Hacking attacks on government departments

Massive hacking operations targeting Chinese government organizations, including Shanghai and Beijing departments, have been found, China’s biggest online security firm 360 said on Tuesday. 

It said they present serious cybersecurity risks and sensitive data leakage especially during the COVID-19 outbreak.

Since March, hackers have used vulnerabilities in Sangfor’s VPN (virtual private network) servers to hack about 200 VPN servers. Many of them link enterprise and government networks in China. The COVID-19 outbreak has forced many firms and government bureaus to use VPNs for remote working, making the hacking more targeted and dangerous, according to 360.

Shenzhen-listed Sangfor confirmed the attacks and has warned users of the risks, the enterprise cloud and security service provider said on its WeChat account. 

360 traced the attacks to DarkHotel, a professional hacking organization in East Asia which began hacking in 2007. The attack is defined as an APT (advanced persistent threat), which means hacking that is well organized and coordinated with specific objectives and mining highly sensitive data. 

360 said many servers are on the networks of government agencies in Shanghai and Beijing, and the networks of Chinese diplomatic missions operating abroad. According to a list by 360, many systems of Shanghai’s resident community management commissions have been hacked. They are in the frontline of the COVID-19 outbreak and containing much private information.

Related organizations are being advised by Sangfor and 360 to update their VPN sever systems, strengthen account protection and check computers with professional security software.