アクシオムAxiom JTBの情報流出 DeNAトラベル』の約6500人分、KDDIの『auトラベル』の約4400人分」
【新唐人=米NYに本部を置く中国語衛星TV】http://jp.ntdtv.com/【新唐人2014年11月08日】アメリカ連邦捜査局、FBIは中国共産党当局によっ
ボイス・オブ・アメリカによると、ノヴェッタ・ソリューションズ(Novetta Solutions)を始め、マイクロソフト、シスコ、ファイヤー・アイ、シマンテッ
この集団は少なくとも4年前から、世界各国の政府機関や企業(フォーチューン・グロー
この少し前には、FBIも先端技術を持つ中国政府系のハッカー集団が、長期にわたりア
FBIによると、中国政府によって支援されているハッカー集団「アクシオム(Axio
「全米サイバーセキュリティー連盟」も、FBIと同じ結論を出しています。10月28
このほか、「全米サイバーセキュリティー連盟」の専門家とFBIによると、アクシオム
http://blog.livedoor.jp/intel_news_reports/archives/40804219.html
米FBI、中国政府支援のハッカー集団「アクシオム」の存在に警告―「第61398部隊」に勝る実力とも
- カテゴリ:
- News
- US & Canada
15日付の『Washington Post』が伝えたところによると、アメリカ連邦捜査局(FBI)は、中国政府によって支援されているハッカー集団が、長期にわたってアメリカの政府や企業から重要なデータを盗んでいるという警告を出していたことが分かった。警告には、中国人民解放軍総参謀部第三部の傘下にあり、上海を拠点としてサイバー攻撃を行なっている「第61398部隊」と比較して、「このハッカー集団は、秘匿性や機動性の面において、はるかに勝っている」と指摘されている。『Washington Post』が取材したアメリカの政府高官からも、「第61398部隊」に匹敵、もしくはそれ以上の重大さを持っているとの見解が示されたようだ。
同様の警告は、不正プログラムに関する情報やリソースを共有するために、シマンテック(Symantec)やファイア・アイ(FireEye)など、主にコンピューター・セキュリティー企業によって組織されたプロジェクト、「オペレーションSMN(Operation SMN)」からも出されている。このプロジェクトを率いるノヴェッタ・ソリューションズ(Novetta Solutions)が発表した報告書(要約版)によると、問題のハッカー集団は、「アクシオム(Axiom)」と名付けられており、資金的に潤沢で高度な技術を持ったサイバー上でのスパイ活動を行なっているという。また、少なくとも4年前から自由に活動していた模様である。
主要な標的は、経済・金融、エネルギー、環境、ハイテク製品開発などの分野における主力企業で、中国の戦略的利益に合わせてスパイ活動を行なっている。しかも、ネットワークに侵入するために使われる手段が多様であり、被害を受けた企業において発見されにくくなる工夫まで凝らしているという。
なお、「アクシオム」が用いている技術や戦術については、被害に遭った企業から情報を収集するなどして、現在もまだ調査が続けられている最中である。「オペレーションSMN」としては、2週間後、詳細な報告を発表する予定としているので、テクニカルな分析が知りたい人は、そちらが出るのを待つのが良いだろう。
【関連資料】
Cyber Security Coalition: Executive Summary
Novetta Solutions, October 2014.
【関連記事】
"FBI warns industry of Chinese cyber campaign"
Washington Post, October 15, 2014.
「『中国政府が支援するハッカー集団が長期作戦展開』FBIが警告 隠密性や機動性『61398部隊』をしのぐ」
『産経ニュース』(2014年10月17日)
「FBIなど、中国政府系ハッカー集団の存在を警告 『技術力極めて高い』」
『大紀元』(2014年10月17日)
米セキュリティー企業、中国人ハッカー集団「アクシオム」に関する報告書発表
先日、本ブログで紹介したように、アメリカ連邦捜査局(FBI)は、中国人民解放軍のサイバー部隊、第61398部隊に匹敵、もしくは、それ以上の能力を持つ中国人のハッカー集団が存在し、長期にわたってアメリカの政府機関や企業から重要なデータを盗んでいるとして、警告を発した。このハッカー集団を分析したアメリカのセキュリティー企業、ノヴェッタ・ソリューションズ(Novetta Solutions)は、今月半ば、暫定版の報告書を発表し、問題のハッカー集団を「アクシオム(Axiom)」と名付けた上で、中国政府の支援を受けつつ、技術的に高度なサイバー諜報活動を展開していると指摘した。
今回、同社は、被害に遭った企業から集めた情報をもとに、完全版の報告書を発表した。内容的に多少、以前のブログ記事と重複するところもあるが、あらためて「アクシオム」に関して明らかになったことを記しておきたい。
最初に指摘しておきべきことは、このハッカー集団が中国政府と非常に近い関係にあるという点だ。たとえば、報告書によると、「アクシオム」が標的としているのは、中国の経済的な利益と競合する企業であることが多いという。とくに経済・金融、エネルギー、環境、ハイテク製品開発といった分野の企業が狙われる傾向にある。また、中国の政治的主張と対立するグループ、たとえば、中国の民主化や人権保護を求めるNGOやジャーナリストもまた、標的に加えられていた模様だ。
「アクシオム」は、こうした標的へのサイバー攻撃を仕掛けるために、簡易なものから特別に作製したものまで、実に多様な不正プログラムを駆使し、コンピューターへの浸透を試みる。具体的には、次のような不正プログラムが使われているという。
○ Zox family (ZoxPNG, ZoxRPC)/Gresim
○ Hikit
○ Derusbi
○ Fexel/Deputy Dog
○ Hydraq/9002/Naid/Roarur/Mdmbot
○ ZXShell/Sensode
○ PlugX/Sogu/Kaba/Korplug/DestroyRAT
○ Gh0st/Moudour/Mydoor
○ Poison Ivy/Darkmoon/Breut
こうした不正プログラムに感染したコンピューターは、分かっているだけでも約43000万台、しかもその拡がりは、「フォーチュン500(Fortune 500)」にランキングされる大手企業や学術的な研究機関、そして、政府機関にも及んでいるという。また、地域的には、アメリカをはじめとして、韓国、台湾、日本、欧州連合(EU)が主だった標的になっていたようだ。ちなみに、報告書では、「Hikit」の感染例が次のように列挙されている。
● Asian and Western government agencies responsible for:
○ Government records and communications agencies
○ Law enforcement
○ Environmental policy
○ Personnel management
○ Space and aerospace exploration and research
○ Government auditing and internal affairs
● Electronics and integrated circuit manufacturers
● Networking equipment manufacturers
● Internet based services companies
● Software vendors, especially in the APAC region
● Journalism and media organizations
● NGOs, specifically those which deal with human rights or environmental policy
● International Consulting and analysis firms
● Law firms with an international or heavy M&A financial footprint
● Telecommunications firms
● Manufacturing conglomerates
● Venture Capital firms
● Energy firms
● Meteorological Services Companies
● Cloud Computing companies
● Pharmaceutical companies
● Highly regarded US Academic Institutions
さらに、「アクシオム」は、中国政府への不満を抑え、国内の秩序を安定させるために、国外に亡命した中国人だけでなく、国内で生活している中国人までも標的としたサイバー攻撃を仕掛けている可能性があるという。実際、中国や香港にある学術的な研究機関(大学など)では、「Hikit」と関連する不正プログラムが発見されており、おそらく中国内部でリベラルな思想が拡散しないように監視しているのではないかと見られている。
ただし、「アクシオム」の挙動は、不正プログラムに感染させることによってシステムを破壊することではなく、基本的には情報を収集することに向けられている。そのため、報告書では、「アクシオム」の背後にいるのは、人民解放軍ではなく、中国の情報機関(たとえば、国家安全部)であろうとの見方を示している。
このほか、報告書全体としては、30ページのほどの分量だが、テクニカルな分析も掲載されており、実に興味深い内容になっている。中国のハッカー事情に関心のある人は、ぜひ一読されるとよいだろう。
ちなみに、今回の報告書について、中国当局は、「まったくの作り話だ」とコメントしている。
【関連資料】
Operation SMN: Axiom Threat Actor Group Report
Novetta Solutions, October 2014.
【関連記事】
"Researchers identify sophisticated Chinese cyberespionage group"
Washington Post, October 28, 2014.
"China-Backed Hacking Group Axiom Said To Have Attacked 43,000 Computers"
International Business Times, October 28, 2014.
"New Chinese Cyber-Espionage Group Exposed"
News Factor, October 28, 2014.
