28 Apr 2023 | Asia Cyber Summary

In the spotlight this week:

• China Approves Wide-Ranging Expansion of Counter-Espionage Law
• 630 Million Chinese Users’ Sensitive Data Exposed, Attackers Claim
• Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
• Google Dismantles CryptBot Info-stealing Malware Infrastructure
• US Cyber Warriors Thwarted 2020 Iran Election Hacking Attempt
  ‍

China Approves Wide-Ranging Expansion of Counter-Espionage Law

China's top legislative body has passed a wide-ranging update to its Counter-Espionage Law, its first since 2014, which broadens the definition of spying and bans the transfer of any information related to national security. The law expands the definition of espionage to include cyberattacks against state organs or critical information infrastructure, with cyber attacks also classified as acts of espionage. The revisions allow authorities to access data and electronic equipment, as well as ban border crossings. Espionage cases are usually tried in secret due to their links to national security.

‍

630 Million Chinese Users’ Sensitive Data Exposed, Attackers Claim

An unknown group has claimed to have leaked sensitive personal data, including bank card numbers and home addresses, on over 630 million Chinese citizens. The data set was allegedly posted on a Russia-linked cybercrime forum for sale. The leak, if confirmed, would be one of the largest data breaches affecting Chinese citizens. The data samples provided suggest that the information was stolen from a server hosted in France, but the source of the data has not been confirmed. Experts warn that even seemingly insignificant pieces of personal information can be collated to have a devastating impact, and victims should take action to mitigate the outcome.

‍

Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions

The Tonto Team, a China-aligned threat actor active since 2009, has been targeting various sectors across Asia and Eastern Europe, with South Korean education, construction, diplomatic, and political institutions being the latest targets. The group uses a Microsoft Compiled HTML Help (.CHM) file to execute a binary file and side-load a malicious DLL file, ultimately leading to the deployment of the Bisonal remote access trojan. Cyber security researchers warn that the Tonto Team is constantly evolving and using normal software for more elaborate attacks.

‍

Google Dismantles CryptBot Info-stealing Malware Infrastructure

Google has taken legal action to disrupt the Cryptbot info-stealing malware's distribution network to reduce data theft for victims. CryptBot infected over 670,000 Windows computers in 2022 to steal sensitive data, including authentication credentials, social media account logins, and cryptocurrency wallets from Chrome users. Google has been granted a temporary restraining order by the court to take down CryptBot's associated malware infrastructure and domains to slow down its spread and reduce new infections. The operators and distributors of CryptBot are believed to be Pakistan-based and run globally. The legal complaint is based on several claims, including computer fraud, computer abuse, and trademark infringement.

‍

US Cyber Warriors Thwarted 2020 Iran Election Hacking Attempt

The article discusses how the US military and cyber security officials thwarted an Iranian hacking attempt on a municipal government system used to publish unofficial election results during the 2020 US presidential election. The cyber attack was detected and stopped before the hackers could alter or disrupt the results page. The successful thwarting highlights the efforts of US military cyber warriors to prevent election interference and cyber attacks. The use of electronic systems in elections presents security challenges and has made them an attractive target for those seeking to meddle in elections. The US has been increasingly focused on cyber security threats since the 2016 election and has been taking steps to heighten protections for voting systems.

‍