back to article Hey, China. Maybe you should have held your hackers off for a bit while COVID-19 ravaged the planet. Just a suggestion

Proving that no good crisis ever goes to waste, Chinese government hacking crew APT41 launched a campaign that abuses vulns in Citrix Netscaler and Zoho ManageEngine, according to threat intel outfit FireEye. As well as targeting load balancers and network management suites, the Chinese interference operatives spent three …

  1. Nunyabiznes

    Fight Fair?

    Culturally the Chinese (current government at least) look at our "fight fair" doctrines and are baffled. If you are going to fight, fight to win. They are waging a campaign to win global dominance from the West, and are getting it done.

    1. Anonymous Coward
      Anonymous Coward

      Re: Fight Fair?

      Russia has a similar attitude - use any means necessary to achieve your goals. Fortunately today they have much less capabilities and worse organization than China or former USSR.

    2. Sir Runcible Spoon

      Re: Fight Fair?

      See 'The Art of War' by Sun Tzu

      1. bombastic bob Silver badge
        Meh

        Re: Fight Fair?

        That book suggests that war is expensive and should be avoided, FYI, and that peace (through strength, implied) is better than war.

        (it's somewhere near the beginning, actually)

    3. bombastic bob Silver badge
      Devil

      Re: Fight Fair?

      They are waging a campaign to win global dominance from the West, and are getting it done.

      Only if we LET them do it... (fact is you canNOT trust Communists!! Apparently world leaders had forgotten that pre-Trump)

      1. Michael Wojcik Silver badge

        Re: Fight Fair?

        Well, should any Communists ever come to power anywhere, we'll be on the lookout.

        Though experience shows you can't trust authoritarian regimes either. Or democracies.

      2. John Brown (no body) Silver badge

        Re: Fight Fair?

        You start the hunt by checking under your bed. Let us know if you find one, then we can all join in.

  2. Pascal Monett Silver badge

    Well ain't that nice and neighborly

    Somebody spike their computers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Well ain't that nice and neighborly

      Somebody spike their computers? Absolutely, Just as somebody spiked Cisco routers

      Cheers… Ishy

      1. Pascal Monett Silver badge

        Since when has international diplomacy been based on turning the other cheek ?

  3. This post has been deleted by its author

  4. amanfromMars 1 Silver badge

    Common Sense for Supreme Sublime Ruler Applications *

    "It is notable that we have only seen these exploitation attempts leverage publicly available malware such as Cobalt Strike and Meterpreter," commented FireEye. "While these backdoors are full featured, in previous incidents APT41 has waited to deploy more advanced malware until they have fully understood where they were and carried out some initial reconnaissance."

    How very wise. And surely Most Commendable and Recommendable?

    *Which may or may not yet be APT41 CyberIntelAIgent Intellectual Property for Hire and Bit Part Acquisition/Capitalised Purchase.

    1. Anonymous Coward
      Anonymous Coward

      Re: Common Sense for Supreme Sublime Ruler Applications *

      So basically they walked along the street and tried every door. If the door opened they would take a look at whose house it was before sending someone in to nick the TV/shit in the wardrobe?

      You're right, it could be a lot worse.

      1. amanfromMars 1 Silver badge

        Re: Common Sense for Supreme Sublime Ruler Applications *

        So basically they walked along the street and tried every door. If the door opened they would take a look at whose house it was before sending someone in to nick the TV/shit in the wardrobe?

        You're right, it could be a lot worse. ..... Anonymous Coward

        No. It is much worse when they have they discovered your secret stash is clashing and clogging up their systems with fast foreign cash which they be minded to reinvest considerably better elsewhere, hence the occasional pause and change of tack in operations.

        The Wild Wacky West though is hopelessly fated to be defaulted and configured for quarantine in the More of the Same Old Stuff for Further Past Nonsense Camp of Sub-Prime Executive Office Administrations ...... and that leaves one catastrophically vulnerable to exhaustive exploitation by practically everything new and/or almost new as in anything even slightly different and proving itself most attractive and appealing.

        If that is wrong, there is much worse.

  5. Anonymous Coward
    Anonymous Coward

    APT41 just doing their international good service

    And then the victims could perhaps be given "gratitude training" for uncovering their flaws.

    1. bombastic bob Silver badge
      Black Helicopters

      Re: APT41 just doing their international good service

      yes, uncovering their flaws will really SCREW your future "social credit" score.

      Report them, and you'll end up in a burnt pile of bodies alongside former Wuhan district residents...

      Conspiracy theory says it was all part of their plan, which has YET to completely backfire.

  6. Anonymous Coward
    Anonymous Coward

    China is good at viruses isn't it?

    ^ see above. Cough.

    1. ClockworkOwl
      Flame

      Re: China is good at viruses isn't it?

      Bugger...

      Just how far is 2M on t'interweb?

      Required given how much IPA I'm dowsed in>

      1. Anonymous Coward
        Anonymous Coward

        Re: China is good at viruses isn't it?

        "Required given how much IPA I'm dowsed in>"

        That's a waste of beer.

  7. Anonymous Coward
    Anonymous Coward

    Decorum is a silly social game. Concern for decorum represents screwing around and slacking off. Their is no room for such nonsense in any serious endeavor.

  8. Anonymous Coward
    Anonymous Coward

    Close off china

    If china and russia have proposed and "tested" an internal internet cutoff from the rest of the world then maybe the rest of the world should cut-off all their access to the rest of the worlds internet! and remove all Russian & Chinese DNS entries as well.

    1. amanfromMars 1 Silver badge

      Re: Close off china

      Would that result in a rest of the world operating system murder or suicide, AC?

