bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

moreOnThisArticles

urlAlias

commentCount

authorLocations

authors

corrections

sponsorType

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

publishedDate

additionalInfoBoxes

quizIds

images

image

relatedLinks

relatedNewsletters

__typename

createdDate

sponsor

paywallTypes

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

James Griffiths

Hackers in China have been taking control of website servers from small businesses with weak security protocols and using them to mask their attacks on bigger prizes like government data sites, according to security researchers. 
RSA Research said that a virtual private network (VPN) platform in China, which it dubbed "Terracotta", has been hacking into servers used by legitimate businesses. 
"It would appear that by just hacking these [servers] and stealing the bandwidth and computing power, there's considerable cost savings involved," Peter Beardmore, RSA’s senior consultant for threat intelligence marketing, told CSO Online. 
The servers are then sold as “digital camouflage” to other cyber criminals. 
VPN services have a number of legitimate purposes, such as giving office workers remote access to a company’s network, or helping skirt China's Great Firewall, but they can also serve more nefarious purposes in the hands of hackers. 

They can hide a user's location and IP address - the digital location of their computer - thus enabling hackers dodge law enforcement agencies. 
As such, cybersecurity teams at large organisations, which are often targeted by hackers, will often will block the IP addresses of commercial VPN services.
"The [hackers] utilising the Terracotta network have effectively overcome this line of defence", the researchers said, by using regular website servers as a shield. 
"Traffic emanating from the Terracotta node could appear as legitimate traffic from a legitimate domestic organisation, when in fact that organisation is a Terracotta victim with an infected server."
While it did not identify which VPN provider Terracotta is, RSA said it was one of many small commercial VPNs operating under-the-radar in China to help people avoid the country’s sweeping internet restrictions. 
Such services are often sold on e-commerce sites like Taobao, run by Chinese e-commerce giant Alibaba, or via social media and online forums.


Hong Kong watchdog warns of new scam involving complaints from ‘neighbours’

Crypto giant Coinbase warns of US$400 million hit from cyberattack, refuses to pay ransom

Philippine midterms: did pro-Duterte candidates benefit from ‘China-funded’ troll farms?

DeepSeek’s AI in hospitals is ‘too fast, too soon’, Chinese medical researchers warn

Cybersecurity

Chinese hackers using 'Terracotta' VPN to hijack servers of small businesses and attack government sites

'Terracotta' has reportedly been hacking into legitimate servers and selling them on to other cyber criminals. Photo: Reuters

VPNs are popular in China as a means of bypassing the country's so-called Great Firewall, which blocks sites like Facebook and Twitter, but hackers can exploit them for more underhand purposes. Photo: EPA

Tech

Enterprises