Tag: hackers

Will An Iran Cyber Attack Panic Usher In A New Patriot Act?

In a 2007 interview, retired General Wesley Clark revealed that the Pentagon had a plan to “take out seven countries in five years”—Iraq, Syria, Lebanon, Libya, Somalia, Sudan, and Iran. Over the following two decades, the first six were bombed, destabilized, or collapsed into civil war. Only Iran remains standing—resistant to Western central banking, culturally hostile to global usury, and guarding some of the world’s most ancient archeological sites.

Now, major media outlets such as Fox News and the Independent warn of a looming cyberwar, and we’re told to brace for a potential Iranian cyberattack on the US or its allies, aimed at critical infrastructure such as power and water systems. But rather than ask how to defend against it, we should ask something more: Is Iran really the culprit? Or is it the designated scapegoat for an event designed to advance elite control both abroad and at home?

Recent history provides a clear pattern: When crises erupt, state and corporate power rapidly consolidate. After 9/11, the US government ushered in the Patriot Act, warrantless surveillance, and indefinite detention, all in the name of security. The 2008 financial collapse delivered historic bank bailouts and accelerated economic consolidation. In 2020, the covid pandemic normalized lockdowns, QR-code health passes, and calls for digital identity systems tied to medical records. In the wake of the Capitol riot, proposals exploded for increased censorship, AI-powered surveillance, and policing of online speech. As the author Naomi Klein outlined in her seminal work, The Shock Doctrine, elites routinely exploit crises to fast-track policies that populations would otherwise reject.

The current cyber panic fits the mold. If a catastrophic digital event were to hit—disabling hospitals, banks, or energy systems—the solution being quietly preloaded into public discourse is the rollout of global “Digital ID” infrastructure. The World Economic Forum has explicitly highlighted how global digital IDs for people and objects are essential for trade digitization and establishing a global digital economy. In its Digital Identity Blueprint, the WEF outlines a framework linking online activity, financial services, travel permissions, and even behavioral data to a single identity. But what’s sold as “security” is, in fact, the foundation of a technocratic control grid.

If implemented, Digital ID would function as a master key to everything: your money, health records, online access, and even your ability to travel. In time, it could merge with carbon quotas and social credit scoring systems like those piloted in China. An algorithm, not a constitution, would govern your rights. One wrong opinion, and you risk being shut out of society, not by police, but by code. In a world where social media mobs enforce ideological purity, public humiliation becomes the new policing mechanism. You self-censor, you self-surveil, and eventually, you self-govern—on someone else’s terms.

But there’s a core problem with the “Iran did it” cyberattack narrative: Iran lacks the capability. Iran’s cyber warfare infrastructure is far less sophisticated than that of the US, Israel, Russia, or China. The Harvard Belfer Center’s National Cyber Power Index places Iran low in its global rankings. While Iran may be able to execute nuisance-level hacks, it is not in a position to disable critical US infrastructure. So if a major cyberattack does occur, blaming Iran may serve a political purpose—not reflect reality.

Keep reading

China-Linked Hackers Breach US Nuclear Weapons Agency In Sophisticated Operation

The National Nuclear Security Administration (NNSA) has been hit by a sophisticated cyberattack that exploited a previously unknown vulnerability in Microsoft SharePoint, and is being widely described by one of the most serious breaches of US defense infrastructure this year. Fingers in the West are pointing to Beijing.

Hackers believed linked to the Chinese government used a zero-day exploit targeting on-premises versions of SharePoint to infiltrate over 50 organizations, including the agency responsible for the Navy’s nuclear submarine reactors. China is vehemently denying the charge.

The NNSA oversees both the production of nuclear reactors for submarines and the maintenance of the US nuclear arsenal. Cybersecurity experts are currently describing what’s known as an advanced remote code execution (RCE) attack.

The vulnerability reportedly affected SharePoint Server 2019 and the Subscription Edition, which allowed attackers to bypass security protocols and execute arbitrary commands on targeted systems, as described in Bloomberg.

The US Department of Energy is well-known to use Microsoft 365 cloud systems for a lot of its SharePoint work. “The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,” a Department of Energy spokesperson conveyed in a statement to Bloomberg. “A very small number of systems were impacted. All impacted systems are being restored.”

It’s believed the hackers were able to gain unauthorized access, steal data, collect login credentials, and potentially move deeper into connected networks; however, the Department of Energy has claimed no classified or sensitive nuclear data was compromised in the breach.

Keep reading

Microsoft knew of SharePoint server exploit but failed to effectively patch it

A security patch released by Microsoft (MSFT.O) last month failed to fully fix a critical flaw in U.S. tech giant’s SharePoint server software that had been identified in May, opening the door to a sweeping global cyber espionage operation.

It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend. But Alphabet’s (GOOGL.O) Google, which has visibility into wide swathes of internet traffic, said it tied at least some of the hacks to a “China-nexus threat actor”.

The Chinese Embassy in Washington did not respond to a Reuters request for comment. Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies carrying out hacking operations.

