Loading

黑客趁虚而入,袭击英国多家公司 【中英对照翻译】

新闻来源:Wired News《有线新闻网》;作者:Matt Burgess马特·伯吉斯;发布时间:23 July 2020 / 2020年7月23日

翻译/简评:文意;校对:Linda Black;审核:海阔天空 ;Page:拱卒

简评:

中共在全世界布局间谍网络已有很多年。它的形式、方法和手段也是花样繁多,很多调查发现中共是幕后黑手。在以信誉为基础的资本主义社会,公民身份盗取的后果是非常严重的。通过这种无底线的行为,中共操作和控制自由社会的民众,给他们带来危机感,造成社会的不稳定;中共甚至通过操纵这些信息,影响西方资本主义国家的选举、决策。全世界所有有良知、正义的国家、团体和组织,一定要团结起来,彻底清除中共的天罗地网,重重惩罚中共这些无底线的违法行为,来保证自由社会的民主、法治和安全。我们每一个人都有责任和义务来反击和捍卫我们所珍惜的自由和民主的意识形态。

原文翻译:

Chinese hackers targeted major UK companies as coronavirus raged

在冠状病毒肆虐之时,中共黑客瞄准了英国主要公司

Hackers alleged to be working on behalf of the Chinese government have been busy throughout the coronavirus crisis – including attacking targets in the UK

在整个冠状病毒危机期间,据称代表中共政府工作的黑客一直很忙-在袭击英国多个目标

Getty Images / WIRED盖蒂图片社/有线

As coronavirus tore through Europe in March and April, so did hackers acting on behalf of the Chinese government. Looking to make the most of organisations scrambling to respond to the health crisis, criminals working for China attacked private companies, research institutions, and governments across the world.

随着三月和四月冠状病毒在欧洲肆虐,黑客也代表中共政府行事。为中共国工作的犯罪分子试图充分利用组织争相应对健康危机的机会,攻击世界各地的私营企业、研究机构和政府。

State-sponsored actors working on behalf of the Chinese government and its security services have tried to “profit from the crisis” and steal information that could be beneficial to the country, a senior Western security source says. These include attacks on a major social care company in the UK.

西方一位资深安全人士说,由中共赞助的代表中共政府及其安全部门工作的参与者试图“从危机中获利”并窃取可能对中共国有利的信息。其中包括针对英国一家大型社会福利公司的攻击。

Hackers working for the group known as Advanced Persistent Threat 41 (ATP41) compromised a major private provider of social care services in the UK and in the process disrupted its systems, a cybersecurity expert with knowledge of China’s actions says. The attack took place in March as the UK was hurtling towards the most serious weeks of its Covid-19 outbreak.

一位了解中共行径的网络安全专家说,为“高级持续威胁41”(ATP41)这个组织工作的黑客入侵了英国一家主要的社会护理服务私人提供商,并在此过程中破坏了其系统。这次袭击发生在3月,当时英国正步入Covid-19爆发最严重的几周。

On another occasion, state-sponsored hackers from a different Chinese group are thought to have targeted two technical companies, one in the UK and one in the US, that handle anonymised patient data. The attackers conducted reconnaissance on the firms but, the source says, there is no evidence they were actually compromised. They add that during April and May Chinese cyber actors based in Wuhan, where Covid-19 first emerged, targeted a number of European governments and their systems.

在另一场合,来自另一个中共集团的国家资助的黑客被认为针对两家处理匿名患者数据的技术公司,一家在英国,另一家在美国。攻击者对这两家公司进行了侦察,但消息人士称,没有证据表明它们确实遭到了攻击。他们补充说,在4月和5月期间,位于新冠病毒首次出现的武汉的中共网络黑客针对了许多欧洲政府及其系统。

While specific details of the attacks are not publicly known, efforts by China to compromise the systems of European governments has been confirmed by other security researchers.

尽管攻击的具体细节尚未公开,但其他安全研究人员也证实了中共为破坏欧洲政府体系所做的努力。

The new details paint a picture of widespread and indiscriminate Chinese cyber activity during the pandemic. The latest developments follow US government officials indicting two alleged Chinese-backed hackers on July 21 for conducting a decade of global cyberattacks designed to “rob, replicate and replace” multiple companies, from Australia to Sweden. These attacks included one against an unnamed UK artificial intelligence and cancer research company in April.

新的细节描绘了大流行期间中共广泛而随意的网络活动。最新动态是美国政府官员于7月21日起诉两名据称由中共支持的黑客,他们进行了十年的全球网络攻击,旨在“抢劫、复制和替换”从澳大利亚到瑞典的多家公司。这些攻击包括四月份针对一家未具名的英国人工智能和癌症研究公司的攻击。

“Whilst the rest of the world prioritised protecting their citizens from coronavirus, China has prioritised standing up its hacking teams to profit from the crisis and enhance its espionage capabilities,” a senior Western security source says. They say the “vast scale” of China’s hacking operation isn’t widely understood and multiple Advanced Persistent Threat groups, or APTs, with links to the country’s Ministry of State Security, are working to access confidential information. APTs are hacking groups that conduct continuous and sophisticated attacks. They can lurk inside networks for months or years at a time and use previously unknown vulnerabilities.

西方一位资深安全消息人士说:“尽管世界其他国家把保护公民免受冠状病毒的侵害放在首位,但中共却把培养黑客队伍放在首位,以从危机中获利并增强其间谍能力。”他们说,人们对中共黑客行动的“规模庞大”还没有广泛了解,并且有多个与中共国家安全部链接的高级持续威胁黑客小组(APT)致力于盗取机密信息。 APT是进行连续且复杂的攻击的黑客组织。他们可以一次潜伏在网络中数月或数年,并使用以前未知的漏洞。

The source claims there are “significantly more” hacking groups working across China’s 23 regions than many people know about. These groups work to a number of ends, including undermining the democratic process in Taiwan and elsewhere, the source says.

消息人士称,在中共国23个地区开展工作的黑客组织“数量远远超过许多人所知道的”。消息人士说,这些团体的工作有多种目的,包括破坏台湾和其他地方的民主进程。

The claims are the latest in a series of state-sponsored hacking attempts said to have taken place during the pandemic. Last week, officials in the UK, US and Canada publicly shamed Cozy Bear, a group of hackers formally known as ATP29 and believed to be linked to the Russian state, with trying to steal information relating to the development of coronavirus vaccines. Earlier in July, the FBI pointed its finger at China. It singled out the nation as “working to compromise” American healthcare organisations, pharma companies and universities that are conducting research into the virus.

这些说法是据说在瘟疫大流行期间发生的一系列由国家资助的黑客攻击活动事件。上周,英国,美国和加拿大的官员公开羞辱了暖熊(Cozy Bear),这是一群正式被称为ATP29的黑客,据信与俄罗斯有关,试图窃取与冠状病毒疫苗开发有关的信息。 7月初,联邦调查局将矛头指向了中共国。它把美国正在对该病毒进行研究的美国医疗机构,制药公司和大学选为“攻击并危害”的对象。

The result is increasingly strained tensions between China and the West. The ban on Huawei’s 5G technology in the UK, human rights abuses against Uighur Muslims and Hong Kong’s National Security Law have all sparked criticism of China’s domestic and foreign activities. “It's perfectly clear that we're moving out of the era of engagement policy with China, where the emphasis was on cooperation, predominantly, to now a situation where I think the rise of China is being viewed a bit more critically,” says Veerle Nouwens, a research fellow at the Royal United Services Institute, who focuses on policy issues related to China.

结果是中西方之间的紧张关系日益紧张。在英国禁止华为5G技术的禁令,对维吾尔族穆斯林的侵犯人权行为以及香港的《国家安全法》都引发了对中共国国内外活动的批评。 维勒(Veerl)说:“很明显,我们已经脱离了与中共国的交往政策时代,该时代主要强调合作,而现在,我认为中共国的崛起受到了更多的批评。”皇家联合服务研究所的研究员努文斯(Nouwens)致力于与中国有关的政策问题。

“China presents both opportunities for cooperation but some serious challenges as well,” she adds. In the last five years, president Xi Jinping has set ambitious goals for China to become a superpower in artificial intelligence, quantum computing and the common rules that underpin how key technologies, such as 5G, work.

