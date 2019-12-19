 Chinese hackers and Operation F**k Me - SupChina
Chinese hackers and Operation F**k Me

Bloomberg reports (porous paywall):

A Chinese government-linked hacking group that was thought to be dormant has been quietly targeting companies and government agencies for the last two years, harvesting data after stealing passwords and circumventing two-factor authentication intended to prevent such attacks, according to researchers.

Fox-IT, a security company based in the Netherlands, said in a report published Thursday that the group’s attacks have extended to 10 countries, including the U.S., the U.K., France, Germany and Italy.

The Chinese hackers carried out a global espionage campaign that targeted industries including aviation, construction, finance, health care, insurance, gambling and energy, the firm said.

The hackers likely belong to a group known as APT20, according to the researchers, who said they had “high confidence that the actor is a Chinese group and that they are likely working to support the interests of the Chinese government.”

Fox-IT calls the group’s activities Operation Wocao (我操 “wǒ cāo — literally “I f**k” but used more like “shit,” “damn,” or “f**k me”). Bloomberg explains:

Perhaps the most striking indicator [that the hackers were Chinese] came after the hackers found out they had been caught. Fox-IT moved to shut them out of a compromised network and watched as the group typed in a series of commands to try and regain access to the computers.

When it became clear that they had been locked out, one of the hackers, apparently frustrated, bashed out the word “wocao” on his keyboard.

—Jeremy Goldkorn

    Jeremy Goldkorn

    Jeremy Goldkorn worked in China for 20 years as an editor and entrepreneur. He is editor-in-chief of SupChina, and co-founder of the Sinica Podcast.