Contacted on Tuesday, Microsoft was not immediately able to provide comment on the patch and its effectiveness.

The vulnerability that facilitated the attack was first identified in May at a hacking competition in Berlin organised by cybersecurity firm Trend Micro (4704.T), which offered cash bounties for the discovery of computer bugs in popular software.

It offered a $100,000 prize for “zero day” exploits – so called because they leverage previously undisclosed digital weaknesses – that could be used against SharePoint, Microsoft’s flagship document management and collaboration platform.

A researcher working for the cybersecurity arm of Viettel, a telecommunications firm operated by Vietnam’s military, identified a SharePoint bug at the event, dubbed it ‘ToolShell’ and demonstrated a method of exploiting it.

The researcher was awarded $100,000 for the discovery, according to a post on X by Trend Micro’s “Zero Day Initiative”. A spokesperson for Trend Micro did not immediately respond to Reuters’ requests for comment regarding the competition on Tuesday.

Microsoft subsequently said in a July 8 security update that it had identified the bug, listed it as a critical vulnerability, and released patches to fix it.

Keep reading

Report: Microsoft’s Chinese Engineers Access Pentagon Systems with Minimal Oversight from ‘Digital Escorts’

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.

A ProPublica investigation has uncovered that Microsoft is relying on engineers based in China to help maintain sensitive computer systems for the U.S. Department of Defense, with only minimal oversight from U.S. personnel. This arrangement, which Microsoft deems critical to winning the Pentagon’s cloud computing business, could potentially expose some of the country’s most sensitive data to espionage and hacking by China.

The system relies on U.S. workers with security clearances, known as “digital escorts,” to supervise the Chinese engineers and serve as a firewall against malicious activities. However, ProPublica found that these escorts often lack the advanced technical skills needed to effectively monitor the foreign workers, who possess far greater coding expertise. Some escorts are ex-military with little software engineering experience, earning barely above minimum wage.

Keep reading

Google finds custom backdoor being installed on SonicWall network devices

Researchers from the Google Threat Intelligence Group said that hackers are compromising SonicWall Secure Mobile Access (SMA) appliances, which sit at the edge of enterprise networks and manage and secure access by mobile devices.

The targeted devices are end of life, meaning they no longer receive regular updates for stability and security. Despite the status, many organizations continue to rely on them. That has left them prime targets by UNC6148, the name Google has given to the unknown hacking group.

“GTIG recommends that all organizations with SMA appliances perform analysis to determine if they have been compromised,” a report published Wednesday said, using the abbreviation for Google Threat Intelligence Group. “Organizations should acquire disk images for forensic analysis to avoid interference from the rootkit anti-forensic capabilities. Organizations may need to engage with SonicWall to capture disk images from physical appliances.”

Lacking specifics

Many key details remain unknown. For one thing, the attacks are exploiting leaked local administrator credentials on the targeted devices, and so far, no one knows how the credentials were obtained. It’s also not known what vulnerabilities UNC6148 is exploiting. It’s also unclear precisely what the attackers are doing after they take control of a device.

The lack of details is largely the result of the functioning on Overstep, the name of custom backdoor malware UNC6148 is installing after initial compromise of the devices. Overstep allows the attackers to selectively remove log entries, a technique that is hindering forensic investigation. Wednesday’s report also posits that the attackers may be armed with a zero-day exploit, meaning it targets a vulnerability that’s currently publicly unknown. Possible vulnerabilities UNC6148 may be exploiting include:

  • CVE-2021-20038: An unauthenticated remote code execution made possible by a memory corruption vulnerability.
  • CVE-2024-38475: An unauthenticated path traversal vulnerability in Apache HTTP Server, which is present in the SMA 100. It can be exploited to extract two separate SQLite databases that store user account credentials, session tokens, and seed values for generating one-time passwords.
  • CVE-2021-20035: An authenticated remote code execution vulnerability. Security firm Arctic Wolf and SonicWall reported in April that this vulnerability was under active exploitation.
  • CVE-2021-20039: An authenticated remote code execution vulnerability. There have been reports that this vulnerability was under active exploitation to install ransomware in 2024.
  • CVE-2025-32819: An authenticated file deletion vulnerability that can be exploited to cause a targeted device to revert the built-in administrator credentials to a password so that attackers can gain administrator access.

Keep reading

Fighting against Chinese cyber-espionage, FBI hunts down members of Chinese hacking networks

When Chinese national Xu Zewei stepped off a plane at Milan’s Malpensa airport for a vacation with his wife, Italian authorities arrested him. The Italians executed an American warrant issued by investigators for his alleged role in the most prolific Beijing-backed cyber-espionage campaign in recent years.

Before Xu’s July 3 arrest, the Justice Department often charged alleged Chinese hackers in absentia. But now, the Trump administration has detained for the first time one of Beijing’s suspected cyber operators as part of its wider effort to combat Chinese espionage against the United States.