她补充说:“中共国既提供了合作机会,也带来了严峻挑战。”在过去的五年中,习近平主席为中共国设定了雄心勃勃的目标,使其成为人工智能、量子计算和支撑5G等关键技术如何运作的通用规则的超级大国。

Despite being publicly criticised for alleged hacking – by governments, law enforcement and private security firms – China has consistently denied the claims made against it. At the time of writing, the Chinese Embassy in the UK had not responded to a request for comment for this story. However, following the publication of this article a spokesperson for the embassy said: “The Chinese government is a staunch defender of cybersecurity. We firmly oppose and fight all forms of cyber attacks and cyber crimes.” They added that those investigating cyberattacks should present evidence and “groundless speculations must stop”.

中共尽管被他国政府、司法部门和私人网络安全公司公开批评黑客活动,然而中共一直否认这一说法的真实性。在本文发表后,使馆发言人说:“中共国政府是网络安全的坚定捍卫者。我们坚决反对并打击一切形式的网络攻击和网络犯罪。”他们补充说,那些调查网络攻击的人应该提供证据,“毫无根据的猜测必须停止”。

After this week’s US indictment, China’s ambassador to the UK tweeted to refute claims of data being stolen. “Such accusations constitute disrespect for Chinese scientists & their achievements; they could also undermine international cooperation on R&D,” Liu Xiaoming said. “The world must strongly oppose and reject such groundless claims.” Other denials have been similarly strong. In 2018 it said the US should “respect the truth” and “stop deliberately slandering China”.

在本周美国提起公诉后,中共国驻英国大使在推特上反驳了有关数据被盗的说法。 “这些指控构成对中共国科学家及其成就的不尊重;他们还可能破坏研发方面的国际合作。”刘晓明说。 “世界必须坚决反对并拒绝这种毫无根据的主张。”其他否认也同样如此。它在2018年表示,美国应“尊重真相”,并“停止故意诽谤中共国”。

But China’s hacking activities aren’t new. Over the last decade high-profile hacks have been routinely attributed to groups working on behalf of the Chinese government, with law enforcement agencies in the US issuing warrants for those it believes to be guilty. Targets included military and technology secrets and personal data – four Chinese hackers are alleged to have stolen 143 million people’s data from credit reporting agency Equifax in 2017.

但是中共国的黑客活动并不新鲜。在过去的十年中,引人注目的骇客攻击通常归因于代表中共国政府开展工作的团体,美国的执法机构则对认为有罪的人签发了逮捕令。目标包括军事和技术秘密以及个人数据-据称,四名中共国黑客在2017年从信用报告机构Equifax窃取了1.43亿个人的数据。

“They are a massive country that does more hacking than anyone else,” says Ben Read, a senior manager of cyber-espionage analysis at Mandiant Threat Intelligence, which is owned by security firm FireEye. Earlier this month, the FBI said it was opening a new China-related counterintelligence case every ten hours, adding that half of its current counterintelligence cases are against the country. The FBI also said that it was now “more likely than not” that American adults have had their data stolen by China.

由安全公司火眼(FireEye拥有的曼迪安特威胁情报(Mandiant Threat Intelligence)的网络间谍分析高级经理本,瑞德(Ben Read)说:“它们是一个大国,有比其他任何国家都多的黑客。”美国联邦调查局本月初表示,将每隔十小时就一宗与中共国有关的新反情报案件展开审理,并补充说,目前其反情报案件中有一半是针对该国的。联邦调查局还表示,现在“很有可能”美国成年人的数据被中共国窃取了。

During the pandemic Read has seen Chinese-backed hackers focus their efforts towards Covid-related information. “We have seen some targeting of healthcare organisations,” Read says. “The most active [group] we have seen are APT41,” he adds. “They continue to do stuff that is financially motivated and what looks traditional espionage targeting.” Read confirms the company has uncovered Chinese-backed hacking attempts on EU governments and institutions over the last six months. In June, the European Commission called out China for attacking hospitals. China denied this by saying cyberattacks relating to the pandemic should be “unequivocally condemned by all”.

