Bilingual News

首页 |  双语新闻 |  双语读物 |  双语名著 | 
[英文] [中文] [双语对照] [双语交替]    []        

China’s Military Is Tied to Debilitating New Cyberattack Tool

来源:纽约时报    2020-05-08 11:30

        Sign up for NYT Chinese-language Morning Briefing.        (欢迎点击此处订阅NYT简报,我们将在每个工作日发送最新内容至您的邮箱。)
        On the morning of Jan. 3, an email was sent from the Indonesian Embassy in Australia to a member of Prime Minister Scott Morrison’s staff who worked on health and ecological issues. Attached was a Word document that aroused no immediate suspicions, since the intended recipient knew the supposed sender.        今年1月3日早上,一封来自印尼驻澳使馆的电子邮件发给了澳大利亚总理斯科特·莫里森(Scott Morrison)手下一名负责健康和生态问题的工作人员。邮件附有一份Word文档,这没有立刻引起怀疑,因为收件人认识假定的发件人。
        The attachment contained an invisible cyberattack tool called Aria-body, which had never been detected before and had alarming new capabilities. Hackers who used it to remotely take over a computer could copy, delete or create files and carry out extensive searches of the device’s data, and the tool had new ways of covering its tracks to avoid detection.        附件里包含了一个名叫Aria-body的隐形网络攻击工具,这个工具以前从未被查出过,它具有令人担忧的新功能。使用这个工具远程控制计算机的黑客能复制、删除或创建文件,并对计算机上的数据进行大范围的检索,而且,这个工具运用了新方法来掩盖自己的踪迹,以免被发现。
        Now a cybersecurity company in Israel has identified Aria-body as a weapon wielded by a group of hackers, called Naikon, that has previously been traced to the Chinese military. And it was used against far more targets than the Australian prime minister’s office, according to a report to be released on Thursday by the company, Check Point Software Technologies.        现在,以色列的一家网络安全公司已确定,Aria-body是一个名为Naikon的黑客团体使用的武器,该团体的踪迹此前已被追溯到中国军方。据这个名为检查点软件技术有限公司(Check Point Software Technologies)周四发布的一份报告,该工具被用来攻击的目标远不止澳大利亚总理办公室。
        In the preceding months, Naikon had also used it to hack government agencies and state-owned technology companies in Indonesia, the Philippines, Vietnam, Myanmar and Brunei, according to Check Point, which said the attacks underscored the breadth and sophistication of China’s use of cyberespionage against its neighbors.        据“检查点”称,在此前的几个月里,Naikon使用这个工具攻击了印尼、菲律宾、越南、缅甸和文莱的政府机构和国有科技公司。“检查点”说,这些攻击凸显出中国对邻国进行网络间谍活动的广度和高水平。
        “The Naikon group has been running a longstanding operation, during which it has updated its new cyberweapon time and time again, built an extensive offensive infrastructure and worked to penetrate many governments across Asia and the Pacific,” said Lotem Finkelstein, head of the cyberthreat intelligence group at Check Point.        “Naikon团体一直在进行一项长期行动,并在行动期间一次又一次地更新其新的网络武器,建立了广泛的进攻性基础设施,并努力渗透亚太地区的许多政府,”“检查点”的网络威胁情报组负责人劳特姆·芬克尔斯坦(Lotem Finkelstein)说。
        What made these attacks so alarming, according to Check Point and other experts on Chinese cyberespionage, was the intrusive capabilities of Aria-body, the group’s new tool.        “检查点”和其他研究中国网络间谍活动的专家说,这些攻击之所以如此令人担忧,是因为Naikon团体的新工具Aria-body的入侵能力。
        Aria-body could penetrate any computer used to open the file in which it was embedded and quickly make the computer obey the hackers’ instructions. That could include setting up a secret, hard-to-detect line of communication by which data on the targeted computer would flow to servers used by the attackers.        Aria-body可以渗透任何用来打开嵌入它的文件的计算机,并马上让机器服从黑客的指令。这可能包括建立一条秘密的、难以查出的通信线路,让目标计算机上的数据通过这条线路流向攻击者使用的服务器。
        It could also replicate typing being done by the target user, meaning that had the Australia attack not been detected, the tool would have allowed whoever controlled it to see what a staff member was writing in the prime minister’s office, in real time.        这个工具还可以复制目标用户的打字,这意味着,如果那个澳大利亚攻击未被查出的话,这个工具就会让控制它的人实时看到总理办公室里的工作人员在写什么。
