A smokeless“Battle” has been going on.
The Tianhe District branch of the Guangzhou Public Security Bureau issued a”Police intelligence notice” on the 27th, saying that there had been important progress in the investigation of a cyber attack on a technology company by foreign hackers.
Originally, Guangzhou Police have initially identified the company suffered from the cyberattacks are Taiwan’s Democratic Progressive Party (DPP-RRB- authorities funded by the hacker group.
Let’s run through the timeline.
On May 20, a technology company in Guangzhou was attacked by hackers, and the Guangzhou Police quickly stepped in to investigate.
This attack is a large-scale organized and premeditated action by overseas hacker organizations, which has the trace of network warfare and can be done by non-ordinary individual hackers.
The related network attack has the obvious political background, has the high directionality, belongs to the persistent threat activity, namely APT attack.
The incident caused heavy losses to the Guangzhou Company, the company involved in self-service terminals covering 32 cities across the country, the system failure during the cumulative impact of more than 500,000 times the use of equipment.
More worrying is that the background of the database of user identity information, device operation data and other sensitive content leakage risk.
During the emergency response, technicians found that the traces of the attack showed that the hacker had tried to establish a persistent access channel, showing professional militarization features from vulnerability exploitation to enhanced authority to trace removal.
Preliminary tracking found that the hacker organization long-term use of open source tools to scan detection of China’s important departments, Sensitive Industries and technology companies network assets.
Not only are guangzhou-based companies under attack, but they are also operating in more than a dozen provinces on the mainland, according to the Tianhe District branch of the city’s Public Security Bureau.
Military Industry, energy, hydropower, transportation, government and other important areas are targeted by them, involving more than 1,000 important network systems.
If this really lets them succeed, that consequence simply can not imagine, just like to give our social order”Poked a big hole”.
So how did they attack?
They use the open network asset detection platform, specifically for the mainland’s important network system to carry out asset detection, like a thief in the street everywhere”Walk”.
Then the use of phishing e-mail, the use of public vulnerabilities, password violence, self-made simple trojan horse program these”Old” methods to carry out network attacks.
They also frequently use VPN proxies, offshore cloud hosts, puppets, and multinational IP addresses ( , French, Korean, Japanese, etc.) as vests to hide their identity, thinking that they can get away with it.
But technologists offer an analogy: “It’s like stealing with a ten-layer mask and your house number on your belt.”
This“Technical dishes but insisted on trouble” operation, in front of the mainland police, is completely in the“Streaking.
What eventually gave the hacker group away was that their Trojan program had obvious flaws. It was like a paper lantern that could easily be traced back to the source of the attack.
To put it bluntly, these Trojan Horse program like elementary school students copy homework copy wrong answer, the police along the wrong questions directly found their nest.
This hacker organization has been”Stirring up trouble” for a long time. In recent years, it has been continuously targeting mainland network system attacks. In particular, since last year, the frequency of attacks has increased by 300% , targets range from government websites to hydropower plant consoles. This mode of operation, and in the vegetable market, “Fake code real steal money” thief set almost, low-tech content, all rely on a wide net.
Their favorite tactic, for example, is phishing e-mails with the headline”Your Account has an abnormal login” and a crude virus attached.
However, “Evil is better than evil”, the mainland’s countermeasures are more hard core, through the analysis of traffic characteristics, the establishment of”Attack Source Library”, not only to achieve more than 90% of the known attacks of the second-level interception, it can also lock down the physical address of a cyber attack in a very short time.
There are two reasons for the”Taiwan independence” internet army to stir up trouble these two years: first, the DPP authorities are anxious to”Rely on the United States to seek independence” to gain a sense of existence, and second, their”Patron” the United States is behind the knife.
Now the most panic is probably the Taiwan to take on the dirty work of hackers. The mainland police are probably holding more lists than their hukou.
And the DPP authorities are still adamant, deleting posts and blaming”Mainland self-directed and self-staged”, just like the thieves caught on the spot, who still shout”I didn’t steal” even after taking the loot out of their pockets.
The police notice’s reference to”Attacks with clear signs of cyber warfare” directly reveals that the DPP’s central aim in cyber warfare is to create chaos on the mainland through frequent attacks, paving the way for subsequent political manoeuvring.
At present, cyberspace has become an important battlefield in the struggle against”Taiwan independence”.
From a technical point of view, this case highlights the mainland’s network security defense system efficiency and professionalism.
Although the Taiwan Hacker organization tried to confuse the public by means of multi-country IP hopping, its crude technical means and flawed Trojan horse program, it just exposes the essence of”Outside strong, middle dry” and”Inefficient attack”.
By tracing the source accurately and locking the criminal chain, the mainland technical team not only reduces the dimension of the”Taiwan independence” cyber-army’s ability, but also punctures the false narrative of its”Technical deterrence” with the facts.
From a political point of view, the DPP authorities have long cultivated hacker groups and targeted cyber attacks on China’s critical infrastructure and People’s livelihood. This is no longer a simple technical crime, but a blatant act of splitting the country.
The”Taiwan independence” cyber-army is just like the DPP authorities in spreading false information, creating cognitive confusion and disrupting social order in cyberspace, and is in serious violation of relevant laws, is a blatant trampling on the common interests of compatriots on both sides of the strait.
The Mainland’s announcement of the progress of the case is not only a staged demonstration of the evidence already in hand, but also a legal and psychological deterrent to”Taiwan independence” forces.
This further shows that we are well-informed about the DPP authorities and their movements related to the cyber army, including their means, channels and the key figures involved, it also sends a clear signal that the mainland will crack down hard on anyone who tries to”Hide” from evil and split the country.
The case also once again proved that the mainland has the ability to cut off the”Taiwan independence” network of black hands, but also a strong will to safeguard national sovereignty and territorial integrity. If the”Taiwan independence” forces continue to persevere in their attempts to obstruct the process of national rejuvenation and national reunification with nefarious tactics such as cyber attacks, they will surely accelerate their doom, as the old saying goes, “Out of chaos, sooner or later will be returned.”.
Images from the network