【緊急拡散】JTBの情報流出事件、犯人は中国政府だった!!! ウィルスを使ったサイバー攻撃の手口が ヤ バ す ぎ る !!! 2ch「パスポート番号はヤバい」「偽造カード作れるな」
884 :名無しさん@おーぷん:2016/06/15(水)10:12:44 ID:h13
じゃあのさんからお知らせ
カミカゼ @mynamekamikaze
サイバーテロ情報 緊急拡散
今回のJTBの顧客流出事案は、中国政府と関係のあるハッカー集団のアクシオムが主に使ってるPlugXと判明
中国からのサイバー攻撃の可能性有り
各自ネットセキュリティ等の強化を願う
https://twitter.com/mynamekamikaze/status/742834471280377857
1 :孤高の旅人 ★:2016/06/15(水) 04:33:37.13 ID:CAP_USER9.net
JTB パソコンを遠隔操作するウイルスに感染か
6月15日 4時26分
大手旅行会社「JTB」が管理する大量の個人情報が外部に流出したおそれがある問題で、パソコンを遠隔で操作できるようにする「PlugX」と呼ばれるコンピューターウイルスに感染した疑いがあることが関係者への取材で分かりました。警視庁は感染したウイルスの詳しい分析を進めています。
この問題で大手旅行会社「JTB」は、顧客の個人情報を管理するグループ会社のサーバーが「標的型メール」によるサイバー攻撃を受けていたことを、14日の会見で明らかにしました。関係者によりますと、感染したのはパソコンを遠隔で操作できるようにする「PlugX」と呼ばれるコンピューターウイルスの疑いがあるということです。
セキュリティー会社によりますと、「PlugX」は政府機関や大手企業など特定の組織を狙う標的型のサイバー攻撃で、4年前ごろから使われ、感染させるとサーバーやパソコンにある情報を引き出すことができるということです。
この問題で、先月末にJTBから被害の相談を受けた警視庁は、不正指令電磁的記録供用などの疑いを視野に感染したウイルスの詳しい分析を進めています。
http://www3.nhk.or.jp/news/html/20160615/k10010556801000.html
「大手旅行会社『JTB』が管理する大量の個人情報が外部に流出したおそれがある問題」
「感染したのはパソコンを遠隔で操作できるようにする『PlugX』と呼ばれるコンピューターウイルスの疑い」
「『PlugX』は政府機関や大手企業など特定の組織を狙う標的型のサイバー攻撃」
8 :名無しさん@1周年:2016/06/15(水) 04:48:05.11 ID:bc1gzpWn0.net
こういうのの保険ってないの?
16 :名無しさん@1周年:2016/06/15(水) 05:05:53.88 ID:M2HqXVuM0.net
パスポート番号を気軽に保持しておくとか
そらアカンわ
14 :名無しさん@1周年:2016/06/15(水) 05:01:22.46 ID:9zpeXPME0.net
標的型を食らうなんてド素人かよ
12 :名無しさん@1周年:2016/06/15(水) 04:57:39.61 ID:b37DQKNo0.net
「見積依頼」とか紛らわしい件名のメールが多くて困る
25 :名無しさん@1周年:2016/06/15(水) 05:24:37.62 ID:cl291KMy0.net
くそ雑魚なうちの会社ですら
メールと顧客情報のPCは別れているというのに
(サーバー管理部門だけ切り離して子会社にしたのか?)
20 :名無しさん@1周年:2016/06/15(水) 05:10:11.96 ID:oXmmUH920.net
社外でいろんな端末使うだろうし
セキュリティゆるそうな会社
9 :名無しさん@1周年:2016/06/15(水) 04:53:34.26 ID:CERNlAfyO.net
関連会社ってのがミソだな。
本社のファイアウォールを高くしても、
グループ内からのアクセスには弛いところが絶対に残る。
10 :名無しさん@1周年:2016/06/15(水) 04:56:36.25 ID:X6l1SJnh0.net
>>9
どんなに堅牢なセキュリティシステム構築しても
中で働いている個々人が
セキュリティに対する意識薄かったり
無防備なら簡単に破られる。
怪しい添付メールホイホイ開くやつ多すぎ。
11 :名無しさん@1周年:2016/06/15(水) 04:57:38.48 ID:xNL4QiSq0.net
バカやって漏らした社員の個人情報は
そいつの名前すら発表しない
顧客より守られちゃってますねー
41 :名無しさん@1周年:2016/06/15(水) 06:07:46.80 ID:V7CMihyS0.net
>顧客の個人情報を管理するグループ会社のサーバー
代理店、各支店からの端末も
ウィルス感染したサーバーに接続している筈
44 :名無しさん@1周年:2016/06/15(水) 06:14:25.78 ID:XxUwiSam0.net
こういうのって防ぐ事出来るのにな
なに外部と接触出来るPCと個人情報取り扱えるPCを
一緒または接続出来るようにしてんだよ
(パナマ文書に載ってない方の航空会社が踏み台に…)
1 : ◆HeartexiTw 胸のときめきφ ★(★ 99b9-YuwK):2016/06/16(木) 05:59:05.28 ID:CAP_USER9.net
JTB個人情報流出 ウイルス添付のメールは全日空からを装う
6月16日 4時10分
大手旅行会社「JTB」の個人情報を狙ったサイバー攻撃で感染の発端となったコンピューターウイルスが添付されたメールは、送信元のアドレスや内容がふだんから業務でやり取りがある航空会社の全日空から送られたように装ったものであったことが関係者への取材で分かりました。
この問題は、JTBのグループ会社がサイバー攻撃を受けて、およそ793万人分の顧客の個人情報が流出したおそれがあるもので、問題の発端はことし3月、会社に送られたメールの添付ファイルを開いてしまいウイルスに感染したことでした。
社内では、不用意に添付ファイルを開かないよう指導されていましたが、ウイルスが添付されたメールは発信元のアドレスに「ana」の文字があり、タイトルも「航空券控え添付のご連絡」とふだんから業務でやり取りがある全日空から送られたように装ったものであったことが関係者への取材で分かりました。
・・・
http://www3.nhk.or.jp/news/html/20160616/k10010557971000.html
「ウイルスが添付されたメール:航空会社の全日空から送られたように装ったもの」
「発信元のアドレスに『ana』の文字」
「タイトルも『航空券控え添付のご連絡』」
3 :名無しさん@1周年 (アークセー Sx55-qS7w):2016/06/16(木) 06:00:00.86 ID:Z5syeeGkx.net
JCBだと思って戦慄した
2 :名無しさん@1周年 (アウアウ Sa31-ntlg):2016/06/16(木) 05:59:37.65 ID:Ak5lyrSwa.net
穴だったのか
46 :名無しさん@1周年 (ワッチョイW 1882-ntlg):2016/06/16(木) 07:39:46.56 ID:e2VyVXTU0.net
>>2
俺は好きだぞ
7 :名無しさん@1周年 (ワッチョイ 203c-4fuR):2016/06/16(木) 06:04:01.88 ID:EP4CPEkN0.net
全日空を装うメールで顧客情報を全抜っ空てか、ガハハ
5 :名無しさん@1周年 (ワッチョイ 631b-6iFS):2016/06/16(木) 06:01:34.43 ID:ixL9DiyZ0.net
と言うか、ウイルススキャンもしないで
メールを開いてるのか?
それとも、スキャンに引っかからない新種だったのか?
6 :名無しさん@1周年 (ワッチョイW 2357-ntlg):2016/06/16(木) 06:02:56.76 ID:1p/C4MCc0.net
>>5
普通ドメインで弾くだろ
8 :名無しさん@1周年 (ワッチョイ 631b-6iFS):2016/06/16(木) 06:04:40.06 ID:ixL9DiyZ0.net
>>6
ドメイン偽装されてたら駄目じゃね?
うちでさえノートン先生が勝手にスキャンしてくれるのに
16 :名無しさん@1周年 (ワッチョイW 2357-ntlg):2016/06/16(木) 06:12:09.14 ID:1p/C4MCc0.net
>>8
?
ホワイトリスト方式で物理アドレスも確認すればイイだろ
保護管理すべきデータが存在するなら
アクセスを自由にするのがアホ
(JTBも汚鮮されてるのか?)
13 :名刺は切らしておりまして:2016/06/17(金) 19:26:50.47 ID:JYeY71pK.net
ここって何で毎年
就職人気ランキングがバカ高なの?
手配と添乗がそんなにいいかねえ
25 :名無しさん@1周年 (ワッチョイ 6379-iMfM):2016/06/16(木) 06:47:05.32 ID:QRLClqIB0.net
これ絶対内部犯行だろ、
就職人気企業ランキング詐欺の
ブラック企業JTBだもの。
64 :名無しさん@1周年:2016/06/15(水) 07:19:49.92 ID:Gk2wpH9I0.net
どうせ内部の人間の仕業
38 :名無しさん@1周年 (オッペケ Sr55-qS7w):2016/06/16(木) 07:20:53.07 ID:GK92HGTqr.net
標的型って危ないとかいうけれど、
最近のウイルススキャンはヒューリスティック分析とかで、
定義ファイル以外の対応してるから、
引っ掛かる可能性って極めて少ないのでは?
JTBの内部通でITに詳しい奴じゃないと
ウイルス作成できないだろ。
一番変なのは、感染したパソコンから
データベースサーバーに
アクセスできちゃうところ。
サーバーのアクセス制限なかったのかな?
