Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 7
122 résultats taggé China  ✕
Seeking Deeper: Assessing China’s AI Security Ecosystem https://cetas.turing.ac.uk/publications/seeking-deeper-assessing-chinas-ai-security-ecosystem
13/07/2025 23:08:22
QRCode
archive.org

cetas.turing.ac.uk/ Research Report
As AI increasingly shapes the global economic and security landscape, China’s ambitions for global AI dominance are coming into focus. This CETaS Research Report, co-authored with Adarga and the International Institute for Strategic Studies, explores the mechanisms through which China is strengthening its domestic AI ecosystem and influencing international AI policy discourse. The state, industry and academia all play a part in the process, with China’s various regulatory interventions and AI security research trajectories linked to government priorities. The country’s AI security governance is iterative and is rapidly evolving: it has moved from having almost no AI-specific regulations to developing a layered framework of laws, guidelines and standards in just five years. In this context, the report synthesises open-source research and millions of English- and Chinese-language data points to understand China’s strategic position in global AI competition and its approach to AI security.

This CETaS Research Report, co-authored with the International Institute for Strategic Studies (IISS) and Adarga, examines China’s evolving AI ecosystem. It seeks to understand how interactions between the state, the private sector and academia are shaping the country’s strategic position in global AI competition and its approach to AI security. The report is a synthesis of open-source research conducted by IISS and Adarga, leveraging millions of English- and Chinese-language data points.

Key Judgements
China’s political leadership views AI as one of several technologies that will enable the country to achieve global strategic dominance. This aligns closely with President Xi’s long-term strategy of leveraging technological revolutions to establish geopolitical strength. China has pursued AI leadership through a blend of state intervention and robust private-sector innovation. This nuanced approach challenges narratives of total government control, demonstrating significant autonomy and flexibility within China’s AI ecosystem. Notably, the development and launch of the DeepSeek-R1 model underscored China's ability to overcome significant economic barriers and technological restrictions, and almost certainly caught China’s political leadership by surprise – along with Western chip companies.

While the Chinese government retains ultimate control of the most strategically significant AI policy decisions, it is an oversimplification to describe this model as entirely centrally controlled. Regional authorities also play significant roles, leading to a decentralised landscape featuring multiple hubs and intense private sector competition, which gives rise to new competitors such as DeepSeek. In the coming years, the Chinese government will almost certainly increase its influence over AI development through closer collaboration with industry and academia. This will include shaping regulation, developing technical standards and providing preferential access to funding and resources.

China's AI regulatory model has evolved incrementally, but evidence suggests the country is moving towards more coherent AI legislation. AI governance responsibilities in China remain dispersed across multiple organisations. However, since February 2025, the China AI Safety and Development Association (CnAISDA) has become what China describes as its counterpart to the AI Security Institute. This organisation consolidates several existing institutions but does not appear to carry out independent AI testing and evaluation.

The Chinese government has integrated wider political and social priorities into AI governance frameworks, emphasising what it describes as “controllable AI” – a concept interpreted uniquely within the Chinese context. These broader priorities directly shape China’s technical and regulatory approaches to AI security. Compared to international competitors, China’s AI security policy places particular emphasis on the early stages of AI model development through stringent controls on pre-training data and onerous registration requirements. Close data sharing between the Chinese government and domestic AI champions, such as Alibaba’s City Brain, facilitates rapid innovation but would almost certainly encounter privacy and surveillance concerns if attempted elsewhere.

The geographical distribution of China's AI ecosystem reveals the strategic clustering of resources, talent and institutions. Cities such as Beijing, Hangzhou and Shenzhen have developed unique ecosystems that attract significant investments and foster innovation through supportive local policies, including subsidies, incentives and strategic infrastructure development. This regional specialisation emerged from long-standing Chinese industrial policy rather than short-term incentives.

China has achieved significant improvements in domestic AI education. It is further strengthening its domestic AI talent pool as top-tier AI researchers increasingly choose to remain in or return to China, due to increasingly attractive career opportunities within China and escalating geopolitical tensions between China and the US. Chinese institutions have significantly expanded domestic talent pools, particularly through highly selective undergraduate and postgraduate programmes. These efforts have substantially reduced dependence on international expertise, although many key executives and researchers continue to benefit from an international education.

Senior scientists hold considerable influence over China’s AI policymaking process, frequently serving on government advisory panels. This stands in contrast to the US, where corporate tech executives tend to have greater influence over AI policy decisions.

