![]() Stealing chip schematics, he points out, could potentially allow Chinese hackers to more easily dig up vulnerabilities hidden in computing hardware. But he says Winnti's innovative tactics, like the hijacking of Asus's software updates, set them apart.Įven amidst China's wholesale hacking of its island neighbor, though, C圜raft's Duffy argues that the semiconductor industry represents a particularly dangerous target. Winnti isn't unique among China-linked groups in their widespread targeting of Taiwan, Raiu adds. "It's possible that what they’re seeing is just a small fragment of a larger picture," Raiu says. ![]() Costin Raiu, the director of Kaspersky's Global Research & Analysis Team, says Winnti is responsible for other attacks on a broad range of Taiwanese companies beyond the semiconductor makers C圜raft has focused on, from telecoms to tech firms. Kaspersky, which first spotted and named the Winnti group in an investigation published in 2013, last year linked the group to an attack that hijacked the update mechanism for computers sold by Taiwan-based Asus. (C圜raft notes that it's still not certain that Chimera is in fact Winnti, but considers it a likely possibility.) In 2015, Symantec found that Winnti also appeared to be using skeleton key injection attacks like the kind C圜raft found used against the Taiwanese semiconductor companies. In recent years, Winnti has become known for carrying out a mix of what appears to be state-sponsored hacking aligned with China's interests and for-profit criminal hacking, often targeting videogame firms. Most specifically revealing, though, was the presence of one backdoor program on multiple victims' networks that C圜raft says was previously used by the Winnti group, a large collection of hackers who have operated for over a decade and who are widely believed to be based in mainland China. "It's a strategic attack on the entire industry." The sort of wholesale theft of intellectual property C圜raft observed "fundamentally damages a corporation's entire ability to do business," adds Chung-Kuan Chen, another C圜raft researcher who will present the company's research at Black Hat today. "This is very much a state-based attack trying to manipulate Taiwan's standing and power," says Chad Duffy, one of the C圜raft researchers who worked on the company's long-running investigation. And while C圜raft has previously given this group of hackers the name Chimera, the company's new findings include evidence that ties them to mainland China and loosely links them to the notorious Chinese state-sponsored hacker group Winnti, also sometimes known as Barium, or Axiom. The series of deep intrusions-called Operation Skeleton Key due to the attackers' use of a "skeleton key injector" technique-appeared aimed at stealing as much intellectual property as possible, including source code, software development kits, and chip designs. But an investigation by one Taiwanese security firm has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry.Īt the Black Hat security conference today, researchers from the Taiwanese cybersecurity firm C圜raft plan to present new details of a hacking campaign that compromised at least seven Taiwanese chip firms over the past two years. Taiwan has faced existential conflict with China for its entire existence and has been targeted by China's state-sponsored hackers for years.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |