The U.S. Officials Cite Some Countries Use Second-Party Spyware To Attack Them And Their Allies

JAKARTA - The irresponsible government is suspected to have used the power of a second party to carry out cyber attacks. Such attacks could endanger the US and other countries around the world.

China, Iran, Russia, and other foreign adversaries are alleged by the US to have entered into contracts with hackers, deployed advanced spyware technology, and used social media platforms as tools to facilitate espionage.

A senior official in the Joe Biden government said that the US and its allies blamed the Microsoft Exchange hack, which compromised tens of thousands of computers, on "criminal contract hackers" working for China's Ministry of State Security.

The Justice Department has indicted four Chinese nationals, including three suspected State Security Ministry officials, in a malicious cyber campaign. The ministry recruits hackers through universities in Hainan and elsewhere in China.

“Not only did the university assist MSS in identifying and recruiting hackers and linguists to penetrate and steal from the computer network of the targeted entity, including colleagues at many foreign universities, but personnel at one of the identified Hainan-based universities also helped support and manage Hainan. Xiandun as a front company, including through payroll, benefits and mailing addresses", said a source at the US Department of Justice.

Chinese Foreign Ministry spokesman Zhao Lijian posted a message on Twitter dismissing the US and allied criticism as "baseless accusations". Instead, he claims that the US is the world's top "hacking empire".

China is not the only provider of cyberattacks. Facebook said it had observed a group of hackers in Iran outsourced malicious software development to several cybercriminal gangs.

Mike Dvilyanski and David Agranovich of Facebook said Mahak Rayan Afraz, an information technology company based in Tehran with alleged ties to the Islamic Revolutionary Guard Corps, developed some of the malware used by Iranian hackers who leveraged Facebook as part of a "larger cross-platform cyberspace espionage operations".

Writing on the Facebook blog last week, Dvilyanski and Agranovich said the hackers used a specially crafted malware tool and shared a link to a malicious Microsoft Excel spreadsheet that allowed the malware to profile the victim's machine.

Facebook said they found the hackers had targeted “military personnel and companies in the defense and aerospace industries primarily in the US, and to a lesser extent in the UK and Europe”.

Google has also recently revealed that Russian hackers are using LinkedIn messages to target government officials using Apple devices. Google's Threat Analysis Group identified the hackers as "likely Russian government-backed actors". Google said it was the same actor as other cybersecurity professionals linked to groups affiliated with the Russian Foreign Intelligence Service (SVR). The US government blamed SVR for hacking the SolarWinds computer network management software.

This outsourcing of cyber and cyber battles is not limited to governments using academia to find skilled hackers or commercial businesses run by former regime officials. In some cases, authoritarian regimes rely on available tools and technology to monitor and disrupt their targets.

Israeli technology and spyware company NSO Group has sold Pegasus, a product that can access smartphone messages, cameras, and microphones without any action from the user. The Pegasus Project, a collaborative investigation by more than 80 journalists and 17 media outlets from 10 countries, was organized by news outlet Forbidden Stories.

According to Amnesty International Security Lab, which provides technical support to the Pegasus Project, Pegasus users exercise widespread and unlawful surveillance.

The technical team said they observed cyber attackers exploiting the iPhone 12 using the latest operating system software available from Apple at the time of publication of the report.

"The Pegasus attacks detailed in this report and accompanying annexes are from 2014 to July 2021", said the Amnesty International Security Lab report. “This also includes so-called 'zero-click' attacks that do not require any interaction from the target. Clickless attacks have been observed since May 2018 and continue today”.

The NSO Group has denied allegations by journalists and organizations participating in the Pegasus Project. "We would like to emphasize that NSO sells its technology solely to law enforcement and government intelligence agencies under scrutiny for the sole purpose of saving lives through the prevention of crime and acts of terror", the NSO Group said Sunday in a statement on its website.