Government support provides substantial benefits to China-based tech companies. China’s government actively steers AI development, while the US lets the private sector lead (with the government in a supporting role) and the EU emphasises regulating outcomes and funding research for the public good. This means that China’s AI ventures often have easier access to capital and support for riskier projects, while a tightly controlled information environment mitigates against reputational risk.

US export controls have had a limited impact on China’s AI development. Although export controls have achieved some intended effects, they have also inadvertently stimulated innovation within certain sectors, forcing companies to do more with less and resulting in more efficient models that may even outperform their Western counterparts. Chinese AI companies such as SenseTime and DeepSeek continue to thrive despite their limited access to advanced US semiconductors.

cetas.turing.ac.uk UK EN 2025 China AI Research Report China-based Adarga ecosystem
TikTok Faces Fresh European Privacy Investigation Over China Data Transfers https://www.securityweek.com/tiktok-faces-fresh-european-privacy-investigation-over-china-data-transfers
13/07/2025 22:57:17
QRCode
archive.org

The Irish Data Privacy Commission announced that TikTok is facing a new European Union privacy investigation into user data sent to China.

TikTok is facing a fresh European Union privacy investigation into user data sent to China, regulators said Thursday.

The Data Protection Commission opened the inquiry as a follow up to a previous investigation that ended earlier this year with a 530 million euro ($620 million) fine after it found the video sharing app put users at risk of spying by allowing remote access their data from China.

The Irish national watchdog serves as TikTok’s lead data privacy regulator in the 27-nation EU because the company’s European headquarters is based in Dublin.

During an earlier investigation, TikTok initially told the regulator it didn’t store European user data in China, and that data was only accessed remotely by staff in China. However, it later backtracked and said that some data had in fact been stored on Chinese servers. The watchdog responded at the time by saying it would consider further regulatory action.

“As a result of that consideration, the DPC has now decided to open this new inquiry into TikTok,” the watchdog said.

“The purpose of the inquiry is to determine whether TikTok has complied with its relevant obligations under the GDPR in the context of the transfers now at issue, including the lawfulness of the transfers,” the regulator said, referring to the European Union’s strict privacy rules, known as the General Data Protection Regulation.

TikTok, which is owned by China’s ByteDance, has been under scrutiny in Europe over how it handles personal user information amid concerns from Western officials that it poses a security risk.

TikTok noted that it was one that notified the Data Protection Commission, after it embarked on a data localization project called Project Clover that involved building three data centers in Europe to ease security concerns.

“Our teams proactively discovered this issue through the comprehensive monitoring TikTok implemented under Project Clover,” the company said in a statement. “We promptly deleted this minimal amount of data from the servers and informed the DPC. Our proactive report to the DPC underscores our commitment to transparency and data security.”

Under GDPR, European user data can only be transferred outside of the bloc if there are safeguards in place to ensure the same level of protection. Only 15 countries or territories are deemed to have the same data privacy standard as the EU, but China is not one of them.

securityweek.com EN 2025 tiktok legal RGPD China Data Transfers Privacy InvestigationEU
Data Leaks from the Chinese Hacking-for-Hire Industry https://spycloud.com/blog/state-secrets-for-sale-chinese-hacking
11/07/2025 20:22:35
QRCode
archive.org
thumbnail

spycloud.com
We analyzed the VenusTech and Salt Typhoon data leaks to uncover the latest trends in the Chinese criminal underground.
In late May, two particularly interesting Chinese datasets appeared for sale in posts on DarkForums, an English-language data breach and leak forum that has become popular since BreachForums went dark in mid-April. These two posts, which we’re calling the VenusTech Data Leak and the Salt Typhoon Data Leak, had some interesting similarities. Both posts:

Were posted by new accounts that appear to have been created explicitly to sell a single dataset
Included data that allegedly came from companies in China’s large hack-for-hire ecosystem
Included data samples that, while limited, give us some insight into the companies they came from
While the samples provided on DarkForums were relatively small in comparison to previous data leaks of a similar nature (including Chinese IT contractor leaks, such as TopSec and iSoon), the latest leaks provide critical pivot points for assessing the state and structure of the Chinese cybersecurity contractor ecosystem.

We wanted to take a moment to analyze these two recent posts, dive into the sample data, and make some connections between this activity and some overall trends we are observing in our research into the Chinese cybercriminal underground.

