China is trying to put together a cyber weapon without reporting software vulnerabilities



Microsoft points out that the 2021 law enacted in China has improved China's cyber attack capabilities.

China likely is stockpiling vulnerabilities, says Microsoft • The Register

https://www.theregister.com/2022/11/07/china_stockpiles_vulnerabilities_microsoft_asserts/

A 2021 law enacted by the Chinese government required companies to report security vulnerabilities to local authorities before disclosing them. On the one hand, the law allows governments to hoard information about vulnerabilities through the use of local reports.

In 2022, Atlantic Council researchers found fewer vulnerabilities reported from China and an increase in anonymous reports.

The `` (PDF file) 2022 Digital Defense Report '' announced by Microsoft on November 4, 2022 points out that this law may have enabled the Chinese government to weaponize vulnerabilities. Microsoft also said, ``The increase in zero-day attacks by China-based cyber terrorists over the past year is due to the Chinese security community being required to disclose vulnerabilities and making zero-day attacks a national priority. It is thought that it is because it has come to be used.'



According to Microsoft, the Chinese government is said to have strengthened cyber attacks such as espionage and information hacking to counter the United States, which is trying to increase its influence in Southeast Asian countries. It also provides several real-life examples of various Chinese government-sponsored terrorists and related cyberattacks.

For example, 100 accounts of the intergovernmental organization were targeted by

GALLIUM , one of the criminal syndicates conducting APT attacks , when the intergovernmental organization in Southeast Asia announced talks between the US government and leaders of the Southeast Asian region. . In addition, there are cases in which the Solomon Islands government system and the communication network in Papua New Guinea were intruded for the purpose of collecting information when the Solomon Islands and China concluded a military agreement.

In addition, Microsoft reported that national cyberattacks targeting critical infrastructure increased from 20% in 2021 to 40% in 2022 as a global trend, including China, and most attacks accuses Russia of targeting Ukraine.



Moreover, Iran has launched cyberattacks against port authorities in Israel, the EU, and the United States as geopolitical relations deteriorate.

Meanwhile, North Korea has stolen cryptocurrencies from financial institutions and high-tech companies and carried out cyberattacks on the aerospace industry and researchers. In addition, it is said that it tried to access the world's news organizations.

in Software, Posted by log1r_ut