South China Morning Post
Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
China’s Ministry of State Security said cyber spies have been establishing clandestine channels to consistently aquire sensitive data. Photo: Shutterstock
ChinaScience

China spy agency renews foreign cyber intelligence warning after data breaches

  • Negligence and a lack of precautions are making critical departments and companies vulnerable to attack, state security ministry said
  • Overseas spies usually scan for network flaws in large batches before launching targeted attacks to steal data, it added
Cybersecurity
Holly Chik
Holly Chik
Why you can trust SCMP
China’s top intelligence agency has issued a renewed warning about foreign cyber espionage, saying data breaches endanger the country’s information and network security.
The Ministry of State Security said that in recent years overseas cyber spies have been attacking critical departments and companies in China and establishing channels to consistently acquire sensitive data.

Foreign hackers usually manage to pilfer data from key Chinese units because they are able to take advantage of a lack of security precautions and negligence, the ministry warned.

“Cyber spies outside China often scan exposed network security flaws in large batches. Once they discover unpatched vulnerabilities on important units, they launch targeted attacks to steal data,” it said, in an article posted on Friday to its WeChat account.

In one case, a military-civilian integration enterprise did not update its software promptly – which the agency described as “a high cybersecurity risk as if the door was wide open”.

China’s spy agency warns of national security threats from AI technology

Hackers then implanted malware disguised as a legitimate programme via the loophole to access the company’s production data and customer information, the agency said.

The breach harmed the development of military equipment and technology, and threatened the country’s military and technological security, it added.

The agency also outlined how hackers target large state-owned enterprises, citing a “suspicious situation” where encrypted data was repeatedly transmitted overseas in the early morning hours and sent to different IP addresses each time.

Investigations found that the company deployed a network system testing device which had different permissions to access the system, but did not take the equipment offline after the test, leaving it operating without proper management.

The cyber intruder used it as a springboard to attack the system and steal the company’s core data, resulting in the loss of critical basic data related to people’s livelihoods in China, the agency said.

Software supply chain companies and their IT staff with administrative permissions are also vulnerable, according to the agency which detailed a case that involved an email system operator who was responsible for providing technical support to customers.

China spy agency widens remit as well as reach with WeChat account

The operator, who had remote access to customer accounts, had the unprofessional habit of recording their passwords – and a system administrator password – on a computer.

The agency said foreign spies attacked the operator’s computer after he was identified through open-source intelligence as a system operator. Using the list of passwords, they obtained internal emails from a thousand systems belonging to key units.

In an earlier warning in November, the ministry said a foreign intelligence agency posing as a software developer offered a Chinese network engineer a substantial fee to help dozens of its products meet China’s security checks.

The software carried malware and was used to obtain data from national defence and military-industrial units, as well as hi-tech enterprises, according to the ministry.

3