Analysis of the VenusTech Data Leak
VenusTech is a major IT security vendor in China with a focus on serving government clients. It was founded in 1996 and is traded on the Shenzhen Stock Exchange. They have previously documented ties to the hack-for-hire industry including procuring services from XFocus, who created the original Blaster worm in 2003, as well as providing startup funding to Integrity Tech, the company responsible for the offensive hacking activity associated with Flax Typhoon.

On May 17, a post relating to VenusTech was created by an account called “IronTooth” and titled “Chinese tech company venus leaked documents.” The IronTooth account appears to have been newly created and simply uses the default profile image for DarkForums. The full post text reads:

selling sourced leaked documents dump of chinese tech company. includes papers, products sold to government, accesses, clients and more random shit sold to highest bidder after 48h. crossposted.

spycloud.com EN 2025 Hacking-for-Hire Industry VenusTech salt-typhoon China
NSB Alerts the Significant Cybersecurity Risks in China-Made Mobile Applications https://www.nsb.gov.tw/en/#/%E5%85%AC%E5%91%8A%E8%B3%87%E8%A8%8A/%E6%96%B0%E8%81%9E%E7%A8%BF%E6%9A%A8%E6%96%B0%E8%81%9E%E5%8F%83%E8%80%83%E8%B3%87%E6%96%99/2025-07-02/NSB%20Alerts%20the%20Significant%20Cybersecurity%20Risks%20in%20China-Made%20Mobile%20Applications
07/07/2025 11:18:32
QRCode
archive.org

www.nsb.gov.tw
In recent years, the international community has shown growing concerns over cybersecurity issues deriving from China-developed mobile applications (apps). Governments and independent research institutions worldwide have already issued warnings concerning data breaches in users’ communication security. To prevent China from illegally acquiring personal data of Taiwan’s nationals, National Security Bureau (NSB) has reviewed cybersecurity reports from countries around the world and organized relevant information, as per the National Intelligence Work Act. Subsequently, the NSB informed and coordinated with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency to conduct random inspection on several China-developed mobile apps. The results indicate the existence of security issues, including excessive data collection and privacy infringement. The public is advised to exercise caution when choosing mobile apps.

The 5 China-developed apps selected for inspection, consisting of rednote, Weibo, TikTok, WeChat, and Baidu Cloud, are widely used by Taiwanese nationals. The MJIB and CIB adopted the Basic Information Security Testing Standard for Mobile Applications v4.0 announced by the Ministry of Digital Affairs, and evaluated the apps against 15 indicators under 5 categories of violation, consisting of personal data collection, excessive permission usage, data transmission and sharing, system information extraction, and biometric data access.

All 5 apps have shown serious violations across multiple inspection indicators. Notably, the rednote fails to meet all 15 inspection standards. Weibo and TikTok violate 13 indicators, separately, as well as 10 for WeChat and 9 for Baidu Cloud. These findings suggest that the said China-made apps present cybersecurity risks far beyond the reasonable expectations for data-collection requirement taken by ordinary apps.

All 5 China-made apps are found to have security issues of excessively collecting personal data and abusing system permissions. The violations include unauthorized access to facial recognition data, screenshots, clipboard contents, contact lists, and location information. As to the category of system information extraction, all apps were found to collect data such as application lists and device parameters. Furthermore, as far as biometric data are concerned, users’ facial features may be deliberately harvested and stored by those apps.

With regard to data transmission and sharing, the said 5 apps were found to send packets back to servers located in China. This type of transmission has raised serious concerns over the potential misuse of personal data by third parties. Under China’s Cybersecurity Law and National Intelligence Law, Chinese enterprises are obligated to turn over user data to competent authorities concerning national security, public security, and intelligence. Such a practice would pose a significant security breach to the privacy of Taiwanese users, which could lead to data collection by specific Chinese agencies.

A wide range of countries, such as the US, Canada, the UK, and India, have already publicly issued warnings against or bans on specific China-developed apps. The European Union has also launched investigations under the General Data Protection Regulation framework into suspected data theft involving certain China-made apps. Substantial amount of fines are imposed in those cases. In response to the cybersecurity threats, the Taiwanese government has prohibited the use of Chinese-brand products regarding computer and communications technology within official institutions. Both software and hardware are included.

