How China tries to Hack Intel9, Consider Huawei

Some readers in undecided countries may require visceral evidence of the Huawei hazard. While hacking a website is old news, China is a  corporate state where hacking is a tool generally employed. The hacks documented below have limited effect, because, with the exception noted by Bloomberg, China has not infiltrated U.S. server infrastructure at the hardware level. Quoting (Bloomberg) New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom,

A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working…

There are many ways to hack a website. Since the security of commercial servers is professionally maintained, the softer target is the client software hosted on a server, as exhibited below. It originated today from IP, which by reverse-DNS lookup, resolves to “CHINA UNICOM China169 Backbone, Beijing.” Although there are many kinds of attacks, this typifies  the thousands of occasions in the website log  of hacking attempts.

China hackers of Intel9 showed little interest in geopolitics. The intensity of attacks seen by Intel9 spiked in reaction to technical content. Conversely, Russian interest correlates more with their refined approach to HUMINT.

Each line below represents an attempt, this morning, to access a nonpublic file at the core of a WordPress installation. The location of the file is on the left. The result code, “404” indicates that the  attacker failed to access the file.

//x.php                                      404             05-21-19 11:56 am
//lx.php                                    404              05-21-19 11:56 am
//plus/mybak.php               404             05-21-19 11:56 am
//data/cache/flye.php      404             05-21-19 11:56 am
//plus/read.php                   404              05-21-19 11:56 am
//plus/lucas.php                  404             05-21-19 11:55 am
//data/cache/asd.php       404             05-21-19 11:55 am
//plus/laobiao.php             404             05-21-19 11:55 am
//fdgq.php                               404             05-21-19 11:55 am
//Config_Shell.php              404            05-21-19 11:55 am

The attacks failed, in large part because China has not, at least on a  large scale, infiltrated server hardware. Such infiltration embodies the Huawei threat.

Leave a Reply