The Justice Department announced Xu’s arrest earlier this week and outlined the charges against him as part of a nine-count indictment along with one codefendant. The pair are accused of involvement in computer intrusions that compromised personal data, intellectual property, COVID-19 research at U.S. universities, and law firm materials, the Justice Department said. 

The arrest of Xu Zewei in Italy marks one of the first recorded cases of the FBI apprehending a suspected Chinese hacker. The FBI’s Houston Field Office, which led the case, said in a social media post shortly after the announcement that Xu Zewei was “one of the first hackers linked to Chinese intelligence services to be captured by the FBI.” 

Keep reading

US Charges Chinese Man Accused of Hacking Into Universities to Steal COVID-19 Research

The Department of Justice (DOJ) announced charges on July 8 against a Chinese national taken into custody in Italy at the behest of Washington, and accused him of hacking into several U.S. universities to steal COVID-19 research at the direction of China’s main intelligence agency.

Xu Zewei, 33, was arrested in Milan, Italy, on July 3 by Italian law enforcement officials and FBI agents as he departed a plane from China. Xu and another Chinese national, Zhang Yu, 44, who remains at large, are charged in a nine-count indictment unsealed in the Southern District of Texas on Tuesday for their alleged involvement in computer intrusions between February 2020 and June 2021.

According to the indictment, Xu was a general manager at a Chinese company called Shanghai Powerock Network, which allegedly conducted hacking operations at the direction of the Shanghai State Security Bureau (SSSB) under China’s Ministry of State Security (MSS).

The DOJ said that Xu’s case exemplifies the Chinese regime’s use of a vast network of private companies and contractors in China to carry out hacking and information theft in a manner that concealed Beijing’s involvement.

“The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins,” Nicholas Ganjei, U.S. attorney for the Southern District of Texas, said in a statement.

“The Southern District of Texas has been waiting years to bring Xu to justice and that day is nearly at hand. As this case shows, even if it takes years, we will track hackers down and make them answer for their crimes. The United States does not forget.”

Keep reading

France detains Russian basketball star at request of US – AFP

Russian basketball player Daniil Kasatkin has been detained in France at the request of the US on suspicion of being a member of a hacker group, AFP reported on Wednesday evening.

Kasatkin, a point guard playing for Russia’s national team, was detained on June 21 at Charles de Gaulle Airport after arriving in France with his fiancée, AFP said.

At a hearing on Wednesday, a judge ruled to keep him in custody pending extradition.

The US alleges that Kasatkin, who had studied in the country, had negotiated ransom payments on behalf of a hacker gang that targeted around 900 companies and two federal institutions from 2020 to 2022.

The athlete denies any wrongdoing, his lawyer Frederic Belot told reporters, claiming that Kasatkin has “poor computer skills” and had bought a used computer that was “either hacked or a hacker sold it to him using another person’s name.”

Keep reading

Chinese state-sponsored contract hacker arrested in Italy at US request: DOJ

The US Department of Justice said on July 8 a Chinese state-sponsored contract hacker was arrested last week in Italy at the request of Washington, but the arrested man claimed he is a victim of mistaken identity.

Xu Zewei, 33, was arrested on July 3, the Justice Department said, adding a nine-count indictment was unsealed on July 8 in the Southern District of Texas alleging the involvement of that individual and a co-defendant in computer intrusions between February 2020 and June 2021.

Xu was arrested in Milan, Italy, and will face extradition proceedings, the DOJ said in a statement.

It alleged China’s ministry of state security had directed theft of Covid-19 research and the exploitation of Microsoft email software vulnerabilities.

The Chinese government has denied allegations of being involved. The Chinese embassy in Washington did not immediately respond to a request for comment.

Xu’s lawyer said on July 8 that he is a victim of mistaken identity, that his surname is quite common in China and that his mobile phone had been stolen in 2020.

The 33-year-old IT manager at a Shanghai company appeared on July 8 before an appeals court in Milan, which will decide whether to send him to the United States. The man was arrested last week after he arrived at Milan’s Malpensa airport for a holiday in Italy with his wife.

Keep reading

‘Hacktivist’ steals data of 2.5M Columbia University students, employees and applicants in politically motivated cyberattack

A seasoned “hacktivist” reportedly stole sensitive data from more than two million Columbia University students, applicants and employees in a targeted cyberattack officials believe was politically motivated.

The sophisticated digital activist, who knocked the Ivy League’s systems offline for several hours on June 24, swiped social security numbers, citizenship status, university-issued ID numbers, application decisions, employee salaries, and other private records, Bloomberg News reported.

A university official told The Post the savvy hacker appeared to target specific documents to advance their political agenda.

“We immediately began an investigation with the assistance of leading cybersecurity experts and after substantial analysis determined that the outage was caused by an unauthorized party,” Columbia said in a statement Tuesday.

“We now have initial indications that the unauthorized actor also unlawfully stole data from a limited portion of our network. We are investigating the scope of the apparent theft and will share out findings with the University community as well as anyone whose personal information was compromised.”

Keep reading