The NSB coordinates with the MJIB and CIB to test the 5 inspected China-developed apps, and confirms that widespread cybersecurity vulnerabilities indeed exist. The NSB strongly advises the public to remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, so as to protect personal data privacy and corporate business secrets.

www.nsb.gov.tw EN 2025 alert China Taiwan China-developed apps risk
🇬🇧 Houken seeking a path by living on the edge with zero-days https://www.cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-009/
03/07/2025 11:36:12
QRCode
archive.org

CERTFR-2025-CTI-009
Date de la dernière version 01 juillet 2025

In September 2024, ANSSI observed an attack campaign seeking initial access to French entities’ networks through the exploitation of several zero-day vulnerabilities on Ivanti Cloud Service Appliance (CSA) devices. French organizations from governmental, telecommunications, media, finance, and transport sectors were impacted. ANSSI’s investigations led to the conclusion that a unique intrusion set was leveraged to conduct this attack campaign. The Agency named this intrusion set « Houken ». Moderately sophisticated, Houken can be characterized by an ambivalent use of resources. While its operators use zero-day vulnerabilities and a sophisticated rootkit, they also leverage a wide number of open-source tools mostly crafted by Chinese-speaking developers. Houken’s attack infrastructure is made up of diverse elements - including commercial VPNs and dedicated servers.

ANSSI suspects that the Houken intrusion set is operated by the same threat actor as the intrusion set previously described by MANDIANT as UNC5174. Since 2023, Houken is likely used by an access broker to gain a foothold on targeted systems, which could eventually be sold to entities interested in carrying out deeper post-exploitation activities. Though already documented for its opportunistic exploitation of vulnerabilities on edge devices, the use of zero-days by a threat actor linked to UNC5174 is new to ANSSI’s knowledge. The operators behind the UNC5174 and Houken intrusion sets are likely primarily looking for valuable initial accesses to sell to a state-linked actor seeking insightful intelligence. However, ANSSI also observed one case of data exfiltration as well as an interest in the deployment of cryptominers, indicating straight-forward profit-driven objectives.

2.1 The attack campaign in a nutshell
At the beginning of September 2024, an attacker repeatedly exploited vulnerabilities CVE-2024-
8190, CVE-2024-8963, and CVE-2024-9380 vulnerabilities to remotely execute arbitrary code
on vulnerable Ivanti Cloud Service Appliance devices [1, 2, 3, 4]. These vulnerabilities were
exploited as zero-days, before the publication of the Ivanti security advisory [5, 6, 7].
The attacker opportunistically chained these vulnerabilities to gain initial access on Ivanti CSA
appliances, with the intention of:
• Obtaining credentials through the execution of a base64 encoded Python script1
.
• Ensuring persistence, by:
– deploying or creating PHP webshells;
– modifying existing PHP scripts to add webshells capabilities;
– occasionally installing a kernel module which acts as a rootkit once loaded.
Likely in an effort to prevent exploitation by additional unrelated actors, the attacker attempted
to self-patch web resources affected by the vulnerabilities.
On occasions, and after establishing a foothold on victim networks through the compromise
of Ivanti CSA devices, the attacker performed reconnaissance activities and moved laterally.
In-depth compromises allowed the attacker to gather additional credentials and deploy further
persistence mechanisms. Most recent activities around this attack campaign were observed
at the end of November 2024 by ANSSI.

Several incidents affecting French entities, and linked to this attack campaign, were observed
by ANSSI at the end of 2024. The campaign targeted french organizations from governmental,
telecommunications, media, finance, and transport sectors.
In three cases, the compromise of Ivanti CSA devices was followed by lateral movements toward
the victims’ internal information systems. The malicious actor also collected credentials and
attempted to establish a persistence on these compromised networks. Attacker’s operational
activities time zone was UTC+8, which aligns with China Standard Time (CST).
ANSSI provided significant support to these entities, a

ANSSI EN 2025 rapport Houken Ivanti CVE-2024- 8190 CVE-2024-8963 CVE-2024-9380 France China
The People's Liberation Army Cyberspace Force https://greydynamics.com/the-peoples-liberation-army-cyberspace-force/
30/06/2025 16:36:16
QRCode
archive.org
thumbnail

Established in 2024, the People's Liberation Army Cyberspace Force merges cyber and electronic warfare to disrupt, deter, and dominate in future conflicts.

With the launch of its Cyberspace Force, China has elevated the digital domain to a theatre of war. The Cyberspace Force of the People’s Liberation Army (PLA) is China’s newest military branch, launched on 19 April 2024.

Based in Haidian District, Beijing, and with five antennas across the country, it operates under the direct authority of the Central Military Commission (CMC).

