{"id":294758,"date":"2025-11-16T08:18:13","date_gmt":"2025-11-16T08:18:13","guid":{"rendered":"https:\/\/www.newsbeep.com\/us\/294758\/"},"modified":"2025-11-16T08:18:13","modified_gmt":"2025-11-16T08:18:13","slug":"a-major-leak-spills-a-chinese-hacking-contractors-tools-and-targets","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/us\/294758\/","title":{"rendered":"A Major Leak Spills a Chinese Hacking Contractor\u2019s Tools and Targets"},"content":{"rendered":"<p>The United States <a href=\"https:\/\/www.wired.com\/story\/doj-issued-seizure-warrants-to-starlink-over-satellite-internet-systems-used-at-scam-compounds\/\" rel=\"nofollow noopener\" target=\"_blank\">issued a seizure warrant to Starlink<\/a> this week related to satellite internet infrastructure used in a scam compound in Myanmar. The action is part of a larger US law enforcement interagency initiative announced this week called the District of Columbia Scam Center Strike Force.<\/p>\n<p class=\"paywall\">Meanwhile, <a href=\"https:\/\/www.wired.com\/story\/lighthouse-google-lawsuit-scam-text-messages\/\" rel=\"nofollow noopener\" target=\"_blank\">Google moved this week to sue 25 people<\/a> that it alleges are behind a \u201cstaggering\u201d and \u201crelentless\u201d scam text operation that uses a notorious phishing-as-a-service platform called Lighthouse.<\/p>\n<p class=\"paywall\">WIRED reported this week that the US Department of Homeland Security collected data on Chicago residents accused of gang ties to test if police files could feed an FBI watchlist\u2014and then, crucially, <a href=\"https:\/\/www.wired.com\/story\/dhs-kept-chicago-police-records-for-months-in-violation-of-domestic-espionage-rules\/\" rel=\"nofollow noopener\" target=\"_blank\">kept the records for months in violation of domestic espionage rules<\/a>.<\/p>\n<p class=\"paywall\">And there\u2019s more. Each week, we round up the security and privacy news we didn\u2019t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.<\/p>\n<p class=\"paywall\">China\u2019s massive intelligence apparatus has never quite had its <a href=\"https:\/\/www.wired.com\/2014\/08\/edward-snowden\/\" rel=\"nofollow noopener\" target=\"_blank\">Edward Snowden moment<\/a>. So any peak inside its surveillance and hacking capabilities represents a rare find. One such glimpse has now arrived in the form of about 12,000 documents leaked from the Chinese hacking contractor firm KnownSec, first revealed on the Chinese-language blog <a data-offer-url=\"https:\/\/mrxn.net\/news\/Knownsec-data-leak.html\" class=\"external-link\" data-event-click=\"{&quot;element&quot;:&quot;ExternalLink&quot;,&quot;outgoingURL&quot;:&quot;https:\/\/mrxn.net\/news\/Knownsec-data-leak.html&quot;}\" href=\"https:\/\/mrxn.net\/news\/Knownsec-data-leak.html\" rel=\"nofollow noopener\" target=\"_blank\">Mxrn.net<\/a> and then picked up by Western news outlets this week. The leak includes hacking tools such as remote-access Trojans, as well as data extraction and analysis programs. More interesting, perhaps, is a target list of more than 80 organizations from which the hackers claim to have stolen information. The listed stolen data, according to Mrxn, includes 95 GB of Indian immigration data, three TB of call records from South Korean telecom operator LG U Plus, and a mention of 459 GB of road-planning data obtained from Taiwan, for instance. If there were any doubts as to whom KnownSec was carrying out this hacking for, the leak also reportedly includes details of its contracts with the Chinese government.<\/p>\n<p class=\"paywall\">The cybersecurity community has been warning for years that state-sponsored hackers would soon start using AI tools to supercharge their intrusion campaigns. Now the first known AI-run hacking campaign has surfaced, according to Anthropic, which says it discovered a group of China-backed hackers using its Claude tool set extensively in every step of the hacking spree. According to Anthropic, the hackers used Claude to write malware and extract and analyze stolen data with \u201cminimal human interaction.\u201d Although the hackers bypassed Claude\u2019s guardrails by couching the malicious use of its tools in terms of defensive and whitehat hacking, Anthropic says it nonetheless detected and stopped them. By that time, however, the spy campaign had successfully breached four organizations.<\/p>\n<p class=\"paywall\">Even so, fully AI-based hacking still isn\u2019t necessarily ready for prime time, points out <a href=\"https:\/\/arstechnica.com\/security\/2025\/11\/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous\/\" rel=\"nofollow noopener\" target=\"_blank\">Ars Technica<\/a>. The hackers had a relatively low intrusion rate, given that they targeted 30 organizations, according to Anthropic. The AI startup also notes that the tools hallucinated some stolen data that didn\u2019t exist. For now, state-sponsored spies still have some job security.<\/p>\n<p class=\"paywall\">The North Koreans raising money for the regime of Kim Jong Un by getting jobs as remote IT workers with false identities aren\u2019t working alone. Four Americans pleaded guilty this week to letting North Koreans pay to use their identities, as well as receiving and setting up corporate laptops for the North Korean workers to remotely control. Another man, Ukrainian national Oleksandr Didenko, pleaded guilty to stealing the identities of 40 Americans to sell to North Koreans for use in setting up IT worker profiles.<\/p>\n<p class=\"paywall\">A report from 404 Media shows that a Customs and Border Protection app that uses face recognition to identify immigrants is being hosted by Google. The app can be used by local law enforcement to determine whether a person is of potential interest to Immigration and Customs Enforcement. While platforming the CBP app, Google has meanwhile <a href=\"https:\/\/www.wired.com\/story\/apple-took-down-ice-tracking-apps-their-developers-arent-giving-up\/\" rel=\"nofollow noopener\" target=\"_blank\">recently taken down<\/a> some apps in the Google Play Store used for community discussion about ICE activity and ICE agent sightings. Google justified these app takedowns as necessary under its terms of service, because the company says that ICE agents are a \u201cvulnerable group.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"The United States issued a seizure warrant to Starlink this week related to satellite internet infrastructure used in&hellip;\n","protected":false},"author":2,"featured_media":294759,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45],"tags":[182,181,507,144,7257,168,4002,6505,7270,154032,74],"class_list":{"0":"post-294758","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-artificial-intelligence","10":"tag-artificialintelligence","11":"tag-china","12":"tag-cybersecurity","13":"tag-google","14":"tag-hacking","15":"tag-north-korea","16":"tag-security","17":"tag-security-roundup","18":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/294758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/comments?post=294758"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/294758\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media\/294759"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media?parent=294758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/categories?post=294758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/tags?post=294758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}