China Archives - ICSSTRIVE

Wuhan Earthquake Monitoring Center Suspects Cyberattack comes from US.

July 26, 2023

Wuhan Earthquake Monitoring Center suffered a cyberattack. The Wuhan public security bureau Jianghan sub-bureau confirmed the discovery of a Trojan horse program originating from abroad at the Wuhan Earthquake Monitoring Center. According to the public security bureau, this Trojan horse program can illegally control and steal seismic intensity data collected by the front-end stations. This act poses a serious threat to national security. The center has immediately sealed off the equipment that was affected and reported the attack to the public security authorities, in order to investigate the case and handle the hacker organization and criminals according to law, said the statement.

Ransomware Attack Affects Worldwide Operations of Italian Eyewear Giant Luxottica

September 18, 2020

Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a ransomware attack that has led to the shutdown of operations in Italy and China and data leaked on the dark web. .

Union sources confirmed to Italian media Ansa that the employees were sent home due to “serious IT problems.” The ransomware attack affected the company worldwide, and for days offices were not fully operational.

Security official Nicola Vanin stated in a LinkedIn post “Once the event was analysed, the clues were collected in less than 24 hours and the procedure for cleaning up the affected servers began. Work activities are gradually returning to normal in the #Milano plants and headquarters.”

He also stated that “There is currently no access or theft of information from users and consumers.” However a month later the Windows Nefilim ransomware group leaked financial and human resources operations data on the dark web.

Ransomware Attack at Major Tesla Competitor, NIO

December 20, 2022

Chinese electric vehicle manufacturer Nio revealed a major data breach. The hack exposed certain confidential customer and vehicle sales-related information before August 2021. It is believed the hackers demanded $2.25 million worth of Bitcoin in exchange for not leaking their internal data.

Cyberattack at the Chinese Subsidiary of a German Furniture Manufacturer

August 15, 2022

A Chinese production site of the Hettich Group has involuntarily been the victim of a cyber attack. As yet unknown attackers have hacked the internal networks and deposited malware there. The company’s website states: ” It is not yet possible to say when the Chinese subsidiary will be able to fully access all IT systems again. Local production in China is continuing. As far as we know at present, other companies in the Hettich Group are not affected. From today’s point of view, the ability to deliver to our customers outside China is not limited.”

Blackbyte Group Claims Compromising Precious Metal Manufacturer in HongKong demanding $1.1M

October 30, 2022

The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. The BlackByte ransomware group claims to have stolen gigabytes of documents from Asahi Group Holdings, including financial and sales reports. The ransomware gang is demanding 500k$ to buy data and 600k$ to delete the stolen data.

Cyberattack at Large Global Cookware Distributor Affects 1000’s of Employees

October 25, 2021

Meyer Corporation, the largest cookware distributor in the U.S. fell victim to a cyberattack on October 25, 2021. In response, the firm launched an investigation that was concluded on December 1, 2021, revealing that threat actors gained access to personal information belonging to employees of Meyer and its subsidiaries.

BleepingComputer reports finding a relevant listing on the Conti extortion site dating to November 7, 2021. The Meyer entry on Conti’s portal offers a ZIP file containing 2% of the data allegedly stolen by the ransomware gang during the cyberattack. However, the notorious ransomware group hasn’t followed up to publish the remainder 98% in the months that followed.

Ransomware Attack Shuts Down Production at Loom Manufacturer in Belgium

January 13, 2020

A cyber-attack partially incapacitated operations at West Flemish weaving machine producer Picanol. Large segments of production are at a standstill. The company’s entire production process is managed by computers. Plants in Ieper (Belgium), Romania and China were hit.

City of Shanghai Health App Hack Affects over 48.5 Million Mandatory Users.

August 1, 2022

A hacker has claimed to have obtained the personal information of 48.5 million users of a COVID health code mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub’s data in just over a month.The hacker with the username as “XJP” posted an offer to sell the data for $4,000 on the hacker forum Breach Forums on Wednesday. The hacker provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people.

The app collects travel data to give people a red, yellow or green rating indicating the likelihood of having the virus and users have to show the code to enter public venues. All residents and visitors have to use it.