Its creation followed the dissolution of the Strategic Support Force (SSF) and shows a broader shift in China’s approach to modern warfare. The force is tasked with both defending and attacking in the cyber domain. Additionally, it covers:

Network security
Electronic warfare
Information dominance
The Cyberspace Force plays a central role in China’s preparation for future conflicts, particularly in what the PLA calls “informatised warfare”, a doctrine focused on controlling the flow of information across all domains. By placing the unit directly under the CMC, China ensures centralised control, operational discipline, and strategic reach in cyberspace.
On 19 April 2024, the CMC formally dissolved the SSF and created three independent forces:

  • Cyberspace Force
  • Aerospace Force
  • Information Support Force

This marked the first time China designated cyberspace as an independent warfare domain with dedicated command, personnel, and budgetary autonomy. The Cyberspace Force now operates as a Corps Leader-grade service, headquartered in Beijing. It is led by Lieutenant General Zhang Minghua, with Lieutenant General Han Xiaodong serving as its political commissar. Its emergence reflects a shift from fragmented technical capabilities to centralised, strategic integration of cyber warfare into China’s military planning.

greydynamics EN 2025 China army SSF Cyberspace Force
DeepSeek faces ban from Apple, Google app stores in Germany | Reuters https://www.reuters.com/sustainability/boards-policy-regulation/deepseek-faces-expulsion-app-stores-germany-2025-06-27/
28/06/2025 09:57:32
QRCode
archive.org
thumbnail

Germany's data protection commissioner has asked Apple and Google to remove Chinese AI startup DeepSeek from their app stores in the country due to concerns about data protection, following a similar crackdown elsewhere.

  • Germany says DeepSeek illegally transfers user data to China
  • Apple and Google must now review Germany's request
  • Italy blocked DeepSeek app earlier this year

FRANKFURT, June 27 (Reuters) - Germany's data protection commissioner has asked Apple (AAPL.O), opens new tab and Google (GOOGL.O), opens new tab to remove Chinese AI startup DeepSeek from their app stores in the country due to concerns about data protection, following a similar crackdown elsewhere.
Commissioner Meike Kamp said in a statement on Friday that she had made the request because DeepSeek illegally transfers users' personal data to China.
The two U.S. tech giants must now review the request promptly and decide whether to block the app in Germany, she added, though her office has not set a precise timeframe.
Google said it had received the notice and was reviewing it.
DeepSeek did not respond to a request for comment. Apple was not immediately available for comment.
According to its own privacy policy, opens new tab, DeepSeek stores numerous pieces of personal data, such as requests to its AI programme or uploaded files, on computers in China.
"DeepSeek has not been able to provide my agency with convincing evidence that German users' data is protected in China to a level equivalent to that in the European Union," Kamp said.
"Chinese authorities have far-reaching access rights to personal data within the sphere of influence of Chinese companies," she added.

reuters EN 2025 Germany Italy DeepSeek legal China
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace https://www.atlanticcouncil.org/in-depth-research-reports/report/crash-exploit-and-burn/#analysis
26/06/2025 08:15:31
QRCode
archive.org
thumbnail

If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.

Strategic competition between the United States and China has long played out in cyberspace, where offensive cyber capabilities, like zero-day vulnerabilities, are a strategic resource. Since 2016, China has been turning the zero-day marketplace in East Asia into a funnel of offensive cyber capabilities for its military and intelligence services, both to ensure it can break into the most secure Western technologies and to deny the United States from obtaining similar capabilities from the region. If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.  

This report is the first to conduct a comparative study within the international offensive cyber supply chain, comparing the United States’ fragmented, risk-averse acquisition model with China’s outsourced and funnel-like approach.  

Key findings: 

  • Zero-day exploitation is becoming more difficult, opaque, and expensive, leading to “feast-or-famine” contract cycles. 
  • Middlemen with prior government connections further drive up costs and create inefficiency in the US and Five Eyes (FVEYs) market, while eroding trust between buyers and sellers.  
  • China’s domestic cyber pipeline dwarfs that of the United States. China is also increasingly moving to recruit from the Middle East and East Asia. 
  • The United States relies on international talent for its zero-day capabilities, and its domestic talent investment is sparse – focused on defense rather than offense.  
  • The US acquisition processes favor large prime contractors, and prioritize extremely high levels of accuracy, trust, and stealth, which can create market inefficiencies and overly index on high-cost, exquisite zero-day exploit procurements. 
  • China’s acquisition processes use decentralized contracting methods. The Chinese Communist Party (CCP) outsources operations, shortens contract cycles, and prolongs the life of an exploit through additional resourcing and “n-day” usage.    
  • US cybersecurity goals, coupled with “Big Tech” market dominance, are strategic counterweights to the US offensive capability program, demonstrating a strategic trade-off between economic prosperity and national security. 
  • China’s offensive cyber industry is already heavily integrated with artificial intelligence (AI) institutions, and China’s private sector has been proactively using AI for cyber operations. 
  • Given the opaque international market for zero-day exploits, preference among government customers for full exploit chains leveraging multiple exploit primitives, and the increase in bug collisions, governments can almost never be sure they truly have a “unique capability.”   
atlanticcouncil EN 2025 analysis US China 0-days
Exclusive: DeepSeek aids China's military and evaded export controls, US official says https://www.reuters.com/world/china/deepseek-aids-chinas-military-evaded-export-controls-us-official-says-2025-06-23/
23/06/2025 15:32:06
QRCode
archive.org
thumbnail

