While the world is waiting to embrace the New Year 2020, the hacking activities are seemed to be not slowing down. Especially the state-backed hackings. Recently it was revealed that hackers, allegedly working for China's intelligence services stole a huge chunk of intellectual property, security clearance details and other records from companies.
During this process, which was conducted by these state-backed hackers in past few years, they gained the access to systems which had secrets for mining company Rio Tinto PLC as well as sensitive medical research for electronics and health-care firm Philips NV.
The Chinese hackers
It is always not North Korea, who allegedly associates with the hacking groups to conduct a cyber attack. This time it is China's intelligence service, which allegedly supported the hackers who attacked through cloud service providers, where companies store their data.
After such malicious actions were first identified, the cybersecurity officers called it Cloud Hopper in 2016. Later, US court charged two Chinese nationals for their involvement in global operation in December 2018.
As per the Wall Street Journal investigation, the attack conducted by these Chinese men was much bigger than previously thought. The breach affected over 14 unnamed companies as well as a dozen of cloud providers which include one of Canada's largest cloud companies CGI Group Inc., a major Finnish IT service firm, Tieto Oyj and International Business Machines Corp.
The cyber threat
In a recently published journal about these attacks, it was revealed that Hewlett Packard Enterprise Co. (HP) was so overrun that the cloud company didn't see the hackers re-enter their clients. Hackers, known as APT10 which has been active since at least 2009, had access to a vast constellation of clients. The threat report also mentioned the named of over 100 companies which had relationships with breached cloud providers, including Rio Tinto, Philips, American Airlines Group Inc., Deutsche Bank AG, and Allianz SE.
The threat is so impactful that the justice Department have worried about their own possible exposure. The authorities mentioned that the hackers behind APT10 stole personnel records of more than 100,000 people from the US Navy.
A joint report published by Recorded Future and Rapid7 , these hackers APT10 has been infiltrating one of the largest cloud service providers in Europe, Visma.
National Cyber Security Centre (NCSC) of UK added that after the identification of APT10, the authorities found that it has been targeting healthcare, defence, aerospace, government, heavy industry and mining.
Hacking industry is changing
This year the cybersecurity experts have witnessed and analyzed some unbelievable hackling activities all around the world. It includes:
Apple FaceTime bug
A kid who was playing online video games and was trying to get his "Fortnite" gaming partners over FaceTime, noticed that was he able to hear the microphone of one of his friend who did not pick the call and could hear the ringing sound of the phone. Later experts advised iOS users to immediately disable FaceTime and Apple subsequently disabled the Group FaceTime service.
Bluetooth and Wi-Fi noise hack
PWC UK researcher wrote custom malicious code that forced Bluetooth and Wi-Fi connected devices to release high-volume painful sounds or even high intensity and inaudible frequency sounds.
Online meeting platform vulnerability
Researchers found a vulnerability in popular Cisco Webex and Zoom online meeting platforms that could allow an attacker to scan for and attend videoconference meetings set up without password protection.
Hackers talking via security cam
After installing a newly purchased Ring security camera a mother of an eight-year-old Tennessee girl came to know that a stranger hacked into the security camera and tried to talk to the girl.