65 :名無しさん@1周年:2016/06/15(水) 07:20:15.59 ID:fAuikykq0.net
創価学会が諸悪の根源です><
(問題がどんどん広がってるぞ)
1 :海江田三郎 ★:2016/06/17(金) 13:29:17.18 ID:CAP_USER*.net
提携会社の顧客情報も流出か JTB問題
2016/6/17 13:23
JTB子会社のサーバーから顧客情報約793万人分が流出したとされる問題で、流出した顧客情報の中に提携する2社の顧客情報が含まれていることが17日、分かった。2社は「ディー・エヌ・エー(DeNA)」「KDDI」で、宿の手配の委託などのためJTBに伝えた顧客情報が流出した恐れがあるという。
JTBは流出の可能性のある提携企業名を公表していなかった。
情報流出の恐れがある顧客情報はDeNAが手がける予約サイト「DeNAトラベル」の約6500人分、KDDIの「auトラベル」の約4400人分という。
http://www.nikkei.com/article/DGXLASDG17H22_X10C16A6CC0000/
「流出した顧客情報の中に提携する2社の顧客情報が含まれている」
「『DeNAトラベル』の約6500人分、KDDIの『auトラベル』の約4400人分」
6 :名刺は切らしておりまして:2016/06/17(金) 13:54:06.93 ID:3Su+ySbX.net
>>1
システムに問題ありすぎだろ
ば~~~~~~~~~か
何で何か所にも個人データが分散するんだよ あほ
3 :名刺は切らしておりまして:2016/06/17(金) 13:41:40.95 ID:SV35NosX.net
トラベル止めてトラブルに改名しろ
4 :名刺は切らしておりまして:2016/06/17(金) 13:43:28.28 ID:l2/Lb8o/.net
添付ファイルのexeをダブルクリックして
警告を無視した結果がこれって報告書に書いてたよね
(他はともかくパスポート番号だけはガチでヤバイ)
9 :名刺は切らしておりまして:2016/06/17(金) 14:10:24.92 ID:dwwbhiHf.net
だから漏らしたJTBはどうすんだよ、
パスポートなんてSクラスの個人情報だぞ。
意図的じゃない個人情報なら漏らし放題なのかね。
45 :名無しさん@1周年:2016/06/15(水) 06:18:40.68 ID:domsyJ1E0.net
パスポート狙いだろ
知らない間にどこかの国で
お尋ね者になってたりするわけか胸熱
18 :名無しさん@1周年:2016/06/15(水) 05:06:29.80 ID:t4fDzTSg0.net
洒落にならない
パスポート悪用されて
海外で拘束されたり
20 :名無しさん@1周年 (アウアウ Saed-0jBH):2016/06/16(木) 06:28:35.86 ID:CrNAMbjLa.net
偶然じゃなくて意図的に狙い撃ちされたな
パスポートは洒落にならないな
組織犯罪に使うんだろう
61 :名無しさん@1周年 (ワッチョイ d151-6iFS):2016/06/16(木) 08:36:14.45 ID:U6qf0MpX0.net
俺も盗まれてそうなんだが連絡?はまだ来てない
パスポートの情報なんてなりすますには万能だろ?
個人情報を盗まれた客はどうやって自衛すればいいんだ?
12 :名無しさん@1周年 (ワッチョイW 2357-ntlg):2016/06/16(木) 06:07:47.57 ID:1p/C4MCc0.net
パスポートのicチップ情報を抜かれたんじゃねーの?
クレジットカード
成りすまし犯罪に使われるだろ
119 :名無しさん@1周年:2016/06/15(水) 10:15:10.25 ID:4a6P8J0u0.net
パスポート番号流出とか。
勝手にクレジットカードとか
銀行口座作られちゃったらどうするの?
パスポート再発行の料金でるかな?
19 :名無しさん@1周年:2016/06/15(水) 05:08:05.39 ID:faa3qOd70.net
パスポート番号の一斉変更となったら
凄まじい手間だろうな
196 :名無しさん@1周年:2016/06/15(水) 20:49:56.20 ID:dA86dHld0.net
パスポート再発行の費用も負担せにゃならんし、
ひとり2万ぐらいだな。
(なりすまし日本人が大量発生で中国人が大量に入り込み…)
79 :名無しさん@1周年:2016/06/15(水) 07:46:56.71 ID:wYe0AaM10.net
中国と関係の深い
アクシオムが関わってる
って出てこないな
49 :名無しさん@1周年 (ワッチョイW 89d0-qS7w):2016/06/16(木) 07:56:02.32 ID:66aUTdzx0.net
JTB、中国人、で偽造カード作れるなぁ
店とグルになり口座開設…
34 :名無しさん@1周年:2016/06/15(水) 05:56:25.64 ID:4sgSyG4m0.net
アンチウイルスソフトくらい入れとけよ・・・
46 :名無しさん@1周年:2016/06/15(水) 06:23:49.42 ID:X6l1SJnh0.net
>>34
攻撃者はウィルスを送る前に専用のサイトで今出回ってる
アンチウィルスソフトすり抜けるかチェックしてるけどな。
203 :名無しさん@1周年:2016/06/15(水) 21:28:38.79 ID:NGFHHQ1F0.net
>>34
標的ガタはそれをすり抜けるタイプだから仕方ない
うっかりやっちゃうタイプだよ
俺も中国で仕事中に冗談で
同僚から仕掛けられてうっかりハマったわ
しかもそれが学生(バイト)だから、中国は恐ろしい
186 :名無しさん@1周年:2016/06/15(水) 18:12:43.46 ID:PsrbXBw70.net
日本人に背乗りしたい
中国の無戸籍児「黒孩子(ヘイハイズ)」
が(ry
114 :名無しさん@1周年:2016/06/15(水) 10:11:11.91 ID:xFu58az00.net
パスポート番号漏れてるってよくよく考えたら深刻だな。
偽造されることってあるんだろうか。
icチップが入ってるからまあ安心とは思うけど
こんな事やらかす奴らは
頭いいだろうから何をやるかわからんし。
最悪どこかの国に旅行したら
すでにこのパスポート番号の人間は
入国してるとして
なりすまししてるんじゃないかと
拘束される可能性も出てくるかもな。
そうなったらJTBに損害請求できるのかな。
150 :名無しさん@1周年:2016/06/15(水) 10:57:18.75 ID:tdAH1RND0.net
>>114
テロリストやスパイや犯罪者などの偽造パスポートに
利用される可能性はあるよね
どうせやったのは中国だろうから
中国人犯罪者やスパイが
日本人に成りすまして…
205 :名無しさん@1周年:2016/06/15(水) 21:33:45.15 ID:NGFHHQ1F0.net
>>1
一つだけ断言できるのは、
1度旅行してそのままな人や数年未旅行な人は
パスポート偽造の対象にされやすいから、
JTBに登録経験がある人は確認した方がいいよ
中国分裂、朝鮮真空パック 第41夜
http://toro.open2ch.net/test/read.cgi/occult/1464524279/
【サイバー攻撃】JTB パソコンを遠隔操作するウイルスに感染か[NHK][06/15]
http://ai.2ch.sc/test/read.cgi/newsplus/1465932817/
【社会】JTB個人情報流出、ウイルス添付のメールは全日空からを装う
http://ai.2ch.sc/test/read.cgi/newsplus/1466024345/
【企業】DeNA、KDDIの顧客情報も流出か JTB問題
http://anago.2ch.sc/test/read.cgi/bizplus/1466137757/
http://toro.open2ch.net/test/read.cgi/occult/1464524279/
【サイバー攻撃】JTB パソコンを遠隔操作するウイルスに感染か[NHK][06/15]
http://ai.2ch.sc/test/read.cgi/newsplus/1465932817/
【社会】JTB個人情報流出、ウイルス添付のメールは全日空からを装う
http://ai.2ch.sc/test/read.cgi/newsplus/1466024345/
【企業】DeNA、KDDIの顧客情報も流出か JTB問題
http://anago.2ch.sc/test/read.cgi/bizplus/1466137757/
[New Tojin = rice Chinese satellite TV headquartered in NY] http://jp.ntdtv.com/ [new Tojin November 08, 2014] the United States Federal Bureau of Investigation, the hacker group the FBI, which is supported by the Chinese Communist Party authorities but, it has been accused of stealing important data from the American government and business over a long period of time, the CCP is much stronger denial, it has been refuted. The other day, was organized at the famous information security company in the United States, "National Cyber Security Federation" has announced the latest report. According to it, the hacker population with state-of-the-art hacker techniques that are supported by the Chinese government, invaded the government and the company for many years around the world, not only had stolen the data, China inside and outside of the different opinions people and democratic movement organizations It was also carried out to monitor and cyber attack for many years to.
According to the Voice of America, including the Novetta Solutions (Novetta Solutions), Microsoft, Cisco, Fire eye, was organized by the United States of information security companies 10 several companies, such as Symantec, "the National Cyber Security Federation" is October 28 day, announced today that it has identified a Chinese hacker group, was named "Axiom (Axiom)".
