From the Washington Post:
The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.
Clive Robinson • January 7, 2025 6:35 PM
Those who have read “The Cuckoo’s Egg” Book, written by Clifford Stoll at the end of the 1980’s. About how against the mostly disinterested network / Unix people in US Government back in the 1980’s he tracked down a West German and a group he fronted who were hacking for the KGB. Will find this story sounds quite familiar in it’s broader brush strokes.
lurker • January 8, 2025 1:13 AM
I find it hard to feel sorry for the victims. After all, Flax Typhoon is said to exploit “one of a number of known vulnerabilities” using code that has been openly published on the web for 8 years now.
‘https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/0/CSA-PRC-LINKED-ACTORS-BOTNET.PDF
Who? • January 8, 2025 9:55 AM
@ Clive
I would pay you seventy-five cents, but then someone at NSA, or perhaps someone at Lawrence Berkeley National Laboratory, would track us. 😉
Indeed, even at that time KGB was hacking our networks with the help of organizations like the Chaos Computer Club. What they are doing now that computer networks are widely available, our dependency on technology is huge and systems are left unmanaged in most cases on that wild-west we call Internet, is difficult to imagine.
What we know about Flax Typhoon, and the simple way they evaded detection using standard tools, shows that our security has not evolved a lot since the times described in The Cuckoo’s Egg. We do not need advanced attack tools where common sense and patience is enough.
Clive Robinson • January 8, 2025 3:03 PM
@ Bruce, “Off topic heads up”
You might want to have a read of,
https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
They factored the RSA modulus in less than a day for less than $8 “in the cloud”.
They give a nice write up and a sufficient “recipe” so you can “bake your own”.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Andy • January 7, 2025 3:47 PM
That’ll teach them!