AI firm DeepSeek is aiding China's military and intelligence operations, a senior U.S. official told Reuters, adding that the Chinese tech startup sought to use Southeast Asian shell companies to access high-end semiconductors that cannot be shipped to China under U.S. rules.
The U.S. conclusions reflect a growing conviction in Washington that the capabilities behind the rapid rise of one of China's flagship AI enterprises may have been exaggerated and relied heavily on U.S. technology.

Hangzhou-based DeepSeek sent shockwaves through the technology world in January, saying its artificial intelligence reasoning models were on par with or better than U.S. industry-leading models at a fraction of the cost.
"We understand that DeepSeek has willingly provided and will likely continue to provide support to China's military and intelligence operations," a senior State Department official told Reuters in an interview.
"This effort goes above and beyond open-source access to DeepSeek's AI models," the official said, speaking on condition of anonymity in order to speak about U.S. government information.
The U.S. government's assessment of DeepSeek's activities and links to the Chinese government have not been previously reported and come amid a wide-scale U.S.-China trade war.

reuters EN 2025 DeepSeek China US military AI export controls trade-war
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/
11/06/2025 16:08:37
QRCode
archive.org
thumbnail

This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors.

  • In October 2024, SentinelLABS observed and countered a reconnaissance operation targeting SentinelOne, which we track as part of a broader activity cluster named PurpleHaze.
  • At the beginning of 2025, we also identified and helped disrupt an intrusion linked to a wider ShadowPad operation. The affected organization was responsible for managing hardware logistics for SentinelOne employees at the time.
  • A thorough investigation of SentinelOne’s infrastructure, software, and hardware assets confirmed that the attackers were unsuccessful and SentinelOne was not compromised by any of these activities.
  • The PurpleHaze and ShadowPad activity clusters span multiple partially related intrusions into different targets occurring between July 2024 and March 2025. The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors.
  • We attribute the PurpleHaze and ShadowPad activity clusters with high confidence to China-nexus threat actors. We loosely associate some PurpleHaze intrusions with actors that overlap with the suspected Chinese cyberespionage groups publicly reported as APT15 and UNC5174.
  • This research underscores the persistent threat Chinese cyberespionage actors pose to global industries and public sector organizations, while also highlighting a rarely discussed target they pursue: cybersecurity vendors.
sentinelone EN 2025 China PurpleHaze ShadowPad APT15 UNC5174
Czech Republic says China behind cyberattack on ministry, embassy rejects accusations | Reuters https://www.reuters.com/world/china/czech-republic-says-china-was-behind-cyberattack-ministry-summons-ambassador-2025-05-28/
01/06/2025 17:09:51
QRCode
archive.org
thumbnail

he Czech Republic on Wednesday accused China of being responsible for a "malicious cyber campaign" targeting a network used for unclassified communication at its Foreign Affairs ministry, but China rejected the accusations.
China's embassy in Prague called on the Czech side to end its "microphone diplomacy".

The attacks started during the country's 2022 EU presidency and were perpetrated by the cyber espionage group APT31, the Czech government said in a statement. The Czech Republic, an EU state and NATO member, said APT31 was publicly associated with the Chinese Ministry of State Security.