This population is at least four years ago, government agencies and companies around the world (including the companies of the Fortune Global 500), reporter, energy companies, human rights organizations, with respect to such as China and abroad of different opinions who, cyber attacks and surveillance the has done, is that of the implanted malicious software to 43,000 units or more computers.
This little ago, FBI also the Chinese government system hacker population with advanced technology, was a warning of that steal important information of American companies and government over a long period of time.
According to the FBI, the hacker group that has been supported by the Chinese government, "Axiom (Axiom)," is not only capital-rich, has the advanced technology and abundant cyber attack experience, in stealth and maneuverability, it is outpacing larger cyber attack troops, "61,398 troops" that have been revealed last year.
"National Cyber Security Federation" is also, I put the same conclusion as the FBI. October 28, with the Washington Post, CEO of Novetta Solutions (CEO), to quote the words of Mr. Peter La Montagne, Axiom (Axiom) is like being supported by the Chinese government, now among the seen have Chinese cyber espionage organization until I pointed out to have a state-of-the-art technology.
In addition, according to experts and the FBI of "National Cyber Security Federation", Axiom is mainly has been spying for the monitoring and companies of different opinions who, likely to be the jurisdiction of the information department in charge of China's domestic safety is that of a high.
http://blog.livedoor.jp/intel_news_reports/archives/40804219.html
US FBI, warning of the presence of the Chinese government support of the hacker group "Axiom" - ability both over to the "61,398 troops."
category:
News
US & Canada
According to the place where novetta_cybersecurity_exec_summary-315_Nichizukeno "Washington Post" has reported, the United States Federal Bureau of Investigation (FBI), the hacker group that has been supported by the Chinese government, stealing important data from the US government and companies over a long period of time it was found to have issued a warning that there.
The warning, there is under the umbrella of the third part of the total staff part the Chinese People's Liberation Army, Shanghai compared to the "first 61,398 troops" doing the cyber attack as a base, "the hacker population, confidentiality and mobility in the surface, it has been pointed out that much winning. " Also from the United States government officials, "Washington Post" was interviewed, comparable to the "61,398 troops", or seem a view that has more significance has been shown.
Similar warning, in order to share information and resources related to malware, Symantec (Symantec) and FireEye (FireEye) such as, mainly computer security organized projects by companies, "operation SMN (Operation SMN)" It has been issued from. According to the Novetta Solutions to lead this project (Novetta Solutions) report released by the (abridged version), the hackers of the problem, has been named the "Axiom (Axiom)," the financially abundant and advanced technology that it carried out espionage activities in cyber that has. In addition, a pattern that was working freely from at least four years ago.
The main target is, economic and financial, energy, environment, in the main companies in areas such as high-tech product development, it has carried out espionage activities in accordance with the strategic interests of China. Moreover, the means to be used in order to enter the network is diverse, that are elaborately to devise the less likely to be found in companies that have suffered damage.
It should be noted that, for the technology and tactics that "Axiom" is used, for example, by collecting information from companies that have a victim, is in the process of being still continue to be investigated yet. As the "operation SMN", after two weeks, since it is scheduled to announce a detailed report, people who want to know technical analysis is, it would be better to wait for there is coming out.
【Related Documents】
Cyber Security Coalition: Executive Summary
Novetta Solutions, October 2014.
【Related article】
"FBI warns industry of Chinese cyber campaign"
Washington Post, October 15, 2014.
"" The Chinese hacker group that government-supported long-term strategy development "the FBI surpass warning stealth and mobility to" 61,398 troops. ' "
"Sankei news" (October 17, 2014)
"FBI, etc., very high alert" technical capabilities of the presence of the Chinese government hackers ""
"Epoch Times" (October 17, 2014)
US security company, report presentation on Chinese hacker group "Axiom"
category:
Reports
China, Taiwan & Korea
Executive_Summary-Final_1 the other day, as has been introduced in this blog, the United States Federal Bureau of Investigation (FBI), the Chinese People's Liberation Army cyber forces, comparable to the first 61,398 troops, or, there is a hacker group of Chinese with more capacity and, as stealing critical data from US government agencies and companies over a long period of time, it issued a warning.
American security companies that were analyzed this hacker group, Novetta Solutions (Novetta Solutions) is, the middle of this month, announced a preliminary version of the report, the hacker group of problems in named "Axiom (Axiom)", China while the support of the government, pointed out that technically deploy a sophisticated cyber espionage.
This time, the company, based on the information collected from companies that have been the victim, has announced the full version of the report. Content to some, but there is also a place that overlap with the previous blog post, I want to noted that it has become clear with respect again "Axiom".
The first thing to point out to is, it that this hacker group is in a very close relationship with the Chinese government. For example, according to the report, the "Axiom" is targeted, that is often a company that competes with the economic interests of China. In particular, there is a tendency that the economic and financial, energy, environment, companies in areas such high-tech product development is targeted. In addition, a group opposed to political claims of China, for example, also, it appears to have been added to the target NGO and journalists seek the democratization and human rights protection in China.
"Axiom", in order to launch a cyber attack on these targets, to those made specially from those simple, making full use of very wide variety of malware, attempts to penetrate the computer. Specifically, that the malicious program such as the following is used.
○ Zox family (ZoxPNG, ZoxRPC) / Gresim
○ Hikit
○ Derusbi
○ Fexel / Deputy Dog
○ Hydraq / 9002 / Naid / Roarur / Mdmbot
○ ZXShell / Sensode
○ PlugX / Sogu / Kaba / Korplug / DestroyRAT
○ Gh0st / Moudour / Mydoor
○ Poison Ivy / Darkmoon / Breut
Such a malicious program infected the computer, found alone about 430 million units are, yet its spread is, "Fortune 500 (Fortune 500)" major companies and academic research institutions are ranking, and, to government agencies that also extends. In addition, the regional, including the United States, South Korea, Taiwan, Japan, seems to the European Union (EU) had become the target was the main. Incidentally, in the report, infection Examples of "Hikit" are listed as follows.
● Asian and Western government agencies responsible for:
○ Government records and communications agencies
○ Law enforcement
○ Environmental policy
○ Personnel management
○ Space and aerospace exploration and research
○ Government auditing and internal affairs
● Electronics and integrated circuit manufacturers
● Networking equipment manufacturers
● Internet based services companies
● Software vendors, especially in the APAC region
● Journalism and media organizations
● NGOs, specifically those which deal with human rights or environmental policy
● International Consulting and analysis firms
● Law firms with an international or heavy M & A financial footprint
● Telecommunications firms
● Manufacturing conglomerates
● Venture Capital firms
● Energy firms
● Meteorological Services Companies
● Cloud Computing companies
● Pharmaceutical companies
● Highly regarded US Academic Institutions
In addition, "Axiom" is, to suppress the dissatisfaction of the Chinese government, in order to stabilize the domestic order, not only the Chinese who fled the country, even cyber attack that target until the Chinese people who live in the country that there is a possibility that mechanism. In fact, in China and academic research institutions in Hong Kong (such as universities), have been discovered malicious program that is associated with "Hikit", probably of liberal thought within China is monitoring so as not to spread It is seen as or not.
However, the behavior of "Axiom" is not to disrupt the system by infecting malware are directed to basically collect information. Therefore, in the report, are you behind the "Axiom", rather than the People's Liberation Army, shows the view that it will be China's intelligence agencies (for example, national security section).
In addition, as the entire report, but the quantity of about 30 pages, technical analysis has also been published, it has become really interesting content. People who are interested in Chinese hackers circumstances, would be may by all means be read.
By the way, for this time of the report, the Chinese authorities have commented that "It's exactly the apocryphal".
【Related Documents】
Operation SMN: Axiom Threat Actor Group Report
Novetta Solutions, October 2014.
【Related article】
"Researchers identify sophisticated Chinese cyberespionage group"
Washington Post, October 28, 2014.
"China-Backed Hacking Group Axiom Said To Have Attacked 43,000 Computers"
International Business Times, October 28, 2014.
"New Chinese Cyber-Espionage Group Exposed"
News Factor, October 28, 2014.
[Emergency diffusion] JTB of information leakage incidents, the culprit was the Chinese government! ! ! Modus operandi of cyber attacks using the virus Ru ya bus tricks! ! ! 2ch "passport number is dangerous," "Do not make counterfeit cards"
884: Anonymous @ Open: 2016/06/15 (Wed) 10:12:44 ID: h13
Well let us know that's
Kamikaze @mynamekamikaze
Cyber terrorism information emergency diffusion
Customer outflow cases of this time of JTB is found to PlugX the Axiom of hacker population of relationship with the Chinese government is using mainly
There is a possibility of a cyber attack from China
Hope to strengthen their own such as network security
https://twitter.com/mynamekamikaze/status/742834471280377857
1: Lone traveler ★: 2016/06/15 (water) 04: 33: 37.13 ID: CAP_USER9.net
Or infected with JTB PC virus to remote control
June 15, 4 hour 26 minutes
A large amount of personal information that major travel company "JTB" to manage is a problem there is a possibility that was leaked to the outside, to be able to operate the computer with the remote that there is infection was suspected to computer virus called "PlugX" officials It was found in an interview to. Tokyo Metropolitan Police Department is promoting a detailed analysis of the infected virus.