在大流行期间,瑞德(Read)看到了中共国支持的黑客将精力集中在与新冠病毒(Covid)相关的信息上。 “我们已经看到了一些针对医疗机构的目标,” 瑞德(Read)说。他补充说:“我们见过的最活跃的组织是APT41。” “他们继续做有财务动机的事情,看起来像是传统的间谍活动目标。” 瑞德(Read)确认该公司在过去六个月中发现了中共国支持的对欧盟政府和机构的黑客攻击尝试。六月,欧盟委员会警告中共国袭击医院。中国否认这一点,称与大流行有关的网络攻击应“受到所有人的明确谴责”。

“In EU countries it has been spear-phishing with your normal sort of attachments,” Read says. Spear-phishing attacks involve hackers trying to trick people into providing login details to sensitive systems or downloading files that contain malware. They are targeted at individuals, leveraging lures that make them look genuine – for instance, an email may be spoofed to look like it has come from your boss. Successful spear-phishing can help hackers get a foothold in a network from which they can move around and collect data.

瑞德说:“在欧盟国家,鱼叉式网络钓鱼通常带有您常用的附件。”鱼叉式网络钓鱼攻击涉及黑客试图诱骗人们向敏感系统提供登录详细信息或下载包含恶意软件的文件。他们针对个人,利用诱饵他们看起来真实例如,一封电子邮件可能被伪装成看起来是您老板发来的。成功的鱼叉式网络钓鱼可以帮助黑客在网络中立足,他们可在网络中到处游窜并收集数据。

Across Europe, Mandiant has spotted Chinese hackers attempting to access presidential administrations and ministries of foreign affairs – the aim may have been to access diplomatic intelligence but since the attacks didn’t compromise their targets it is impossible to be certain. Read says he can’t name countries or specific governments that have been targeted due to client confidentiality. Mandiant’s parent company, FireEye, is expected to publish further analysis of Covid-19 espionage attempts against the UK – from China and elsewhere – in the coming days.

在整个欧洲,曼迪安特发现了中共国黑客企图进入总统府和外交部的目的-目的可能是获得外交情报,但由于攻击并未损害其目标,因此无法确定。瑞德说,由于客户的机密性,他无法说出已成为攻击目标的国家或特定政府。预计曼迪安特(Mandiant)的母公司火眼(FireEye)将在未来几天内发布针对来自中共国和其他地方的针对英国的新冠病毒Covid-19间谍活动的进一步分析。

There have been parallels with the tactics of the alleged Russian-backed hackers who were trying to steal coronavirus vaccine information. Those working on behalf of China appear to have been quick to take advantage of vulnerabilities in hardware and software. “In some cases, those vulnerabilities were newly announced, meaning that many users would not have installed patches to correct the vulnerability,” the US Department of Justice said on July 21 as it indicted two Chinese nationals – Li Xiaoyu (李啸宇) and Ddon Jiazhi (董家志) – for stealing data and making millions in personal profit.

与所谓的俄罗斯支持的黑客试图窃取冠状病毒疫苗信息的策略相似。那些代表中共国工作的人似乎很快就利用了软硬件漏洞。美国司法部于7月21日表示:“在某些情况下,这些漏洞是新宣布的,这意味着许多用户不会安装补丁来纠正此漏洞。”美国司法部指控两名中国共公民(李啸宇)和Ddon Jiazhi。 (董家志)–用于窃取数据并赚取数百万个人利益。

There are two ways countries often conduct cyber operations, explains Lotem Finkelsteen, the global manager of threat intelligence at security firm Check Point. During the pandemic, Check Point has publicly linked two separate cyberattacks to China. It says the country used spear-phishing emails that pretended to be from Mongolia’s government and attempted to trick public sector groups into opening malware-laden attachments that claimed to contain details about Covid-19’s spread. The second alleged a Chinese-based hacking group was carrying out espionage againstgovernments across the Asia-Pacific region.