        The Australian government, which has been engaged in a contentious internal debate over concerns about Chinese interference, did not immediately respond to questions about the report.        澳大利亚政府一直在对中国干预的担忧进行激烈的内部辩论,但没有立即回复有关上述报告的问题。
        “We know that China is probably the single biggest source of cyberespionage coming into Australia by a very long way,” said Peter Jennings, a former Australian defense official who is the executive director of the Australian Strategic Policy Institute.        “我们知道,中国可能是对澳大利亚进行网络间谍活动的最大来源,其行动规模远远超过任何其他地方,”澳大利亚战略政策研究所(Australian Strategic Policy Institute)执行主任彼得·詹宁斯(Peter Jennings)说,他曾任澳大利亚国防官员。
        Faced with such criticism in recent years, Beijing has maintained that it is opposed to cyberattacks of any kind and that the Chinese government and military do not engage in hacking for the theft of trade secrets.        在这类批评面前,北京近年来一直坚称,它反对任何形式的网络攻击,而且中国政府和军队不参与窃取商业机密的黑客活动。
        China’s cyberespionage efforts have shown no sign of relenting globally and may be intensifying as tensions with Australia, the United States and other countries have risen over trade, technology and, more recently, disputes over the coronavirus pandemic. Experts say its aim is to steal vast amounts of data from foreign governments and companies.        中国的网络间谍活动在全球范围内毫无减弱的迹象,而且随着中国在贸易、技术,以及最近新型冠状病毒大流行病方面与澳大利亚、美国和其他国家的争端升级,其网络间谍活动可能正在加剧。专家说,中国的目标是窃取外国政府和公司的大量数据。
        “This may be different in design, but these attacks all have the same purpose,” said Matthew Brazil, an American former diplomat and author of a new book on Chinese espionage, referring to Aria-body.        “工具在设计上可能有所不同,但这些攻击的目的都是一样的,”美国前外交官、一本关于中国间谍活动的新书的作者马修·巴拉兹尔(Matthew Brazil)说,他指的是Aria-body。
        According to Check Point, the hacker using Aria-body was able to take over the computer used by an Indonesian diplomat at the embassy in Canberra, the Australian capital. The hacker found a document that the diplomat was working on, completed it and then sent it to the staff member in the prime minister’s office, armed with the Aria-body tool.        据“检查点”的报告,使用Aria-body的黑客成功地控制了印尼驻澳大利亚首都堪培拉大使馆的一名外交官的计算机。黑客找到了这名外交官没写完的一份文件,将其完成后,配上Aria-body工具发给了澳大利亚总理办公室的工作人员。
        It was discovered only because of a simple human error.        这次攻击之所以被发现只是因为一个简单的人为错误。
        The hacker sending the email dispatched it to the wrong address. When the server in the prime minister’s office returned it with a note saying the email address had not been found, the transmission aroused suspicion that something in the original message was fishy, the authors of Check Point’s report wrote. That prompted the investigation that revealed the attempted attack — and its novel weapon.        发电子邮件的黑客把邮件发到了一个错误地址。“检查点”报告的作者写道,总理办公室的服务器将邮件退回,并附了一个“收件地址不存在”的解释,这个传输才引起了对原邮件存在可疑之处的怀疑。由此所做的调查揭示了这次未遂攻击——及其使用的新武器。
        Naikon was previously investigated by an American cybersecurity company, ThreatConnect, which in 2015 published a wide-ranging report on the group’s connection to the People’s Liberation Army.        美国网络安全公司ThreatConnect此前调查过Naikon。这家公司曾于2015年发布了一份关于Naikon与中国人民解放军关系的广泛报告。
        The hacking group appeared to operate as part of the military’s Second Technical Reconnaissance Bureau, Unit 78020, based mainly in the southern city of Kunming, according to ThreatConnect. It is said to be responsible for China’s cyberoperations and technological espionage in Southeast Asia and the South China Sea, where Beijing is embroiled in territorial disputes with its neighbors.        据ThreatConnect的报告,这个黑客团体似乎隶属于中国人民解放军第二技术侦察局78020部队,主要驻扎在中国南方城市昆明。据称,该黑客团体负责中国在东南亚和南中国海的网络行动和技术间谍活动。中国在南中国海与邻国存在领土争端。
        A report by the Kaspersky Lab, a Russian cybersecurity company, called the group one of Asia’s most active “advanced persistent threats,” a term that security experts often use to describe state-backed hackers who run long-term campaigns of intrusion.        俄罗斯网络安全公司卡巴斯基实验室(Kaspersky Lab)的一份报告称,该黑客团体是亚洲最活跃的“高级持续性威胁”之一。安全专家经常用此说法来描述长期从事入侵活动、有政府背景的黑客。
