this post was submitted on 17 Dec 2025
40 points (95.5% liked)

Europe

8128 readers
422 users here now

News and information from Europe ๐Ÿ‡ช๐Ÿ‡บ

(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)

Rules (2024-08-30)

  1. This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
  2. No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
  3. Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
  4. No bigotry, sexism, racism, antisemitism, islamophobia, dehumanization of minorities, or glorification of National Socialism. We follow German law; don't question the statehood of Israel.
  5. Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
  6. If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
  7. Light-hearted content, memes, and posts about your European everyday belong in other communities.
  8. Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
  9. No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)
  10. Always provide context with posts: Don't post uncontextualized images or videos, and don't start discussions without giving some context first.

(This list may get expanded as necessary.)

Posts that link to the following sources will be removed

Unless they're the only sources, please also avoid The Sun, Daily Mail, any "thinktank" type organization, and non-Lemmy social media (incl. Substack). Don't link to Twitter directly, instead use xcancel.com. For Reddit, use old:reddit:com

(Lists may get expanded as necessary.)

Ban lengths, etc.

We will use some leeway to decide whether to remove a comment.

If need be, there are also bans: 3 days for lighter offenses, 7 or 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.

If you want to protest a removal or ban, feel free to write privately to the primary mod account @EuroMod@feddit.org

founded 2 years ago
MODERATORS
federalreverse@feddit.org
poVoq@slrpnk.net
anzo@programming.dev
EuroMod@feddit.org
40
Chinese espionage crew 'Ink Dragon' expands its snooping activities into European government servers, security researchers say (www.theregister.com)
submitted 3 days ago by Sepia@mander.xyz to c/europe@feddit.org
7 comments fedilink hide all child comments
 

Chinese espionage crew 'Ink Dragon' expands its snooping activities into European government servers

In the last few months, the China-linked threat Ink Dragon's activities show increased focus on government targets in Europe in addition to continued activities in Southeast Asia and South America.

Web archive link

Here is the original (technical) report: Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation

...

These attacks begin with Ink Dragon probing security weaknesses, such as misconfigured Microsoft IIS and SharePoint servers, to gain access to victims' environments. This tactic, as opposed to abusing zero-days or other high-profile vulnerabilities, helps attackers fly under the radar and reduces their chances of being caught.

Ink Dragon then scoops up credentials and uses existing accounts to infiltrate targets, tactics that help the gang blend in with normal network traffic.

"This stage is typically characterized by low noise and spreads through infrastructure that shares the same credentials or management patterns," Check Point's researchers said in a Tuesday blog.

Once Ink Dragon finds an account with domain-level access, the spies set to work establishing long-term access across high-value systems, installing backdoors and implants that store credentials and other sensitive data.

...

In addition to their new targets and relay node activity, Check Point says the cyber spies have also updated their FinalDraft backdoor so that it blends in with common Microsoft cloud activity, hiding its command traffic inside mailbox drafts.

The new version also lets the malware check in during business hours - so as not to draw unwanted after-hour attention - and can more efficiently transfer large files with minimal noise.

...

The threat hunters' investigation into Ink Dragon also uncovered similar, stealth activity by another China-linked espionage crew RudePanda, which "had quietly entered several of the same government networks," they wrote.

While the two groups are unrelated, they both abused the same server vulnerability to gain access to the same IT environments. This also illustrates the changing tactics among other government-sponsored cyber squads, including not only Beijing-backed crews, but also those from Russia.

...

you are viewing a single comment's thread
view the rest of the comments
[โ€“] randomname@scribe.disroot.org 1 points 2 days ago (1 children)

This has nothing to do with our "ally" in the West, nor any "ally." This is about China which apparently acts as an enemy of Europe that goes far beyond this cyberattack. The fact that the US gets worse doesn't make China in any way better.

[โ€“] Anonymaus@feddit.org 1 points 2 days ago

I didnt say it does?!