Major travel company "JTB" in this issue, that the group company of the server that manages the personal information of customers had received the cyber attacks "targeted e-mail", has revealed in a press conference of 14 days. And it depends on the person concerned, is that there is a suspicion of computer virus called to be able to remotely control a PC "PlugX" the infected.
That and depends on the security company, "PlugX" in the cyber attacks targeted to target specific tissues, such as government agencies and major corporations, used since about four years ago, when the infection can be drawn information on the server or PC thing.
In this problem, the Metropolitan Police Department is receiving a consultation of the damage from JTB at the end of last month, we are promoting a detailed analysis of the virus that infected the suspicion of fraud directive electromagnetic record-service in the field of view.
http://www3.nhk.or.jp/news/html/20160615/k10010556801000.html
"A large amount of personal information that major travel company" JTB "to manage the risk there is a problem that has flowed out to the outside."
"I infected the doubt of computer virus called to be able to remotely control a PC" PlugX ' "
"" PlugX "cyber attack targeted targeting specific tissues, such as government agencies and major corporations."
8: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 48: 05.11 ID: bc1gzpWn0.net
Are not I like this the insurance?
16: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 05: 53.88 ID: M2HqXVuM0.net
Toka the passport number should feel free to hold
Sora Akan
14: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 01: 22.46 ID: 9zpeXPME0.net
Or de amateur Nante eat the target type
12: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 57: 39.61 ID: b37DQKNo0.net
Troubled by many e-mail of misleading subject line or "RFQ"
25: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 24: 37.62 ID: cl291KMy0.net
Even the shit company of a small fish
To say that PC mail and customer information is farewell
(Did the subsidiary detach only server management department?)
20: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 10: 11.96 ID: oXmmUH920.net
It will use various terminal Outside
Security loose likely company
9: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 53: 34.26 ID: CERNlAfyO.net
The I affiliates That's miso.
Also by increasing the headquarters of the firewall,
Tayui place remains absolutely for access from within the group.
10: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 56: 36.25 ID: X6l1SJnh0.net
>> 9
It is constructed, no matter how robust security system
The individuals who are working in the middle
Or consciousness thinner for security
Be broken if the simple defenseless.
Open suspicious attached mail Hui guy too much.
11: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 57: 38.48 ID: xNL4QiSq0.net
Personal information of employees who leaked doing idiot
Not even announced that person of the name
We've got protected from customer
41: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 06: 07: 46.80 ID: V7CMihyS0.net
> Group company for the server you want to manage the personal information of the customer
Agency, also terminal from each branch
Should you are connected to the virus infected server
44: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 06: 14: 25.78 ID: XxUwiSam0.net
It wishes can it prevent this kind of I
What external contact can be PC and personal information handled PC
We were together or can be connected as
(... Airline of person who is not listed in the Panama document is a stepping stone)
1: ◆ HeartexiTw chest crush φ ★ (★ 99b9-YuwK): 2016/06/16 (Thursday) 05: 59: 05.28 ID: CAP_USER9.net
Mail JTB personal information outflow virus attached feign from All Nippon Airways
June 16, 10 pm 4
Major travel company "JTB" computer virus, which became the beginning of the infection in the cyber attack that was used to steal people's personal information is attached e-mail, the address and the contents of the transmission source is sent from All Nippon Airways for airlines that exchanged business from the usual It was as it were those disguised as was found in an interview to the officials.
This problem, JTB Group companies received a cyber attack, but the customer's personal information of approximately 7,930,000 persons and there is a fear that has flowed out, the beginning of the problem March this year, the e-mail sent to the company was to infected with the virus will open the attachment.
In the house, but had been instructed not to open inadvertently attached file, e-mail virus is attached has a character of "ana" to the originator of the address, the title also, "please contact the flight ahead of the accompanying" If it were those claiming to be sent from the ANA that there is exchanged business from usually it was found in an interview to the officials.
...
http://www3.nhk.or.jp/news/html/20160616/k10010557971000.html
"Virus is attached mail: those claiming to be sent from the airline All Nippon Airways"
"Character of" ana "to the source of the address."
"Titles," please contact the flight ahead of the accompanying ' "
3: Anonymous @ 1 anniversary (Akuse Sx55-qS7w): 2016/06/16 (Thursday) 06: 00: 00.86 ID: Z5syeeGkx.net
Was horror I think the JCB
2: Anonymous @ 1 anniversary (Auau Sa31-ntlg): 2016/06/16 (Thursday) 05: 59: 37.65 ID: Ak5lyrSwa.net
What was the hole
46: Anonymous @ 1 anniversary (Watchoi W 1882-ntlg): 2016/06/16 (Thursday) 07: 39: 46.56 ID: e2VyVXTU0.net
>> 2
I like
7: Anonymous @ 1 anniversary (Watchoi 203c-4fuR): 2016/06/16 (Thursday) 06: 04: 01.88 ID: EP4CPEkN0.net
Sky customer information Tsu all unplug by e-mail pretending to ANA Heck, heehaw
5: Anonymous @ 1 anniversary (Watchoi 631b-6iFS): 2016/06/16 (Thursday) 06: 01: 34.43 ID: ixL9DiyZ0.net
Or rather, not even virus scanning and
Whether they open the mail?
Or was a new species that do not catch on the scan?
6: Anonymous @ 1 anniversary (Watchoi W 2357-ntlg): 2016/06/16 (Thursday) 06: 02: 56.76 ID: 1p / C4MCc0.net
>> 5
It will play in the usual domain
8: Anonymous @ 1 anniversary (Watchoi 631b-6iFS): 2016/06/16 (Thursday) 06: 04: 40.06 ID: ixL9DiyZ0.net
>> 6
I Ja useless If you have been domain disguise?
To Norton teacher us to scan without permission even out
16: Anonymous @ 1 anniversary (Watchoi W 2357-ntlg): 2016/06/16 (Thursday) 06: 12: 09.14 ID: 1p / C4MCc0.net
>> 8
?
Be nice if confirmed physical address in the white list system
If the data to be protected management exists
Aho is to free access
(What have JTB also Kitana鮮?)
13: business cards Orimashi gasping: 2016/06/17 (Fri) 19: 26: 50.47 ID: JYeY71pK.net
What every year I here
Employment Popularity Index's the stupid high?
Or arrange a tour so much Likes
25: Anonymous @ 1 anniversary (Watchoi 6379-iMfM): 2016/06/16 (Thursday) 06: 47: 05.32 ID: QRLClqIB0.net
This would absolutely internal crime,
Employment popular corporate rankings fraud
Black companies in what's JTB.
64: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 07: 19: 49.92 ID: Gk2wpH9I0.net
The work of anyway inside of human beings
38: Anonymous @ 1 anniversary (Oppeke Sr55-qS7w): 2016/06/16 (Thursday) 07: 20: 53.07 ID: GK92HGTqr.net
But say Toka dangerous I targeted,
Recent virus scan is Toka heuristic analysis,
Since correspond non definition file,
Very few of the is it can be trapped?
If not a guy familiar with the IT inside passage of JTB
You will not be able to create the virus.
From the most strange thing is, the infected PC
To database server
Where you can access.
I wonder if the server was no access restrictions?
65: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 07: 20: 15.59 ID: fAuikykq0.net
Soka Gakkai is the root of all evil> <
(Problem is spreading rapidly)
1: Saburo Kaieda ★: 2016/06/17 (gold) 13: 29: 17.18 ID: CAP_USER * .net
Also outflow or JTB problem customer information of the tie-up company
2016/6/17 13:23
From JTB subsidiary server issues that customers information about 7,930,000 persons is to have outflow, two companies of customer information to partner in the leaked customer information that is contained in 17 days, was found. Two companies in the "DeNA (DeNA)," "KDDI", that there is a possibility that the customer information that was conveyed to the JTB, such as for consignment of accommodation arrangements was spilled.
JTB had not announced a partnership company names of possible outflow.
Information customer information there is a risk of outflow is about 6500 persons booking site had their DeNA "DeNA travel", of about 4400 persons of "au travel" of KDDI.
http://www.nikkei.com/article/DGXLASDG17H22_X10C16A6CC0000/
"Two companies of customer information to partner in the leaked customer information has been included."
"" DeNA Travel "about 6500 persons of, about 4400 persons of" au travel "of KDDI"
6: business cards Orimashi gasping: 2016/06/17 (Fri) 13: 54: 06.93 ID: 3Su + ySbX.net
>> 1
Probably too much problem with the system
Or place ~~~~~~~~~
What'm personal data are distributed to something office in Ajo
3: business cards Orimashi gasping: 2016/06/17 (Fri) 13: 41: 40.95 ID: SV35NosX.net
White renamed in trouble stopping travel
4: business cards Orimashi gasping: 2016/06/17 (Fri) 13: 43: 28.28 ID: l2 / Lb8o / .net
Double-click the exe attachments
I think the result of ignoring the warning was writing to report me this
(Dangerous other aside only passport number is apt)
9: business cards Orimashi gasping: 2016/06/17 (Fri) 14: 10: 24.92 ID: dwwbhiHf.net
So leaked was JTB How he lived,
But personal information of the S-Class Nante passport.
