Forwarded from Pegasus NSO & other spyware
An inside look at NSA (Equation Group) TTPs from China’s lense | Inversecos
#NSA #EquationGroup #APTc40 #CVERC #China #US
Since I reside in a Five Eyes country and have publicly presented four cases I led on China’s APT41 attacking organisations in ASEAN, particularly concerning China’s cyber and political strategies, I was curious to explore what China publishes about Five Eyes operations. This led me down a rabbit hole of research into TTPs that Chinese cybersecurity entities have attributed to the NSA – or, as they coin “APT-C-40”.
These insights stem from extensive research I did on Weixin containing intelligence reports published by China’s Qihoo 360, Pangu Lab, and the National Computer Virus Emergency Response Center (CVERC).
My goal in writing this blog is simply to aggregate and share what Chinese sources are publishing about NSA’s cyber operations (APT-C-40) to see if I could learn any new detection techniques or offensive techniques to research for fun.#NSA #EquationGroup #APTc40 #CVERC #China #US
Forwarded from Pegasus NSO & other spyware
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China | gfw report
#DNS #DNSInjection #GreatFirewall #China
We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall’s well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor’s operational behaviors.#DNS #DNSInjection #GreatFirewall #China