September 2022, Spain-based NGO Safeguard Defenders said China had set up 54 overseas police stations around the world, allegedly to target Communist Party critics.

Beijing has denied the claims.

The Netherlands ordered China to close two “police stations” there in November.

A month later, the Czech Republic said China had closed two such centers in Prague.

The post Spies, Hackers, Informants: How China Snoops on the US appeared first on SecurityWeek.

China Says It’s Looking Into Report of Spy Balloon Over US

china-says-it’s-looking-into-report-of-spy-balloon-over-us

China said Friday it is looking into reports that a Chinese spy balloon has been flying in U.S. airspace and urged calm, adding that it has “no intention of violating the territory and airspace of any sovereign country.”

Foreign Ministry spokesperson Mao Ning also said she had no information about whether a trip to China by U.S. Secretary of State Antony Blinken planned for next week will proceed as scheduled.

At a daily briefing, Mao said that politicians and the public should withhold judgment “before we have a clear understanding of the facts” about the spy balloon reports.

Blinken would be the highest-ranking member of President Joe Biden’s administration to visit China, arriving amid efforts to mitigate a sharp downturn in relations between Beijing and Washington over trade, Taiwan, human rights and China’s claims in the South China Sea.

“China is a responsible country and has always strictly abided by international laws, and China has no intention of violating the territory and airspace of any sovereign country. As for the balloon, as I’ve mentioned just now, we are looking into and verifying the situation and hope that both sides can handle this together calmly and carefully,” Mao said.

“As for Blinken’s visit to China, I have no information,” she said.

A senior defense official told Pentagon reporters that the U.S. has “very high confidence” that the object was a Chinese high-altitude balloon and was flying over sensitive sites to collect information.

One of the places the balloon was spotted was over the state of Montana, which is home to one of America’s three nuclear missile silo fields at Malmstrom Air Force Base. The official spoke on condition of anonymity to discuss sensitive information.

Pentagon press secretary Brig. Gen. Patrick Ryder said the balloon is “currently traveling at an altitude well above commercial air traffic and does not present a military or physical threat to people on the ground.”

Ryder said similar balloon activity has been seen in the past several years and the government has taken steps to ensure no sensitive information was stolen.

President Biden was briefed and asked the military to present options, according to a senior administration official, who was also not authorized to publicly discuss sensitive information.

Defense Secretary Lloyd Austin and Army Gen. Mark Milley, chairman of the Joint Chiefs of Staff, advised against taking “kinetic action” because of risks to the safety of people on the ground. Biden accepted that recommendation.

The defense official said the U.S. has “engaged” Chinese officials through multiple channels and communicated the seriousness of the matter.

Blinken’s visit was expected to start this Sunday in an effort to try to find common ground on issues from trade policy to climate change. Although the trip has not been formally announced, both Beijing and Washington have been talking about his imminent arrival.

The senior defense official said the U.S. prepared fighter jets, including F-22s, to shoot down the balloon if ordered. The Pentagon ultimately recommended against it, noting that even as the balloon was over a sparsely populated area of Montana, its size would create a debris field large enough that it could have put people at risk.

It was not clear what will happen with the balloon if it isn’t brought down.

The defense official said the spy balloon was trying to fly over the Montana missile fields, but the U.S. has assessed that it has “limited” value in terms of providing intelligence it couldn’t obtain by other technologies, such as spy satellites.

The official would not specify the size of the balloon but said commercial pilots could spot it from their cockpits. All air traffic was halted at Montana’s Billings Logan International Airport from 1:30 p.m. to 3:30 p.m. Wednesday, as the military provided options to the White House.

A photograph of a large white balloon lingering over the area was captured by The Billings Gazette. The balloon could be seen drifting in and out of clouds and had what appeared to be a solar array hanging from the bottom, said Gazette photographer Larry Mayer.

The balloon’s appearance adds to national security concerns among lawmakers over China’s influence in the U.S., ranging from the prevalence of the hugely popular smartphone app TikTok to purchases of American farmland.

“China’s brazen disregard for U.S. sovereignty is a destabilizing action that must be addressed,” Republican Party House Speaker Kevin McCarthy tweeted.