I wonder if Hodai of the leak, if not a deliberate personal information.
45: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 06: 18: 40.68 ID: domsyJ1E0.net
Probably passport aim
Somewhere in the country while you do not know
Some reason chest heat or become a wanted man
18: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 06: 29.80 ID: t4fDzTSg0.net
Not to pun
It is passport abuse
Or it is constrained abroad
20: Anonymous @ 1 anniversary (Auau Saed-0jBH): 2016/06/16 (Thursday) 06: 28: 35.86 ID: CrNAMbjLa.net
It was intentionally pick off without 's chance
I passport is not a joke
I wonder use to organized crime
61: Anonymous @ 1 anniversary (Watchoi d151-6iFS): 2016/06/16 (Thursday) 08: 36: 14.45 ID: U6qf0MpX0.net
I also I'm likely to be stolen, but contact? Not come yet
Probably universal to impersonate Nante passport information?
I say How do I self-defense customers stolen personal information?
12: Anonymous @ 1 anniversary (Watchoi W 2357-ntlg): 2016/06/16 (Thursday) 06: 07: 47.57 ID: 1p / C4MCc0.net
Of Ne Ja do was remove the ic chip information of the passport?
credit card
Spoofing will be used in crime
119: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 10: 15: 10.25 ID: 4a6P8J0u0.net
Passport number outflow Toka.
Toka arbitrarily credit card
How do If you wait too long and made bank account?
Kana out fee of passport re-issued?
19: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 08: 05.39 ID: faa3qOd70.net
Once it becomes a simultaneous change of the passport number
It would be tremendous effort
196: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 20: 49: 56.20 ID: dA86dHld0.net
Passport reissue of costs are also not burden NYA Naranshi,
It looks about alone 20,000.
(Chinese spoofing Japanese in mass generation enters a large amount ...)
79: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 07: 46: 56.71 ID: wYe0AaM10.net
Deep relationship with China
It is involved Axiom
It does not come out I
49: Anonymous @ 1 anniversary (Watchoi W 89d0-qS7w): 2016/06/16 (Thursday) 07: 56: 02.32 ID: 66aUTdzx0.net
JTB, Chinese, in Naa make counterfeit card
Open Account will store and guru ...
34: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 56: 25.64 ID: 4sgSyG4m0.net
I by putting much anti-virus software ...
46: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 06: 23: 49.42 ID: X6l1SJnh0.net
>> 34
The attacker has been around now in a dedicated site before sending the virus
But I have to check whether the anti-virus software slip through.
203: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 21: 28: 38.79 ID: NGFHHQ1F0.net
>> 34
Target backlash can not be helped because it is the type of slip through it
I type Bangs inadvertently
I even joke at work in China
Was addicted inadvertently been planted from a colleague
Moreover, it is so students (bytes), China is horrible
186: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 18: 12: 43.46 ID: PsrbXBw70.net
I want to back riding in Japanese
No family register children of China "heihaizi (Heihaizu)"
There (ry
114: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 10: 11: 11.91 ID: xFu58az00.net
That's serious When the well well thought I leaking passport number.
I wonder if there is I forged is it.
I think the Well peace of mind because ic chip is on
Guys that he 's going thing
I do know what do do because would be nice head.
When you travel to the worst anywhere in the country
Already human beings of this passport number
As it has been immigration
And I think we are spoofing
Maybe emerge chance of being restrained.
I wonder if can claim damages to JTB if that happened.
150: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 10: 57: 18.75 ID: tdAH1RND0.net
>> 114
The fake passport, such as terrorists and spies and criminals
I think there is a possibility to be used
Because was doing anyway would be China
The Chinese criminals and spies
Impersonating Japanese ...
205: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 21: 33: 45.15 ID: NGFHHQ1F0.net
>> 1
One of only can affirm is,
Once a person or a few years not travel a person as it is to travel
Since likely to be the subject of passport forgery,
You had better make sure people who have registered to experience JTB is
According to the Voice of America, including the Novetta Solutions (Novetta Solutions), Microsoft, Cisco, Fire eye, was organized by the United States of information security companies 10 several companies, such as Symantec, "the National Cyber Security Federation" is October 28 day, announced today that it has identified a Chinese hacker group, was named "Axiom (Axiom)".
This population is at least four years ago, government agencies and companies around the world (including the companies of the Fortune Global 500), reporter, energy companies, human rights organizations, with respect to such as China and abroad of different opinions who, cyber attacks and surveillance the has done, is that of the implanted malicious software to 43,000 units or more computers.
This little ago, FBI also the Chinese government system hacker population with advanced technology, was a warning of that steal important information of American companies and government over a long period of time.
According to the FBI, the hacker group that has been supported by the Chinese government, "Axiom (Axiom)," is not only capital-rich, has the advanced technology and abundant cyber attack experience, in stealth and maneuverability, it is outpacing larger cyber attack troops, "61,398 troops" that have been revealed last year.
"National Cyber Security Federation" is also, I put the same conclusion as the FBI. October 28, with the Washington Post, CEO of Novetta Solutions (CEO), to quote the words of Mr. Peter La Montagne, Axiom (Axiom) is like being supported by the Chinese government, now among the seen have Chinese cyber espionage organization until I pointed out to have a state-of-the-art technology.
In addition, according to experts and the FBI of "National Cyber Security Federation", Axiom is mainly has been spying for the monitoring and companies of different opinions who, likely to be the jurisdiction of the information department in charge of China's domestic safety is that of a high.
http://blog.livedoor.jp/intel_news_reports/archives/40804219.html
US FBI, warning of the presence of the Chinese government support of the hacker group "Axiom" - ability both over to the "61,398 troops."
category:
News
US & Canada
According to the place where novetta_cybersecurity_exec_summary-315_Nichizukeno "Washington Post" has reported, the United States Federal Bureau of Investigation (FBI), the hacker group that has been supported by the Chinese government, stealing important data from the US government and companies over a long period of time it was found to have issued a warning that there.
The warning, there is under the umbrella of the third part of the total staff part the Chinese People's Liberation Army, Shanghai compared to the "first 61,398 troops" doing the cyber attack as a base, "the hacker population, confidentiality and mobility in the surface, it has been pointed out that much winning. " Also from the United States government officials, "Washington Post" was interviewed, comparable to the "61,398 troops", or seem a view that has more significance has been shown.
Similar warning, in order to share information and resources related to malware, Symantec (Symantec) and FireEye (FireEye) such as, mainly computer security organized projects by companies, "operation SMN (Operation SMN)" It has been issued from. According to the Novetta Solutions to lead this project (Novetta Solutions) report released by the (abridged version), the hackers of the problem, has been named the "Axiom (Axiom)," the financially abundant and advanced technology that it carried out espionage activities in cyber that has. In addition, a pattern that was working freely from at least four years ago.
The main target is, economic and financial, energy, environment, in the main companies in areas such as high-tech product development, it has carried out espionage activities in accordance with the strategic interests of China. Moreover, the means to be used in order to enter the network is diverse, that are elaborately to devise the less likely to be found in companies that have suffered damage.
It should be noted that, for the technology and tactics that "Axiom" is used, for example, by collecting information from companies that have a victim, is in the process of being still continue to be investigated yet. As the "operation SMN", after two weeks, since it is scheduled to announce a detailed report, people who want to know technical analysis is, it would be better to wait for there is coming out.
【Related Documents】
Cyber Security Coalition: Executive Summary
Novetta Solutions, October 2014.
【Related article】
"FBI warns industry of Chinese cyber campaign"
Washington Post, October 15, 2014.
"" The Chinese hacker group that government-supported long-term strategy development "the FBI surpass warning stealth and mobility to" 61,398 troops. ' "
"Sankei news" (October 17, 2014)
"FBI, etc., very high alert" technical capabilities of the presence of the Chinese government hackers ""
"Epoch Times" (October 17, 2014)
US security company, report presentation on Chinese hacker group "Axiom"
category:
Reports
China, Taiwan & Korea
Executive_Summary-Final_1 the other day, as has been introduced in this blog, the United States Federal Bureau of Investigation (FBI), the Chinese People's Liberation Army cyber forces, comparable to the first 61,398 troops, or, there is a hacker group of Chinese with more capacity and, as stealing critical data from US government agencies and companies over a long period of time, it issued a warning.
American security companies that were analyzed this hacker group, Novetta Solutions (Novetta Solutions) is, the middle of this month, announced a preliminary version of the report, the hacker group of problems in named "Axiom (Axiom)", China while the support of the government, pointed out that technically deploy a sophisticated cyber espionage.