        After the 2015 report disclosed Naikon’s main cyberweapons, the group seemed to disappear. Mr. Brazil, the former diplomat, noted that China had since reorganized its cyberespionage forces, shifting some from the People’s Liberation Army to the Ministry of State Security, effectively dividing their duties between military intelligence and diplomatic and economic espionage.        2015年的报告将Naikon的主要网络武器公之于众后,这个黑客团体似乎消失了。前外交官巴拉兹尔指出,自那以后,中国重组了自己的网络间谍力量,将一部分活动从中国人民解放军转移到了国家安全部,实际上是将黑客的职责按照军事情报或外交与经济间谍进行了划分。
        Check Point’s report suggests that Naikon may have remained active, though it is not clear whether it has shifted out of the military chain of command.        “检查点”的报告暗示,Naikon可能仍在活动,尽管还不清楚它是否已经从军事部门剥离出来。
        Since early 2019, according to the Check Point report, the group has accelerated efforts to expand its online infrastructure. The hacking group has purchased server space from Alibaba, the Chinese technology company, and registered domain names on GoDaddy, an American web-hosting firm.        据“检查点”报告,自2019年初以来,这个黑客团体已加快了扩大其在线基础设施的努力。它从中国的科技公司阿里巴巴购买了服务器空间,并在美国网络托管公司GoDaddy上注册了域名。
        In one case, Naikon commandeered a server of the Philippines’ Department of Science and Technology and used it to help disguise the origin of a Naikon attack, by making it seem as though it came from that server.        在一个案例中,Naikon强占了菲律宾科技部的一个服务器,并利用其来掩盖Naikon攻击的发源地,让攻击看起来像是来自那个服务器。
        The group would intrude into computers by hiding Aria-body in Microsoft Word documents and files that install Microsoft Office programs. What made it difficult to discover was its ability to conceal itself much more effectively than other such tools.        这个黑客小组通过将Aria-body隐藏在Word文档和安装微软Office程序的文件中入侵计算机。使其难以被查出的是,这个工具隐藏自己的能力比其他这类工具更有效。
        Aria-body could attach itself as a parasite to various types of files so that it did not have a set pattern of movement. Its operators could change part of its code remotely, so that after attacking one computer, Aria-body would look different when it breached the next one. Such patterns are often telltale signs for security investigators.        Aria-body可以像寄生虫一样附着在各种类型的文件上,因此它没有固定的活动模式。操纵这个工具的人可以远程更改其部分代码,所以,在攻击了一台计算机后,Aria-body在入侵下一台机器时看上去可能会不同。对安全调查人员来说,固定活动模式是他们通常寻找的问题迹象。
        “People sometimes fail to see the industrial-strength capacity that China has to do this on a global scale,” said Mr. Jennings, the Australian former defense official. “We’re talking about tens of thousands of people who are operating in their signals intelligence unit and Ministry of State Security. China has both the capacity and a long-demonstrated intent to do this wherever it thinks it can extract useful information.”        “人们有时没有看到中国在全球范围进行黑客攻击所具有的强大能力,”澳大利亚前国防官员詹宁斯说。“他们有成千上万的人在他们的信号情报部门和国家安全部工作。中国有能力也有早已表现出来的意图,打入其认为能获取有用信息的任何地方。”
        Check Point did not disclose all of the targets it said Naikon had infiltrated, but said they included embassies, ministries and state-owned corporations dealing with science and technology.        “检查点”没有透露其表示已被Naikon渗透的所有目标,但表示这些目标包括大使馆、政府部门,以及从事科技业务的国有企业。
        “Throughout our research we found that the group adjusted its signature weapon to search for specific files by names within the compromised ministries,” said Mr. Finkelstein, the Check Point expert. “This fact alone strengthens the understanding that there was a significant, well-thought infrastructure and pre-operation intelligence collection.”        “在整个研究过程中,我们发现,该黑客团体调整了其特征武器,以便在被其渗透的政府部门用名字搜索特定文件,”“检查点”专家芬克尔斯坦说。“这一事实本身就加强了这样一种理解,即存在一个重要的、计划周密的基础设施和行动前情报收集。”

OK阅读网 版权所有(C)2017 | 联系我们