Feb 23 2023


Category: Cyber EspionageDISC @ 3:19 pm

According to a recent security report, Chinese government has decided to resort to hacking, cyberwarfare and corporate espionage tactics to boost its ambitious defense program, compromising the systems of firms like Lockheed Martin in order to access classified information useful for their own purposes.

Peter Suciu, a renowned researcher, says China is an actor that should be taken seriously, especially on military issues. This is not the first such report, as since 2019 the Pentagon had accused the Chinese military of resorting to what they defined as “cyber theft” and other methods to achieve great improvements in military terms.

It all went back to 2007, when the firm Lockheed Martin discovered that a Chinese hacking group had been stealing technical documents related to the F-35 program, while a similar theft occurred when cybercriminals working for Beijing managed to compromise a network of an Australian subcontractor to the F-35.

These reports lead experts to believe that the Chinese have acquired a wealth of crucial information and data for these programs, including the development of the Chinese J-20 fighter jet, also known as “Mighty Dragon.” Suciu himself claims that the creation of these aircraft would have been impossible without the information stolen from Lockheed Martin.

In connection with these reports, Business Insider published a report detailing the clear similarities in appearance and engineering between American aircraft and those created by the Chinese government. In addition, the report not only emphasizes the similarity of these aircraft, but also states that the sensor systems used by the Chinese government are virtually identical to the electro-optical guidance employed by Lockheed Martin in the Lightning II model, further evidence of espionage against the company.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

In 2007, Chinese Advanced Persistent Threat (APT) hackers targeted the computer networks of defense contractor Lockheed Martin, which was working on the development of the F-35 Lightning II fighter jet. The APT hackers gained access to the networks by using spear-phishing attacks to trick employees into downloading malware or providing their login credentials. Once inside the network, the hackers used various techniques to move laterally and gain access to sensitive data.

The hackers were able to steal large amounts of data related to the F-35 program, including design plans, testing results, and software source code. The stolen data allowed China to gain a significant advantage in its own stealth fighter program, the J-20.

The J-20 first flew in 2011, and it bears striking similarities to the F-35. Both aircraft are designed to be stealthy, with angular shapes and features that minimize their radar signature. The J-20 also features advanced avionics and sensor systems, which are similar to those used in the F-35.

The theft of the F-35 data was part of a larger campaign by Chinese APT hackers to steal sensitive information from Western companies and governments. The campaign, which has been ongoing for many years, is believed to be part of China’s broader efforts to modernize its military and develop advanced technologies.

The theft of the F-35 data was a significant blow to U.S. national security, as it gave China valuable insights into one of the most advanced fighter jets in the world. It also highlighted the need for stronger cybersecurity measures and better protection of sensitive data.

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: cyber espionage

Mar 24 2022

China-linked GIMMICK implant now targets macOS

Category: APT,Cyber EspionageDISC @ 8:32 am

Gimmick is a newly discovered macOS implant developed by the China-linked APT Storm Cloud and used to target organizations across Asia.

In late 2021, Volexity researchers investigated an intrusion in an environment they were monitoring and discovered a MacBook Pro running macOS 11.6 (Big Sur) that was compromised with a previously unknown macOS malware tracked as GIMMICK. The researchers explained that they have discovered Windows versions of the same implant during the past investigations.

The experts attribute the intrusion to a China-linked APT group tracked as Storm Cloud, which is known to target organizations across Asia.

The macOS version of the implant is written primarily in Objective C, while the Windows ones are in both .NET and Delphi. The implant uses public cloud hosting services (such as Google Drive) for C2 to evade detection.

Volexity worked with Apple to implement protections for the GIMMICK implant, on March 17, 2022, Apple pushed new signatures to XProtect and MRT to remove the malware.


GIMMICK should be launched directly by a user, rather than a daemon, then it installs itself as a launch agent by dropping a PLIST file with contents.

“On macOS, GIMMICK was found to support being launched as a daemon on the system or by a user. Should GIMMICK be launched directly by a user, rather than a daemon, it will install itself as a launch agent by dropping a PLIST file with contents, similar to that shown below, to /Users/<username>/Library/LaunchAgents.” reads the analysis published by Volexity. “The name of the binary, PLIST, and agent will vary per sample. In the case observed by Volexity, the implant was customized to imitate an application commonly launched by the targeted user.”

During the initialization, the implant analyzed by the experts decodes several pieces of data used by the implant for its operation using a rotating addition algorithm.

The implant also supports an uninstall function accessible by adding the argument “uninstall” on the command line. The command instructs the malicious code on removing itself and all associated files, and then kills the process.

“Storm Cloud is an advanced and versatile threat actor,  adapting its tool set to match different operating systems used by its targets.” concludes the analysis published by the experts. “The work involved in porting this malware and adapting its systems to a new operating system (macOS) is no light undertaking and suggests the threat actor behind it is well resourced, adept, and versatile.”

Attribution of Advanced Persistent Threats: How to Identify the Actors Behind Cyber-Espionage

Tags: cyber espionage, GIMMICK implant, macos

Jul 28 2020

Rite Aid deployed facial recognition system in hundreds of U.S. stores

Category: Cyber surveillance,Information SecurityDISC @ 1:28 pm

Rite Aid used facial recognition in largely lower-income, non-white neighborhoods. The systems included one from a firm with links to China and its government

Source: Rite Aid deployed facial recognition system in hundreds of U.S. stores

Rite Aid facial recognition rollout faces trouble

Cyber Espionage

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Tags: cyber espionage, Cyber surveillance, facial recognition

Jun 27 2019

Western intelligence hacked Russia’s Google Yandex to spy on accounts

Category: Cyber Espionage,MalwareDISC @ 2:15 pm

Exclusive: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts – sources

Source: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts

Enter your email address:

Delivered by FeedBurner

Tags: cyber espionage, cyber spy