Tensions with China are particularly high on numerous issues, ranging from Taiwan and the South China Sea to human rights in China’s western Xinjiang region and the clampdown on democracy activists in Hong Kong. Not least on that list of irritants are China’s tacit support for Russia’s invasion of Ukraine, its refusal to rein in North Korea’s expanding ballistic missile program and ongoing disputes over trade and technology.

On Tuesday, Taiwan scrambled fighter jets, put its navy on alert and activated missile systems in response to nearby operations by 34 Chinese military aircraft and nine warships that are part Beijing’s strategy to unsettle and intimidate the self-governing island democracy.

Twenty of those aircraft crossed the central line in the Taiwan Strait that has long been an unofficial buffer zone between the two sides, which separated during a civil war in 1949.

Beijing has also increased preparations for a potential blockade or military action against Taiwan, which has stirred increasing concern among military leaders, diplomats and elected officials in the U.S., Taiwan’s key ally.

The surveillance balloon was first reported by NBC News.

From an office window in Billings, Montana, Chase Doak said he saw a “big white circle in the sky” that he said was too small to be the moon.

“I thought maybe it was a legitimate UFO,” Doak said. “So I wanted to make sure I documented it and took as many photos as I could.”

The post China Says It’s Looking Into Report of Spy Balloon Over US appeared first on SecurityWeek.

Chinese Hackers Adopting Open Source ‘SparkRAT’ Tool

chinese-hackers-adopting-open-source-‘sparkrat’-tool

A Chinese threat actor tracked as DragonSpark has been using the SparkRAT open source remote administration tool (RAT) in recent attacks targeting East Asian organizations, cybersecurity firm SentinelOne reports.

Relatively new, SparkRAT is a multi-platform RAT written in Golang that can run on Windows, Linux, and macOS systems, and which can update itself with new versions available through its command and control (C&C) server.

The threat uses the WebSocket protocol to communicate with the C&C server and includes support for over 20 commands that allow it to execute tasks, control the infected machine, manipulate processes and files, and steal various types of information.

The malware appears to be used by multiple adversaries but, according to SentinelOne, DragonSpark represents the first cluster of activity where SparkRAT has been constantly deployed in attacks.

The attackers were also seen using the China Chopper webshell, along with other malware tools created by Chinese developers, including BadPotato, GotoHTTP, SharpToken, and XZB-1248, as well as two custom malware families, ShellCode_Loader and m6699.exe.

The m6699.exe malware uses Golang source code interpretation to evade detection, where the Yaegi framework is used “to interpret at runtime encoded Golang source code stored within the compiled binary, executing the code as if compiled”, SentinelOne says.

DragonSpark was seen targeting web servers and MySQL database servers for initial compromise and then performing lateral movement, escalating privileges, and deploying additional malware hosted on attacker-controlled infrastructure.

The cybersecurity firm has observed DragonSpark abusing compromised infrastructure of legitimate organizations in Taiwan, including an art gallery, a baby products retailer, and games and gambling websites, for malware staging.

DragonSpark also uses malware staging infrastructure in China, Hong Kong, and Singapore, while its C&C servers are located in Hong Kong and the US.

Based on the infrastructure and tools, SentinelOne assesses that DragonSpark is a Chinese-speaking adversary, focused either on espionage or cybercrime – one of their C&C IPs was previously linked to the Zegost malware, an information stealer used by Chinese threat actors.

“The threat actor behind DragonSpark used the China Chopper webshell to deploy malware. China Chopper has historically been consistently used by Chinese cybercriminals and espionage groups […]. Further, all of the open source tools used by the threat actor conducting DragonSpark attacks are developed by Chinese-speaking developers,” SentinelOne notes.

Related: Chinese Hackers Exploited Fortinet VPN Vulnerability as Zero-Day

Related: Chinese Cyberspies Targeted Japanese Political Entities Ahead of Elections

Related: Self-Replicating Malware Used by Chinese Cyberspies Spreads via USB Drives

The post Chinese Hackers Adopting Open Source ‘SparkRAT’ Tool appeared first on SecurityWeek.