Skip to main content

3 chinese hackers got cut in the US: "Boyusec" exposed















In 2013, APT3 allegedly stole the blueprints for ASIO's new Canberra building using a piece of malware that was uploaded to an ASIO employee's laptop.

According to the indictment, the three Chinese nationals—identified as Wu Yingzhuo, Dong Hao, and Xia Lei—launched "coordinated and unauthorized" cyber attacks between 2011 and 2017, and successfully steal information from a number of organizations by compromising their accounts.





The trio of hackers has alleged to have attacked Moody's Analytics, Siemens, and Trimble by sending spear-phishing emails with malicious attachments or links to malware.

The men also used customized tools collectively known as the 'ups' or 'exeproxy' malware to gain unauthorized, persistent access to the targeted companies' networks, allowing them to search for and steal confidential business information and user credentials.
"The primary goal of the co-conspirators’ unauthorized access to victim computers was to search for, identify, copy, package, and steal data from those computers, including confidential business and commercial information, work product, and sensitive victim employee information, such as usernames and passwords that could be used to extend unauthorized access within the victim systems," the DOJ said.
The most affected one of the three companies was IT giant Siemens. According to the indictment, the defendants:
  • Stole approximately 407 gigabytes of data from Siemens' energy, technology and transportation businesses in 2014.
  • Hacked into Trimble's network and stole at least 275 megabytes of data, including trade secrets related to global navigation satellite systems technology the company spent millions of dollars developing, in 2015 and 2016.
  • Accessed an internal email server at Moody's in 2011 and forwarded the account of an unidentified "prominent employee" to their own accounts, and eventually accessing the confidential messages sent to that account until 2014.
According to the DoJ, both Wu and Dong were co-founders and shareholders of Boyusec, while Lei was an employee. All the three defendants were residents of Guangzhou.

The Chinese men have been charged with a total of eight counts, including one charge of committing computer fraud and abuse, two charges of committing trade secret theft, three counts of wire fraud and four to eight counts of aggravated identity theft.

If found guilty in the court of law, the hackers face a maximum sentence of 42 years in prison.

Comments

Popular posts from this blog

NiceHash: security breach leads to 60 million lost - Iceman is behind?

A dark day for crypto currency miners, NiceHash has been hacked. Closely to 60$ millions (4,736.42 BTC) have been stolen while the bitcoin is crossing the 14k$ mark for the first time.













The hacker's bitcoin address cleary shows the steal of  4,736.42 BTC in a window of 48 hours: https://bitinfocharts.com/bitcoin/address/1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq




NiceHash users are furious by the time of reaction of the team. It took about 24 hours to realise that big amounts have been stolen.

I've contacted a member of Iceman and knowing this security breach for some reason he explained that NiceHash actually owned their users bitcoin wallets in order to save transactions fees and collect unclaimed BTC. This issue leads to a massive security breach which allow access to all NiceHash wallets. He claimed that by reverse engineering of their miner client, Iceman group was able to access their API. Is Iceman really behind this attack?






NanoCore developper busted and senteced for 33 months

A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been sentenced to serve almost three years in prison.

Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and intentionally selling a remote access trojan (RAT), called NanoCore, to hackers for $25.

Huddleston was arrested in March, almost two months before the FBI raided his house in Hot Springs, Arkansas and left with his computers after 90 minutes, only to return eight weeks later with handcuffs.
This case is a rare example of the US Department of Justice (DOJ) charging someone not for actively using malware to hack victims' computers, but for developing and selling it to other cybercriminals.
Huddleston admitted to the court that he created his software knowing it would be used by other cybercrimina…

ICEMAN : Infecting Crystal Finance Millennium

Iceman gang member confirms that they are behind the introduction and spreading of malwares that have affected Crystal Finance Millennium, a Ukraine-based accounting software firm. Was this a political based attack? Read more to find out.
I’ve had a chance to speak to one of the gang member on XMMP and he confirmed that the Iceman group is behind this attack. They started by a simple web attack (SQLI which lead to web shell upload, no privilege escalation was needed) in order to gain access to the web servers of the company. He confirmed that the math was simple, the Ukrainian company had many clients in the financial and medical sector which facilitated the propagation of their malware. From the archived web page, it becomes apparent they provide accounting software, personalization of medical records, blood service and "full automation of the doctor's office" - contrary to what their company name suggests, it appears they are (mostly) focused on medical software.
The…