Very interesting report via the Financial Services Information Sharing and Analysis Center, in cooperation with the FBI, on unauthorized wire transfers to China. When I say “interesting,” I mean I don’t understand it…not sure what the implications are, if any. Get the basics of the report, just not sure who the perp is supposed to be? Chinese, Russian, US? So, smart blog reading people help me out. Full PDF report on the unauthorized wire transfers here and the two paragraphs that have me scratching my head:
“The unauthorized wire transfers range from $50,000 to $985,000. In most cases, they tend to be above $900,000, but the malicious actors have been more successful in receiving the funds when the unauthorized wire transfers were under $500,000. When the transfers went through successfully, the money was immediately withdrawn from or transferred out of the recipients’ accounts.
In addition to the large wire transfers, the malicious actors also sent domestic ACH and wire transfers to money mules in the United States within minutes of conducting the overseas transfers. The domestic wire transfers range from $200 to $200,000. The intended recipients are money mules, individuals who the victim company has done business with in the past, and in one instance, a utility company located in another U.S. state. The additional ACH transfers initiated using compromised accounts range from $222,500 to $1,275,000.”
Sorry, missed this when it first came out on 25 September 08. IntelFusion posts an article concerning pre-emptive Chinese DDOS attacks on websites that support the monks of the Saffron Uprising. Also planned counter attacks:
In anticipation of the first anniversay of the Saffron Uprising, the government has launched DDOS attacks against three Web sites that support the monks: The Irrawaddy, the Oslo-based Democratic Voice of Burma and the New Era in Bangkok.
The concerted attacks — which appear to originate in China, Russia and Europe as well as Burma…
Another great post over at Dancho’s on who is behind the GPcode Ransomware. Probably just an available proxy in Liaoning but worth keeping an eye to see if these groups eventually start working together:
The John Dow-ish Daniel Robertson is emailing from 188.8.131.52 (Liaoning Province Network China Network Communications Group Corporation No.156,Fu-Xing-Men-Nei Street, Beijing 100031), and Paul Dyke from 184.108.40.206(Liaoning Province Network China Network Communications Group Corporation No.156,Fu-Xing-Men-Nei Street, Beijing 100031), both Chinese IPs, despite that these campaigners are Russians.
Of course read the rest of this article but check out his other posts…fantastic!
So what can’t these guys find to turn a buck? You got me. Not going to write much on this ’cause I’ve got to check on a few personal records:
Foreign hackers, primarily from Russia and China, are increasingly seeking to steal Americans’ health care records, according to a Department of Homeland Security analyst.
They’ve been focused on the [Department of Defense] – the military – but now are spreading out into the health care private sector,” Walker said.
Read about it here, I’ve got a cold and need to call Beijing.
Hat-Tip: As always, Jumper
Interesting article from SCmagazine on Chinese hackers filling the void after the Russian hackers packed up shop. It doesn’t give enough detail to determine the particulars but raises a lot of questions. Was this a voluntary surrender by the Russians? Working in concert with one another? Would love to hear more about it if anyone knows.
Russian Hacker Move Out…And The Chinese Move in.
This article kind of hints around at a subject Jumper and I have been having on the link between Chinese and Russian hackers. The recent move of the Russian Hacker mob to China, along with this article showing both Chinese and Russian espionage in Germany, continues to suggest they are dancing around each other but never quite linked together. For me it is just a gut feeling that they are linked. I haven’t found anything that shows the groups working together but…
Russia, China espionage in Germany