This time, the company, based on the information collected from companies that have been the victim, has announced the full version of the report. Content to some, but there is also a place that overlap with the previous blog post, I want to noted that it has become clear with respect again "Axiom".
The first thing to point out to is, it that this hacker group is in a very close relationship with the Chinese government. For example, according to the report, the "Axiom" is targeted, that is often a company that competes with the economic interests of China. In particular, there is a tendency that the economic and financial, energy, environment, companies in areas such high-tech product development is targeted. In addition, a group opposed to political claims of China, for example, also, it appears to have been added to the target NGO and journalists seek the democratization and human rights protection in China.
"Axiom", in order to launch a cyber attack on these targets, to those made specially from those simple, making full use of very wide variety of malware, attempts to penetrate the computer. Specifically, that the malicious program such as the following is used.
○ Zox family (ZoxPNG, ZoxRPC) / Gresim
○ Hikit
○ Derusbi
○ Fexel / Deputy Dog
○ Hydraq / 9002 / Naid / Roarur / Mdmbot
○ ZXShell / Sensode
○ PlugX / Sogu / Kaba / Korplug / DestroyRAT
○ Gh0st / Moudour / Mydoor
○ Poison Ivy / Darkmoon / Breut
Such a malicious program infected the computer, found alone about 430 million units are, yet its spread is, "Fortune 500 (Fortune 500)" major companies and academic research institutions are ranking, and, to government agencies that also extends. In addition, the regional, including the United States, South Korea, Taiwan, Japan, seems to the European Union (EU) had become the target was the main. Incidentally, in the report, infection Examples of "Hikit" are listed as follows.
● Asian and Western government agencies responsible for:
○ Government records and communications agencies
○ Law enforcement
○ Environmental policy
○ Personnel management
○ Space and aerospace exploration and research
○ Government auditing and internal affairs
● Electronics and integrated circuit manufacturers
● Networking equipment manufacturers
● Internet based services companies
● Software vendors, especially in the APAC region
● Journalism and media organizations
● NGOs, specifically those which deal with human rights or environmental policy
● International Consulting and analysis firms
● Law firms with an international or heavy M & A financial footprint
● Telecommunications firms
● Manufacturing conglomerates
● Venture Capital firms
● Energy firms
● Meteorological Services Companies
● Cloud Computing companies
● Pharmaceutical companies
● Highly regarded US Academic Institutions
In addition, "Axiom" is, to suppress the dissatisfaction of the Chinese government, in order to stabilize the domestic order, not only the Chinese who fled the country, even cyber attack that target until the Chinese people who live in the country that there is a possibility that mechanism. In fact, in China and academic research institutions in Hong Kong (such as universities), have been discovered malicious program that is associated with "Hikit", probably of liberal thought within China is monitoring so as not to spread It is seen as or not.
However, the behavior of "Axiom" is not to disrupt the system by infecting malware are directed to basically collect information. Therefore, in the report, are you behind the "Axiom", rather than the People's Liberation Army, shows the view that it will be China's intelligence agencies (for example, national security section).
In addition, as the entire report, but the quantity of about 30 pages, technical analysis has also been published, it has become really interesting content. People who are interested in Chinese hackers circumstances, would be may by all means be read.
By the way, for this time of the report, the Chinese authorities have commented that "It's exactly the apocryphal".
【Related Documents】
Operation SMN: Axiom Threat Actor Group Report
Novetta Solutions, October 2014.
【Related article】
"Researchers identify sophisticated Chinese cyberespionage group"
Washington Post, October 28, 2014.
"China-Backed Hacking Group Axiom Said To Have Attacked 43,000 Computers"
International Business Times, October 28, 2014.
"New Chinese Cyber-Espionage Group Exposed"
News Factor, October 28, 2014.
[Emergency diffusion] JTB of information leakage incidents, the culprit was the Chinese government! ! ! Modus operandi of cyber attacks using the virus Ru ya bus tricks! ! ! 2ch "passport number is dangerous," "Do not make counterfeit cards"
884: Anonymous @ Open: 2016/06/15 (Wed) 10:12:44 ID: h13
Well let us know that's
Kamikaze @mynamekamikaze
Cyber terrorism information emergency diffusion
Customer outflow cases of this time of JTB is found to PlugX the Axiom of hacker population of relationship with the Chinese government is using mainly
There is a possibility of a cyber attack from China
Hope to strengthen their own such as network security
https://twitter.com/mynamekamikaze/status/742834471280377857
1: Lone traveler ★: 2016/06/15 (water) 04: 33: 37.13 ID: CAP_USER9.net
Or infected with JTB PC virus to remote control
June 15, 4 hour 26 minutes
A large amount of personal information that major travel company "JTB" to manage is a problem there is a possibility that was leaked to the outside, to be able to operate the computer with the remote that there is infection was suspected to computer virus called "PlugX" officials It was found in an interview to. Tokyo Metropolitan Police Department is promoting a detailed analysis of the infected virus.
Major travel company "JTB" in this issue, that the group company of the server that manages the personal information of customers had received the cyber attacks "targeted e-mail", has revealed in a press conference of 14 days. And it depends on the person concerned, is that there is a suspicion of computer virus called to be able to remotely control a PC "PlugX" the infected.
That and depends on the security company, "PlugX" in the cyber attacks targeted to target specific tissues, such as government agencies and major corporations, used since about four years ago, when the infection can be drawn information on the server or PC thing.
In this problem, the Metropolitan Police Department is receiving a consultation of the damage from JTB at the end of last month, we are promoting a detailed analysis of the virus that infected the suspicion of fraud directive electromagnetic record-service in the field of view.
http://www3.nhk.or.jp/news/html/20160615/k10010556801000.html
"A large amount of personal information that major travel company" JTB "to manage the risk there is a problem that has flowed out to the outside."
"I infected the doubt of computer virus called to be able to remotely control a PC" PlugX ' "
"" PlugX "cyber attack targeted targeting specific tissues, such as government agencies and major corporations."
8: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 48: 05.11 ID: bc1gzpWn0.net
Are not I like this the insurance?
16: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 05: 53.88 ID: M2HqXVuM0.net
Toka the passport number should feel free to hold
Sora Akan
14: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 01: 22.46 ID: 9zpeXPME0.net
Or de amateur Nante eat the target type
12: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 57: 39.61 ID: b37DQKNo0.net
Troubled by many e-mail of misleading subject line or "RFQ"
25: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 24: 37.62 ID: cl291KMy0.net
Even the shit company of a small fish
To say that PC mail and customer information is farewell
(Did the subsidiary detach only server management department?)
20: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 10: 11.96 ID: oXmmUH920.net
It will use various terminal Outside
Security loose likely company
9: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 53: 34.26 ID: CERNlAfyO.net
The I affiliates That's miso.
Also by increasing the headquarters of the firewall,
Tayui place remains absolutely for access from within the group.
10: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 56: 36.25 ID: X6l1SJnh0.net
>> 9
It is constructed, no matter how robust security system
The individuals who are working in the middle
Or consciousness thinner for security
Be broken if the simple defenseless.
Open suspicious attached mail Hui guy too much.
11: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 04: 57: 38.48 ID: xNL4QiSq0.net
Personal information of employees who leaked doing idiot
Not even announced that person of the name
We've got protected from customer
41: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 06: 07: 46.80 ID: V7CMihyS0.net
> Group company for the server you want to manage the personal information of the customer
Agency, also terminal from each branch
Should you are connected to the virus infected server
44: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 06: 14: 25.78 ID: XxUwiSam0.net
It wishes can it prevent this kind of I
What external contact can be PC and personal information handled PC
We were together or can be connected as
(... Airline of person who is not listed in the Panama document is a stepping stone)
1: ◆ HeartexiTw chest crush φ ★ (★ 99b9-YuwK): 2016/06/16 (Thursday) 05: 59: 05.28 ID: CAP_USER9.net
Mail JTB personal information outflow virus attached feign from All Nippon Airways
June 16, 10 pm 4
Major travel company "JTB" computer virus, which became the beginning of the infection in the cyber attack that was used to steal people's personal information is attached e-mail, the address and the contents of the transmission source is sent from All Nippon Airways for airlines that exchanged business from the usual It was as it were those disguised as was found in an interview to the officials.
This problem, JTB Group companies received a cyber attack, but the customer's personal information of approximately 7,930,000 persons and there is a fear that has flowed out, the beginning of the problem March this year, the e-mail sent to the company was to infected with the virus will open the attachment.
In the house, but had been instructed not to open inadvertently attached file, e-mail virus is attached has a character of "ana" to the originator of the address, the title also, "please contact the flight ahead of the accompanying" If it were those claiming to be sent from the ANA that there is exchanged business from usually it was found in an interview to the officials.
...
http://www3.nhk.or.jp/news/html/20160616/k10010557971000.html
"Virus is attached mail: those claiming to be sent from the airline All Nippon Airways"
"Character of" ana "to the source of the address."
