On Wednesday, July 26, 2023, the Wuhan Earthquake Monitoring Center in China was hit by a cyberattack. The attack was carried out by a hacker group with an “overseas government background,” according to the Chinese government.
The Global Times newspaper, owned by the Chinese Communist Party, reported that the attack was first discovered on Wednesday morning. The newspaper said that the hacker group used a Trojan horse program to gain access to the center’s network.
The Wuhan Municipal Emergency Management Bureau said that the public safety center immediately sealed off affected equipment and reported the attack to the authorities. The bureau said that the attack did not cause any damage to the center’s operations.
The Chinese government has not yet identified the hacker group responsible for the attack. However, Chinese Foreign Ministry Spokesperson Mao Ning condemned the attack and said that it was “a malicious cyber operation against China.”
Ning also accused the US government of being behind the attack. She said that the US government is “engaged in malicious cyber operations against not just China but countries around the world.”
However, there is no evidence to support Ning’s claim that the US government was behind the attack. In fact, some experts believe that the attack was more likely carried out by an independent actor or hacktivist.
Ian Thornton-Trump, CISO for Cyjax, told Infosecurity that it is “not likely any credible US Government or US-contracted APT group would use an IP address attributable to the country of where the attack originated from.” He said that a more likely scenario is that the attack was carried out by an independent actor or hacktivist who is “possibly sympathetic to the current tensions with Taiwan.”
Thornton-Trump also questioned what the US government would gain by targeting a public safety service like the Wuhan Earthquake Monitoring Center. He said that such an attack would be “highly counterproductive” and would “lose the moral high ground of your cyber operations.”
The cyber-attack on the Wuhan Earthquake Monitoring Center is the latest in a series of attacks on Chinese government and military targets. In July 2023, Microsoft revealed that it had discovered a Chinese espionage campaign that compromised at least 25 organizations, including the US government. This shortly followed a joint advisory from government cybersecurity agencies from the US, Australia, Canada, New Zealand and the UK in May 2023 that warned about Chinese cyber activity targeting critical national infrastructure networks in the US.
The growing tensions between the US and China have reportedly spilled into the cyber realm. It remains to be seen who was behind the attack on the Wuhan Earthquake Monitoring Center, but it is a reminder of the growing threat of cyberwarfare between the two countries.
Here are some additional details about the attack:
The attack was carried out using a Trojan horse program that was disguised as a legitimate software update.
The Trojan horse program allowed the hacker group to gain access to the center’s network and steal sensitive data.
The hacker group was able to access the center’s network for several hours before they were discovered.
The attack did not cause any damage to the center’s operations.
The implications of the attack:
The attack is a reminder of the growing threat of cyberwarfare between the US and China.
The attack could have serious consequences if it had caused damage to the center’s operations.
The attack could also have a chilling effect on international cooperation on earthquake monitoring.
CyberSec84 | Cybersecurity news. 
Leave a comment