Several espionage tactics have been employed by China to obtain intelligence from the U.S., reports SecurityWeek.
China has been noted by Western intelligence leaders and researchers to be infiltrating its rivals' computer systems in an effort to obtain trade secrets, with Microsoft email systems compromised by the country two years ago through hired "contract hackers" to secure corporate data and other sensitive information. Numerous U.S. organizations have also been hacked by Chinese cyber spies.
The U.S. has also expressed concern about potential intelligence sharing that could be facilitated by Chinese state-linked firms, with Huawei having been banned from serving as a supplier to U.S. government systems, while TikTok has been subject to ongoing conversations regarding a possible ban in the country due to data security fears.
Aside from enlisting citizens living outside the country to facilitate intelligence gathering and technology theft, China has also launched espionage efforts targeted at U.S. politicians.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.