    2. MR J

      Re: Close off china

      Seeing how the US does this sort of thing against China, Russia, Iran, North Korea, and even goes after private companies such as Yandex (Russian Google), Not to mention PHYSICAL damage to infrastructure.

      Well...

      The US and their partners need to keep the links open.

      1. John Brown (no body) Silver badge

        Re: Close off china

        You forgot to mention the German Premier. The US have no qualms about going after their allies too. I suspect much more so under Trumps America First MAGA policies.

  9. NonSSL-Login
    Meh

    Cisco Kit

    Given how many remote exploits there were for Cisco Kit in the last 30 days and how widely deployed they were, I would expect every country with sophisticated cyber capabilities to be making the most of the vulnerabilities before they got patched.

    The US gov were so noisy about Chinese Huawei kit being vulnerable yet here we are with US Cisco kit having vulnerability after vulnerability and with proof they are being exploited.

    Hacking is one of those jobs that can be done at home during isolation lockdown

    1. bombastic bob Silver badge
      Trollface

      Re: Cisco Kit

      where are those routers made, exactly.... ?

      1. Sir Runcible Spoon
        Trollface

        Re: Cisco Kit

        Made, or coded?

      2. The Unexpected Bill

        Re: Cisco Kit

        Believe it or not, all the Cisco routers I've come across were at least assembled in the US. Most are slightly older models, however.

        I found it interesting, as I've yet to see any of their late model switches assembled in the US.

      3. NonSSL-Login

        Re: Cisco Kit

        The software than runs on top where all the exploits have been found have been coded by Cisco themselves, I assume in their American HQ.

  10. Anonymous Coward
    Anonymous Coward

    For the love of dog, this is a tech site with seemingly intelligent people. You cannot attribute any hack to any state or person. In fact the way the internet works means it could literally be anyone. What if I relay through vpn's and compromised system to Scotland to perform an attack and use Scottish terms like deep fried bananas, kilt, bagpipe or "would you like a Glasgow kiss?" would that make me a Scottish hacker?

    Having got that out of my system I will add that these clowns are nobs.

    1. NonSSL-Login

      We know that outsourced Russian hackers are not allowed to use any Russian words or fonts in their code, so have to be careful to scrub usual fingerprints like home directories with Russian names that compilers like to stick in and such like.

      We also know that the CIA have used Russian companies certificates in their malware and plant foreign language fingerprints like the above compiler home directories.

      Not to mention all the stolen and re-used code from other countries cyber-offence teams. So yeah attribution is hard, so we have to go with best guess. It should be sold as definitive unless we are 100% and thats hard, even if we go by previous knowledge as again, that could be wrong for the same reason as above.

    2. YetAnotherJoeBlow

      @ac

      "For the love of dog"

      There are quite a few public vpn's that are operated by three letter type agencies world wide. You go through one of those, the gig is up. Personally I do not even use TOR (even worse.)

  11. quartzz

    am I allowed to say

    I ordered a takeaway yesterday.

    A chinese guy knocked at the door with the order, and said "isolate!".

    I said "no you aren't late, I only ordered it 15 minutes ago".

    1. This post has been deleted by its author

    2. bombastic bob Silver badge
      Coffee/keyboard

      am I allowed to say

      NO, you are NOT allowed to say that... and I'm still laughing at your joke

      (reminds me of an old 'book titles and authors' joke, something about a population explosion and 3 names commonly found in S.E. Asia, all strung together to make a funny phrase - a very very NAUGHTY funny phrase - rhyming with See Chuck's Tongue)

      1. Anonymous Coward
        Anonymous Coward

        Bob, I agree!

        Regards,

        IP Harder.

    3. This post has been deleted by its author

  12. c1ue

    Given China has been locked down since January 23 - what else do they have to do? /sarc

  13. TeeCee Gold badge

    "...APT41, also known as the Winnti Group..."

    Shouldn't that be "Winnit Group", seeing as they are a bunch of annoying little shits proving difficult to get rid of?

  14. sniperpaddy

    "It is notable that we have only seen these exploitation attempts leverage publicly available malware such as Cobalt Strike and Meterpreter," commented FireEye. "While these backdoors are full featured, in previous incidents APT41 has waited to deploy more advanced malware until they have fully understood where they were and carried out some initial reconnaissance."

    So it's not how APT41 but it is attributed to them? How very convenient to blame "the chinese virus".

    TBH it sounds like a clumsy false flag operation. The chinese are currently making a major effort to regain lost face.

  15. mhenriday
    Boffin

    Credulity much ?

    The always reliable FireEye says its those nefarious Chinese - as opposed to the dastardly Russians - and you believe them straight off, Gareth ? Wow !...

    Henri

  16. Torchy

    Do not buy Chinese made goods.

    That is why when we get over lockdown we all need to send a huge message to China by not buying Chinese goods.

    1. VulcanV5

      Re: Do not buy Chinese made goods.

      @Torchy: in which case, it'd be best not to buy anything. Because almost everything you buy will have components that originated life in that vast scumbag Communist state. . . a place, and a regime, whose existence is knowingly perpetuated by Big Commerce of a Capitalist West which wants the lowest manufacturing cost to maximize profit / executive pay / execuitve bonuses. If you want to change the way we do stuff, don't blame the Chinese or attempt to block 'em. Go after the major Western producers who, adly for them, wouldn't be able to make their $billions without cheap Chinese labour. And of course, when you've done that, and you wake up to the alarming discovery that the pension funds are no longer able to provide the returns they once did, maybe think again.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like