Chinese hackers and Operation F**k Me

Jeremy Goldkorn Published December 19, 2019

Bloomberg reports (porous paywall):

A Chinese government-linked hacking group that was thought to be dormant has been quietly targeting companies and government agencies for the last two years, harvesting data after stealing passwords and circumventing two-factor authentication intended to prevent such attacks, according to researchers.

Fox-IT, a security company based in the Netherlands, said in a report published Thursday that the group’s attacks have extended to 10 countries, including the U.S., the U.K., France, Germany and Italy.

The Chinese hackers carried out a global espionage campaign that targeted industries including aviation, construction, finance, health care, insurance, gambling and energy, the firm said.

The hackers likely belong to a group known as APT20, according to the researchers, who said they had “high confidence that the actor is a Chinese group and that they are likely working to support the interests of the Chinese government.”

Fox-IT calls the group’s activities Operation Wocao (我操 “wǒ cāo — literally “I f**k” but used more like “shit,” “damn,” or “f**k me”). Bloomberg explains:

Perhaps the most striking indicator [that the hackers were Chinese] came after the hackers found out they had been caught. Fox-IT moved to shut them out of a compromised network and watched as the group typed in a series of commands to try and regain access to the computers.

When it became clear that they had been locked out, one of the hackers, apparently frustrated, bashed out the word “wocao” on his keyboard.

—Jeremy Goldkorn

Jeremy Goldkorn worked in China for 20 years as an editor and entrepreneur. He is editor-in-chief of The China Project, and co-founder of the Sinica Podcast. Read more

Twitter

Suggested for you

Society & Culture

This Land Is Not Your Land

Yangyang Cheng

China accuses India of ‘vile’ acts on border

Lucas Niewenhuis

‘The Chinese leadership has miscalculated’: Deepa Ollapally on the India-China border conflict

Lucas Niewenhuis

Chinese basketball returns after five-month absence

Gerry Harker

The youth are angry, but it’s business as usual for Hong Kong’s corporate elite as they embrace national security law

Ryan Tang

China launches final satellite for BeiDou, its GPS competitor

Lucas Niewenhuis

Cookie	Description
_gat	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
YSC	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Description
bcookie	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	This cookie is set by LinkedIn and used for routing.
PugT	This cookie is set by pubmatic.com. The purpose of the cookie is to check when the cookies were last updated on the browser in order to limit the number of calls to the server-side cookie store.

Cookie	Description
__gads	This cookie is set by Google and stored under the name dounleclick.com. This cookie is used to track how many times users see a particular advert which helps in measuring the success of the campaign and calculate the revenue generated by the campaign. These cookies can only be read from the domain that it is set on so it will not track any data while browsing through another sites.
_ga	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
_gid	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
_omappvp	The cookie is set to identify new vs returning users. The cookie is used in conjunction with _omappvs cookie to determine whether a user is new or returning.
_omappvs	The cookie is used to in conjunction with the _omappvp cookies. If the cookies are set, the user is a returning user. If neither of the cookies are set, the user is a new user.
GPS	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location

Cookie	Description
__qca	This cookie is associated with Quantcast and is used for collecting anonymized data to analyze log data from different websites to create reports that enables the website owners and advertisers provide ads for the appropriate audience segments.
_fbp	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
everest_g_v2	The cookie is set under eversttech.net domain. The purpose of the cookie is to map clicks to other events on the client's website.
fr	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
mc	This cookie is associated with Quantserve to track anonymously how a user interact with the website.
personalization_id	This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.
PUBMDCID	This cookie is set by pubmatic.com. The cookie stores an ID that is used to display ads on the users' browser.
TDCPM	The cookie is set by CloudFare service to store a unique ID to identify a returning users device which then is used for targeted advertising.
TDID	The cookie is set by CloudFare service to store a unique ID to identify a returning users device which then is used for targeted advertising.
test_cookie	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users' browser supports cookies.
uid	This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
uuid	To optimize ad relevance by collecting visitor data from multiple websites such as what pages have been loaded.
uuidc	This cookie is used to stores information about how the user uses the website such as what pages have been loaded and any other advertisement before visiting the website. This data is used to provide users with relevant ads.
VISITOR_INFO1_LIVE	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Trending

Trending

Chinese hackers and Operation F**k Me

Suggested for you

This Land Is Not Your Land

China accuses India of ‘vile’ acts on border

‘The Chinese leadership has miscalculated’: Deepa Ollapally on the India-China border conflict

Chinese basketball returns after five-month absence

The youth are angry, but it’s business as usual for Hong Kong’s corporate elite as they embrace national security law

China launches final satellite for BeiDou, its GPS competitor

Subscribe

About

Business Services

Advertise

Trending

Extended Navigation

Trending

Suggested for you