Using Steganography, 4 Chinese Hackers Accused Of Hiding Data Behind Donald Trump's Image
JAKARTA - The US government has accused four Chinese hackers who worked for a cybersecurity company of actually being spies tasked with stealing secrets around the world.
On Monday, July 19, the US Department of Justice (DOJ), accused Ding Xiaoyang, Cheng Qingmin, Zhu Yunmin, and Wu Shurong of hacking. Xiaoyang, Qingmin, and Yunmin are suspected of working for China's Ministry of State Security under a company called Hainan Xiandun, which is said to provide cybersecurity services.
According to an FBI source, Shurong is suspected of being one of the hackers working for the company. All four were part of a hacking group known in the industry as APT 40.
In the indictment, the DOJ lists 21 victims without naming them, including research facilities in the US, universities, defense contractors, and foreign government agencies in Cambodia, Saudi Arabia, and Malaysia.
また読む:
According to the indictment, as part of their hacking activity, the four allegedly used popular internet services such as LinkedIn and GitHub. In January 2018, hackers hid "stolen trade secrets and proprietary hydroacoustic data" in an image of Donald Trump and a koala.
Hackers hide the stolen data using a technique called steganography. Steganography is a way of hiding data in images, which at first glance look like ordinary images you see while surfing the internet. This is a technique "which deals with making information completely invisible, or hiding it in plain sight,".
Steganography has been used to hide William Shakespeare's complete works in crude images of authors posted on Twitter, or to exchange messages on jihadi encrypted messaging apps.
The four hackers released by the Ministry of Justice are not even the first Chinese hackers to use this technique. In 2019, security researchers said they discovered another Chinese hacking group, dubbed APT15, was using steganography to distribute malware.
To date, the Chinese Embassy in Washington DC has not provided or responded to requests for comment from the media.