It is not as if this is any surprise, but in case you did not already know, malicious Chinese actors leverage vulnerable US servers in their cyber operations:
A detailed computer forensic investigation by a major U.S. security firm revealed that three recent cyber attacks were carried out by two Chinese hacker groups known as Deep Panda and Wekby. Both groups appear linked to each other and are part of a Chinese-government run cyber espionage campaign.
The Department of Homeland Security stated in an internal report that cyber espionage targeting the bulk collection of personal data from government and private networks included nine attacks over the past year.
A report on the investigation by the security firm reveals the Chinese groups conducted the attacks using seven computer-hosting companies to target a U.S. air carrier, a European telecommunications company, and a European energy firm.
A copy of the report was obtained by the Washington Free Beacon. The security firm asked not to be named.
The report provides some of the first details on how shadowy Chinese hacking groups conduct their operations while working to thwart U.S. intelligence and law enforcement agencies from tracking their activities.
“It’s like playing whack-a-mole,” said an executive at one the companies who voiced frustration at the difficulties of blocking Internet Protocol (IP) addresses used covertly by Chinese hackers on U.S.-hosted domains.
The executive, who spoke on condition of anonymity over concerns of being targeted in a cyber attack, said the problem is not new and has been going on for years. “They are using very, very sophisticated methods,” the company official said of the hackers.