Major Leak Spills A Chinese Hacking Contractor’s Tools And Targets

The United States issued a seizure warrant to Starlink this week related to satellite internet infrastructure used in a scam compound in Myanmar. The action is part of a larger US law enforcement interagency initiative announced this week called the District of Columbia Scam Center Strike Force.

Meanwhile, Google moved this week to sue 25 people that it alleges are behind a “staggering” and “relentless” scam text operation that uses a notorious phishing-as-a-service platform called Lighthouse.

WIRED reported this week that the US Department of Homeland Security collected data on Chicago residents accused of gang ties to test if police files could feed an FBI watchlist—and then, crucially, kept the records for months in violation of domestic espionage rules.

China’s massive intelligence apparatus has never quite had its Edward Snowden moment. So any peak inside its surveillance and hacking capabilities represents a rare find. One such glimpse has now arrived in the form of about 12,000 documents leaked from the Chinese hacking contractor firm KnownSec, first revealed on the Chinese-language blog Mxrn.net and then picked up by Western news outlets this week. The leak includes hacking tools such as remote-access Trojans, as well as data extraction and analysis programs. More interesting, perhaps, is a target list of more than 80 organizations from which the hackers claim to have stolen information. The listed stolen data, according to Mrxn, includes 95 GB of Indian immigration data, three TB of call records from South Korean telecom operator LG U Plus, and a mention of 459 GB of road-planning data obtained from Taiwan, for instance. If there were any doubts as to whom KnownSec was carrying out this hacking for, the leak also reportedly includes details of its contracts with the Chinese government.

The cybersecurity community has been warning for years that state-sponsored hackers would soon start using AI tools to supercharge their intrusion campaigns. Now the first known AI-run hacking campaign has surfaced, according to Anthropic, which says it discovered a group of China-backed hackers using its Claude tool set extensively in every step of the hacking spree. According to Anthropic, the hackers used Claude to write malware and extract and analyze stolen data with “minimal human interaction.” Although the hackers bypassed Claude’s guardrails by couching the malicious use of its tools in terms of defensive and whitehat hacking, Anthropic says it nonethele

Source: Wired