安全公司威胁情报检查点(Check Point)的全球经理洛滕·芬克尔斯汀(Lotem Finkelstee)解释说,中共经常进行网络运营的方式有两种。在大流行期间,检查点(Check Point)公开将两个单独的网络攻击与中共国联系在一起。它说该国使用伪装来自蒙古政府的鱼叉式网络钓鱼电子邮件,并试图诱骗公共部门组织打开载有恶意软件的附件,这些附件声称包含有关新冠病毒Covid-19传播细节的信息。第二个据称是由中共国人组成的黑客组织在整个亚太地区对政府进行间谍活动。

“One way is you can use your own agencies to maintain these kinds of attacks,” Finkelsteen says. “The other way is to use proxy units, meaning outsourcing the attack to some private actors and usually it is done to detach yourself from an attack.” China is believed to do a mixture of both. The People’s Liberation Army Strategic Support Force is “at the forefront of Beijing’s efforts to achieve information dominance,” a report presented to US congress in 2019 stated. The Support Force is not the only group involved though. Past analysis has included government and military hackers alongside “contractors, patriotic hackers, and even criminal elements”.

芬克尔斯汀(Finkelstee)说:“一种方法是,您可以使用自己的代理机构来维持这类攻击。” “另一种方式是使用代理单位,这意味着将攻击外包给一些私人参与者,通常是为了使自己脱离攻击。”相信中共国将两者结合在一起。 2019年向美国国会提交的一份报告称,中共国人民解放军战略支持部队“处于北京实现信息优势的努力的最前沿”。支援部队不是唯一参与的团体。过去的分析包括政府和军事黑客以及“承包商,爱国黑客,甚至犯罪分子”。

What has recently been emerging, as highlighted by the senior Western security source, is the prevalence of hackers being linked to local Ministry of State Security, or MSS, offices. The MSS can be considered a blend of the US Central Intelligence Agency (CIA) and Federal Bureau of Investigation (FBI). The two Chinese nationals indicted by the US this week have been linked to the Guangdong Province division of the MSS; two other Chinese intelligence officers working for the Jiangsu Province branch of the MSS were indicted by the US in October 2018 for stealing aviation and tech data.

正如西方资深安全消息来源所强调的那样,最近出现了与本地国家安全部(MSS)办公室有联系的黑客。可以将国家安全部MSS视为美国中央情报局(CIA)和联邦调查局(FBI)的混合。美国本周被起诉的两名中国公民与国家安全部MSS的广东省分部有联系。美国于2018年10月起诉了另外两名在国家安全部MSS江苏省分局工作的中国情报人员,他们窃取了航空和技术数据。

“We can find techniques that they use,” Finkelsteen says. “Due to the common techniques we see, we tend to believe they share knowledge, if they share knowledge there is some network to do that.” Mandiant’s Read adds that he has seen Chinese groups sharing hacking tools, including shared malware libraries and similar pieces of code across different attacks. “There are some groups that are very regionally focused,” he says. “There's a group that goes really hard at Central Asia and Mongolia.”

“我们可以找到他们使用的技术,” 芬克尔斯汀(Finkelsteen)说。 “由于我们看到的通用技术,我们倾向于认为他们共享知识,如果他们共享知识,那么就有某种网络可以做到这一点。” 曼迪安特( Mandiant)的《读物》补充说,他已经看到中国团体共享黑客工具,包括共享的恶意软件库和不同攻击中使用相似代码段。他说:“有些小组非常注重区域性。” “在中亚和蒙古,确实有一群人非常努力。”

Details of Chinese-backed hacking culture were exposed in December 2018 when the US and UK government publicly named the hacking group APT10 – also known as Stone Panda – for stealing “hundreds of gigabytes of sensitive data” from 45 different people. The attacks included theft of information from Nasa. Those working for ATP10 were closely associated with the Tianjin province arm of the MSS led standard nine-to-five lives. They “worked in an office environment and typically engaged in hacking operations during working hours in China,” the US indictment for two men said. The hackers indicted this week worked in an uninspiring office block in Guangdong province.由中共国支持的黑客文化的详细信息于2018年12月曝光,当时美国和英国政府将黑客组织(也称为石熊猫Stone Panda)公开命名为“黑客组织”APT10,原因是它们从45个不同的人那里窃取了“数百千兆字节的敏感数据”。攻击包括美国国家航空航天局的信息盗窃。从事ATP10工作的人与国家安全部MSS天津市领导的小组是五天九小时工作生活规律。美国对两名男子的起诉书称,他们“在办公室环境中工作,通常在中国上班时间从事黑客活动。” 本周被起诉的黑客们在广东省一个毫不起眼的办公大楼内工作。