Foreign Minister Jan Lipavsky said that after the attack was detected, the ministry implemented a new communications system with enhanced security in 2024.
"I summoned the Chinese ambassador to make clear that such hostile actions have serious consequences for our bilateral relations," he said.
Lipavsky said the attacks centered on email and other documents and focused on information concerning Asia.
"The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure," the government said in its statement.
China's embassy in the Czech Republic expressed "strong concern and decisive disagreement" with the Czech accusations.

reuters EN 2025 Czech-Republic China China cybercampaign 2022 EU presidency
Fellows Feature: How Hacktivists in China Are Using Data Leaks for Dissent https://ocpl.substack.com/p/fellows-feature-how-hacktivists-in
26/05/2025 11:14:54
QRCode
archive.org

Welcome to our OCPL Fellows Feature series, brought to you by our current cohort of talented researchers. These pieces explore key challenges at the intersection of U.S.-China and global emerging technology competition.

  • Massive leaks of information stored in government-owned databases have become increasingly common in China throughout the 2020s.

  • Chinese hacktivists likely executed some of these leaks to call attention to the scope and pervasiveness of state surveillance.

  • Hackers in China have previously been prevented from organizing into groups and carrying out both nationalist and apolitical hacking. It is plausible that hackers would have little to lose by pivoting to hack to express dissent.

Introduction
What comes to mind when you think about data protection? Perhaps the right to privacy or cybersecurity, but almost certainly not “streaking.” However, Chinese netizens commonly use this term (裸奔, luǒbēn) to describe the sense of embarrassment an individual feels when their personal data has been unintentionally exposed. The use (and censorship) of this phrase has only increased as large-scale data leaks have risen dramatically in China throughout the 2020s.

When these data leaks occur, commentary is quickly taken down to prevent Chinese internet users from uncovering the scope of state surveillance practices. That’s partly because retrospective analysis of these incidents often reveals that they resulted directly from Chinese government bodies’ lax data management practices. These incidents have proved shameful for party leaders; while not directly acknowledging these leaks, high-ranking officials like the late Li Keqiang call for heightened “information security” standards in their aftermath.

ocpl.substack.com EN 2025 China Hacktivists China Dissent Data_leaks
Rogue communication devices found in Chinese solar power inverters https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/
18/05/2025 12:27:35
QRCode
archive.org
  • Rogue communication devices found in Chinese solar inverters
  • Undocumented cellular radios also found in Chinese batteries
  • U.S. says continually assesses risk with emerging technology
  • U.S. working to integrate 'trusted equipment' into the grid

LONDON, May 14 (Reuters) - U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said.
Power inverters, which are predominantly produced in China, are used throughout the world to connect solar panels and wind turbines to electricity grids. They are also found in batteries, heat pumps and electric vehicle chargers. While inverters are built to allow remote access for updates and maintenance, the utility companies that use them typically install firewalls to prevent direct communication back to China.
However, rogue communication devices not listed in product documents have been found in some Chinese solar power inverters by U.S experts who strip down equipment hooked up to grids to check for security issues, the two people said.
Over the past nine months, undocumented communication devices, including cellular radios, have also been found in some batteries from multiple Chinese suppliers, one of them said.
Reuters was unable to determine how many solar power inverters and batteries they have looked at. The rogue components provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, with potentially catastrophic consequences, the two people said.
Both declined to be named because they did not have permission to speak to the media.
"We know that China believes there is value in placing at least some elements of our core infrastructure at risk of destruction or disruption," said Mike Rogers, a former director of the U.S. National Security Agency. "I think that the Chinese are, in part, hoping that the widespread use of inverters limits the options that the West has to deal with the security issue."
A spokesperson for the Chinese embassy in Washington said: "We oppose the generalisation of the concept of national security, distorting and smearing China's infrastructure achievements."

reuters EN 2025 solar panels inverters China US kill-switch energy
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures
14/05/2025 20:46:30
QRCode
archive.org
thumbnail

EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly exposed directory (opendir) found on attacker-controlled infrastructure, which contained detailed event logs capturing operations across multiple compromised systems.

EclecticIQ analysts link observed SAP NetWeaver intrusions to Chinese cyber-espionage units including UNC5221 [2], UNC5174 [3], and CL-STA-0048 [4] based on threat actor tradecrafts patterns. Mandiant and Palo Alto researchers assess that these groups connect to China's Ministry of State Security (MSS) or affiliated private entities. These actors operate strategically to compromise critical infrastructures, exfiltrate sensitive data, and maintain persistent access across high-value networks worldwide.