"Titles," please contact the flight ahead of the accompanying ' "
3: Anonymous @ 1 anniversary (Akuse Sx55-qS7w): 2016/06/16 (Thursday) 06: 00: 00.86 ID: Z5syeeGkx.net
Was horror I think the JCB
2: Anonymous @ 1 anniversary (Auau Sa31-ntlg): 2016/06/16 (Thursday) 05: 59: 37.65 ID: Ak5lyrSwa.net
What was the hole
46: Anonymous @ 1 anniversary (Watchoi W 1882-ntlg): 2016/06/16 (Thursday) 07: 39: 46.56 ID: e2VyVXTU0.net
>> 2
I like
7: Anonymous @ 1 anniversary (Watchoi 203c-4fuR): 2016/06/16 (Thursday) 06: 04: 01.88 ID: EP4CPEkN0.net
Sky customer information Tsu all unplug by e-mail pretending to ANA Heck, heehaw
5: Anonymous @ 1 anniversary (Watchoi 631b-6iFS): 2016/06/16 (Thursday) 06: 01: 34.43 ID: ixL9DiyZ0.net
Or rather, not even virus scanning and
Whether they open the mail?
Or was a new species that do not catch on the scan?
6: Anonymous @ 1 anniversary (Watchoi W 2357-ntlg): 2016/06/16 (Thursday) 06: 02: 56.76 ID: 1p / C4MCc0.net
>> 5
It will play in the usual domain
8: Anonymous @ 1 anniversary (Watchoi 631b-6iFS): 2016/06/16 (Thursday) 06: 04: 40.06 ID: ixL9DiyZ0.net
>> 6
I Ja useless If you have been domain disguise?
To Norton teacher us to scan without permission even out
16: Anonymous @ 1 anniversary (Watchoi W 2357-ntlg): 2016/06/16 (Thursday) 06: 12: 09.14 ID: 1p / C4MCc0.net
>> 8
?
Be nice if confirmed physical address in the white list system
If the data to be protected management exists
Aho is to free access
(What have JTB also Kitana鮮?)
13: business cards Orimashi gasping: 2016/06/17 (Fri) 19: 26: 50.47 ID: JYeY71pK.net
What every year I here
Employment Popularity Index's the stupid high?
Or arrange a tour so much Likes
25: Anonymous @ 1 anniversary (Watchoi 6379-iMfM): 2016/06/16 (Thursday) 06: 47: 05.32 ID: QRLClqIB0.net
This would absolutely internal crime,
Employment popular corporate rankings fraud
Black companies in what's JTB.
64: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 07: 19: 49.92 ID: Gk2wpH9I0.net
The work of anyway inside of human beings
38: Anonymous @ 1 anniversary (Oppeke Sr55-qS7w): 2016/06/16 (Thursday) 07: 20: 53.07 ID: GK92HGTqr.net
But say Toka dangerous I targeted,
Recent virus scan is Toka heuristic analysis,
Since correspond non definition file,
Very few of the is it can be trapped?
If not a guy familiar with the IT inside passage of JTB
You will not be able to create the virus.
From the most strange thing is, the infected PC
To database server
Where you can access.
I wonder if the server was no access restrictions?
65: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 07: 20: 15.59 ID: fAuikykq0.net
Soka Gakkai is the root of all evil> <
(Problem is spreading rapidly)
1: Saburo Kaieda ★: 2016/06/17 (gold) 13: 29: 17.18 ID: CAP_USER * .net
Also outflow or JTB problem customer information of the tie-up company
2016/6/17 13:23
From JTB subsidiary server issues that customers information about 7,930,000 persons is to have outflow, two companies of customer information to partner in the leaked customer information that is contained in 17 days, was found. Two companies in the "DeNA (DeNA)," "KDDI", that there is a possibility that the customer information that was conveyed to the JTB, such as for consignment of accommodation arrangements was spilled.
JTB had not announced a partnership company names of possible outflow.
Information customer information there is a risk of outflow is about 6500 persons booking site had their DeNA "DeNA travel", of about 4400 persons of "au travel" of KDDI.
http://www.nikkei.com/article/DGXLASDG17H22_X10C16A6CC0000/
"Two companies of customer information to partner in the leaked customer information has been included."
"" DeNA Travel "about 6500 persons of, about 4400 persons of" au travel "of KDDI"
6: business cards Orimashi gasping: 2016/06/17 (Fri) 13: 54: 06.93 ID: 3Su + ySbX.net
>> 1
Probably too much problem with the system
Or place ~~~~~~~~~
What'm personal data are distributed to something office in Ajo
3: business cards Orimashi gasping: 2016/06/17 (Fri) 13: 41: 40.95 ID: SV35NosX.net
White renamed in trouble stopping travel
4: business cards Orimashi gasping: 2016/06/17 (Fri) 13: 43: 28.28 ID: l2 / Lb8o / .net
Double-click the exe attachments
I think the result of ignoring the warning was writing to report me this
(Dangerous other aside only passport number is apt)
9: business cards Orimashi gasping: 2016/06/17 (Fri) 14: 10: 24.92 ID: dwwbhiHf.net
So leaked was JTB How he lived,
But personal information of the S-Class Nante passport.
I wonder if Hodai of the leak, if not a deliberate personal information.
45: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 06: 18: 40.68 ID: domsyJ1E0.net
Probably passport aim
Somewhere in the country while you do not know
Some reason chest heat or become a wanted man
18: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 06: 29.80 ID: t4fDzTSg0.net
Not to pun
It is passport abuse
Or it is constrained abroad
20: Anonymous @ 1 anniversary (Auau Saed-0jBH): 2016/06/16 (Thursday) 06: 28: 35.86 ID: CrNAMbjLa.net
It was intentionally pick off without 's chance
I passport is not a joke
I wonder use to organized crime
61: Anonymous @ 1 anniversary (Watchoi d151-6iFS): 2016/06/16 (Thursday) 08: 36: 14.45 ID: U6qf0MpX0.net
I also I'm likely to be stolen, but contact? Not come yet
Probably universal to impersonate Nante passport information?
I say How do I self-defense customers stolen personal information?
12: Anonymous @ 1 anniversary (Watchoi W 2357-ntlg): 2016/06/16 (Thursday) 06: 07: 47.57 ID: 1p / C4MCc0.net
Of Ne Ja do was remove the ic chip information of the passport?
credit card
Spoofing will be used in crime
119: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 10: 15: 10.25 ID: 4a6P8J0u0.net
Passport number outflow Toka.
Toka arbitrarily credit card
How do If you wait too long and made bank account?
Kana out fee of passport re-issued?
19: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 08: 05.39 ID: faa3qOd70.net
Once it becomes a simultaneous change of the passport number
It would be tremendous effort
196: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 20: 49: 56.20 ID: dA86dHld0.net
Passport reissue of costs are also not burden NYA Naranshi,
It looks about alone 20,000.
(Chinese spoofing Japanese in mass generation enters a large amount ...)
79: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 07: 46: 56.71 ID: wYe0AaM10.net
Deep relationship with China
It is involved Axiom
It does not come out I
49: Anonymous @ 1 anniversary (Watchoi W 89d0-qS7w): 2016/06/16 (Thursday) 07: 56: 02.32 ID: 66aUTdzx0.net
JTB, Chinese, in Naa make counterfeit card
Open Account will store and guru ...
34: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 05: 56: 25.64 ID: 4sgSyG4m0.net
I by putting much anti-virus software ...
46: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 06: 23: 49.42 ID: X6l1SJnh0.net
>> 34
The attacker has been around now in a dedicated site before sending the virus
But I have to check whether the anti-virus software slip through.
203: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 21: 28: 38.79 ID: NGFHHQ1F0.net
>> 34
Target backlash can not be helped because it is the type of slip through it
I type Bangs inadvertently
I even joke at work in China
Was addicted inadvertently been planted from a colleague
Moreover, it is so students (bytes), China is horrible
186: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 18: 12: 43.46 ID: PsrbXBw70.net
I want to back riding in Japanese
No family register children of China "heihaizi (Heihaizu)"
There (ry
114: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 10: 11: 11.91 ID: xFu58az00.net
That's serious When the well well thought I leaking passport number.
I wonder if there is I forged is it.
I think the Well peace of mind because ic chip is on
Guys that he 's going thing
I do know what do do because would be nice head.
When you travel to the worst anywhere in the country
Already human beings of this passport number
As it has been immigration
And I think we are spoofing
Maybe emerge chance of being restrained.
I wonder if can claim damages to JTB if that happened.
150: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 10: 57: 18.75 ID: tdAH1RND0.net
>> 114
The fake passport, such as terrorists and spies and criminals
I think there is a possibility to be used
Because was doing anyway would be China
The Chinese criminals and spies
Impersonating Japanese ...
205: Anonymous @ 1 anniversary: 2016/06/15 (Wed) 21: 33: 45.15 ID: NGFHHQ1F0.net
>> 1
One of only can affirm is,
Once a person or a few years not travel a person as it is to travel
Since likely to be the subject of passport forgery,
You had better make sure people who have registered to experience JTB is