Countries opposing state-backed hacking from China have a difficult time combatting it – many, including the UK and US, have their own offensive cyber divisions and very little is known about how they operate. “Most of this isn’t governed by treaties,” says Dapo Akande, a professor of public international law at the University of Oxford. “The rules really are not necessarily specific to cyber operations and cyber activities”. Akande has led a group of 120 international lawyers in stating that hacking attempts on medical facilities during the pandemic should be treated as international crimes.

反对来自中共国的由国家支持的黑客攻击的国家很难与之抗衡-许多国家,包括英国和美国,都有自己的进攻性网络部门,对其运作方式知之甚少。牛津大学国际公法教授达波·阿坎德(Dapo Akande)说:“其中大多数不受条约约束。” “这些规则实际上不一定特定于网络运营和网络活动”。阿坎德(Akande)带领120名国际律师组成的小组,指出在瘟疫大流行期间对医疗设施进行黑客攻击的企图应视为国际罪行。

Many of the claims made appear to fly the face of agreements made between the UK, US and China in 2015. A mutual UK-China statement says both countries agreed to not conduct or support “cyber-enabled theft of intellectual property, trade secrets or confidential business information”. The agreement added there should be “mutual respect and understanding” between the countries.

许多投诉似乎与2015年英、美、中三国之间达成的协议背道而驰。英中共同声明说,两国同意不进行或支持“以网络为基础的盗窃知识产权,商业秘密或机密商业信息”。 协议补充说,各国之间应该“相互尊重和理解”。

Cyberattacks can be prosecuted under existing international laws, Akande says. There may not be a need for new international laws governing what can and can’t be hacked. Existing rules around states not interfering in the internal affairs of other countries, the prohibition of the use of force, and human rights aspects, such as the right to health and the right to life, can cover state-backed hacking, Akande adds.

阿肯德说,网络攻击可以根据现行的国际法来起诉。可能不需要新的国际法律来规范哪些内容可以被黑客入侵和不能被黑客入侵。阿坎德补充说,围绕国家的现行规则不干涉其他国家的内政,禁止使用武力以及诸如健康权和生命权之类的人权方面,可以涵盖国家支持的黑客行为。

In the last three years there has been an increase in public naming and shaming of hackers believed to be working for China. Politicians in the UK and US hope that if they try to humiliate the countries that attack them, it may disrupt their future hacking efforts. In reality, named hackers, whether in China or Russia, are unlikely to travel internationally and risk arrest. The statements may also serve another purpose: to set out what is considered unacceptable.

在过去三年中,公开称呼和羞辱被认为在中共国工作的黑客的现象有所增加。英国和美国的政界人士希望,如果他们侮辱攻击他们的国家,可能会破坏他们未来的黑客努力。实际上,无论是在中共国还是在俄罗斯,有名的黑客都不太可能出国旅行并有可能遭到逮捕。这些声明还可以用于另一个目的:列出被认为不可接受的内容。

“These statements indicate quite a lot of collaboration across governments and cybersecurity agencies,” Akande says. He adds that when multiple countries can agree to what incorrect espionage behaviour is, it will become easier to tackle nations that break the rules.“ Countries are very keen to avoid the idea that cyberspace is an ungoverned space. They want to make it clear that law applies here as well.”

“这些声明表明了政府与网络安全机构之间的大量合作,”阿坎迪( Akande)说。他补充说,当多个国家认同了什么是违法的间谍行为时,将更容易对付违反规章制度的国家。各国非常希望避免将网络空间视为不受管制的空间的想法。 他们想弄清楚法律在这里也适用。”

编辑:【喜马拉雅战鹰团】Edited by:【Himalaya Hawk Squad】