Uncategorized China-Nexus Threat Actor Scanning the Internet for CVE-2025-31324 and Upload Webshells

EclecticIQ analysts assess with high confidence that, a very likely China-nexus threat actor is conducting a widespread internet scanning and exploitation campaign against SAP NetWeaver systems. Threat actor–controlled server hosted at IP address 15.204.56[.]106 exposed the scope of the SAP NetWeaver intrusions [5].

eclecticiq.com EN 2025 exploitation China-Nexus China attribution CVE-2025-31324 SAP NetWeaver
Dior’s China data breach exposes elite clients https://jingdaily.com/posts/dior-china-data-breach-tests-brand-trust
13/05/2025 14:36:24
QRCode
archive.org
thumbnail

Dior’s coveted client list of China’s wealthiest and most powerful consumers has been compromised in a major data breach, forcing the French luxury giant to issue an apology as it scrambles to contain potential fallout and limit any damage to its reputation.

The luxury brand under French conglomerate LVMH experienced a customer data breach in China on May 7. According to a text message sent to customers yesterday, the company disclosed that an unauthorized external party had gained access to its database, obtaining sensitive personal information such as customers’ names, gender, phone numbers, email addresses, mailing addresses, purchase amounts, and shopping preferences.

Dior emphasized that the compromised data did not include bank account details, IBANs (International Bank Account Numbers), or credit card information. Nonetheless, the brand urged customers to exercise heightened caution, advising them to beware of phishing messages, unsolicited calls or emails, and to avoid clicking on suspicious links or disclosing personal information.

jingdaily.com EN 2025 Luxury Jing China Dior Data-Breach
Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today's Adversaries | SentinelOne https://www.sentinelone.com/labs/top-tier-target-what-it-takes-to-defend-a-cybersecurity-company-from-todays-adversaries/
04/05/2025 13:22:26
QRCode
archive.org
thumbnail

This report highlights a rarely-discussed but crucially important attack surface: security vendors themselves.

  • In recent months, SentinelOne has observed and defended against a spectrum of attacks from financially motivated crimeware to tailored campaigns by advanced nation-state actors.
  • These incidents were real intrusion attempts against a U.S.-based cybersecurity company by adversaries, but incidents such as these are neither new nor unique to SentinelOne.
  • Recent adversaries have included:
    • DPRK IT workers posing as job applicants
      ransomware operators probing for ways to access/abuse our platform
    • Chinese state-sponsored actors targeting organizations aligned with our business and customer base
      This report highlights a rarely-discussed but crucially important attack surface: security vendors themselves.
sentinelone EN 2025 report PurpleHaze China DPRK
A Chinese AI video startup appears to be blocking politically sensitive images | TechCrunch https://techcrunch.com/2025/04/22/a-chinese-ai-video-startup-appears-to-be-blocking-politically-sensitive-images/
27/04/2025 11:51:06
QRCode
archive.org
thumbnail

A Chinese startup, Sand AI, appears to be blocking certain politically sensitive images from its online video generation tool.

A China-based startup, Sand AI, has released an openly licensed, video-generating AI model that’s garnered praise from entrepreneurs like the founding director of Microsoft Research Asia, Kai-Fu Lee. But Sand AI appears to be censoring the hosted version of its model to block images that might raise the ire of Chinese regulators from the hosted version of the model, according to TechCrunch’s testing.

Earlier this week, Sand AI announced Magi-1, a model that generates videos by “autoregressively” predicting sequences of frames. The company claims the model can generate high-quality, controllable footage that captures physics more accurately than rival open models.

techcrunch EN 2025 AI China censure Sand-AI AI-model Magi-1
China accuses NSA of launching cyberattacks on Asian Winter Games https://therecord.media/china-accuses-nsa-hack-asian-winter-games
15/04/2025 21:01:55
QRCode
archive.org
thumbnail

China on Tuesday accused three alleged employees of the U.S. National Security Agency of carrying out cyberattacks on the Asian Winter Games in February.

therecord.media EN 2025 NSA cyberattacks China US accused Asian-Winter-Games
China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure https://securityaffairs.com/176485/apt/china-admitted-its-role-in-volt-typhoon-cyberattacks-on-u-s-infrastructure.html
13/04/2025 10:30:31
QRCode
archive.org
thumbnail

China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports.
China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign.

securityaffairs EN 2025 Volt-Typhoon China US admitted WSJ admitted Geneva-Summit
Chinese hackers spent four years inside Asian telco’s networks https://therecord.media/chinese-hackers-spent-years-telco
25/03/2025 08:18:15
QRCode
archive.org
thumbnail

The hackers compromised home routers made by Zyxel to gain entry into a “major” telecommunications company's environment.

therecord.media EN 2025 Zyxel China WeaverAnt Asia
page 1 / 7
4514 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio