Pro-Palestinian threat group GhostSec has targeted Chinese telecom major Hyundai and Chinese government servers.
Dark web researcher Dominic Alvieri tweeted the screenshots that the threat group was “kind enough to supply” that seemingly showed a glimpse of the IP range and 72k registries they accessed.
GhostSec put out the leak note on the Chinese government files during halftime of the World Cup Final on 18 December, along with the postscript “Vamos Argentina”, tweeted the researcher. The threat group claims to have access to 8.1
The researcher could not obtain any comments from Huawei. The request sent by The Cyber Express for comment, remained unanswered when the report was published.
@ghost_s3curity, supposedly the Twitter handle of the threat group, has shared Alvieri’s tweets on Huawei and the Chinese government files.
Hyundai, a constant target of cybercriminals, is itself in the eye of trans-national controversies on its rumored data-sharing with the Chinese government. GhostSec, a threat group with allegiance to the Anonymous collective, has been shifting its activities from hacktivism to financially motivated hacking, note researchers.
Unconfirmed new leak from GhostSec including Chinese government files.
Side note-This was posted during halftime of the World Cup Final along with the post script “Vamos Argentina.”
Anon files link available on Telegram.#China #Argentina #cybersecurity #infosec #GhostSec https://t.co/v64BHH6Wsf pic.twitter.com/5MIUnW3OUD
— Dominic Alvieri (@AlvieriD) December 18, 2022
GostSec: From hacktivist to hacker
“GhostSec is a highly organized hacktivist group associated with the international network hacktivists Anonymous. The group gained its reputation within the Anonymous collective by participating in the #opisis hacktivist initiative against ISIS back in 2015,” read an analysis report of the threat group by cybersecurity firm Outpost.
“In a typical Anonymous operations fashion, the actions of GhostSec are often broadcasted on Twitter and Telegram, showing Targets being subjected to DDoS attacks, system intrusion, webpage defacement, and leaked stolen information.”
The threat group is part of the pro-Ukraine hacker offensive formed in February 2022. It has been consistently attacking Iranian and Israeli organisations. As part of a “Free Palestine” campaign, the group in September claimed hacking 55 Berghof programmable logic controllers (PLCs) that Israeli firms use. “Our “war” has always been FOR the people not against them. #FreePalestine”, the group tweeted then.
The shift in its operations from hacktivism to hacking was spotted earlier, when the group posted a message in their Telegram channel under the heading “Hacktivism does not pay the bills!” in July 2022. The group then announced the launch of their new, pay-based Telegram channel and service, under the name GhostSec Mafia Premium.
Huawei, China and espionage
Huawei has been continuously facing criticisms for various operation policies and decisions, especially related to intellectual property and cybersecurity. The U.S. government last year warned that that company’s wireless networking hardware could have backdoors that allow Chinese surveillance. Huawei dismissed the allegation, pointing to lack of evidence.
Except the UK, all members of the Five Eyes international intelligence alliance have openly warned against the use of Huawei telecommunications equipment in 5G networks, citing “significant security risks”.
The US government issued a ban on the import or sale of communications equipment from Chinese vendors, saying they posed “an unacceptable risk to national security”. Chinese hardware giants Huawei Technologies and ZTE topped the list.
Huawei has been in the roster of companies listed as a threat by the US Federal Communications Commission since then. The new rules prevent future authorizations or use of the company’s equipment.