China's MIIT Hit by Ransomware Attack from Kill Security
Incident Date:
September 17, 2024
Overview
Title
China's MIIT Hit by Ransomware Attack from Kill Security
Victim
The Ministry of Industry and Information Technology (MIIT) China
Attacker
Killsec
Location
First Reported
September 17, 2024
Ransomware Attack on China's Ministry of Industry and Information Technology by Kill Security
The Ministry of Industry and Information Technology (MIIT) of China has recently fallen victim to a ransomware attack orchestrated by the notorious group known as Kill Security. This incident has raised significant concerns about the security of critical government infrastructure in China.
About the Ministry of Industry and Information Technology (MIIT)
Established in 2008, the MIIT is a key governmental agency under the State Council of the People's Republic of China. It is responsible for regulating and developing various sectors, including industry, telecommunications, and information technology. The ministry plays a crucial role in shaping China's industrial landscape by formulating national policies, standards, and plans for industrial development. It also oversees the daily operations of industries, promotes technological advancements, and ensures the quality of electronic and information goods.
With a workforce ranging from 11 to 50 employees, the MIIT is recognized for its significant influence on China's technological advancements and industrial growth. The ministry is involved in major initiatives like the "Made in China 2025" plan, aimed at enhancing production efficiency and quality across industries.
Attack Overview
Kill Security, also known as KillSec, has claimed responsibility for the ransomware attack on MIIT via their dark web leak site. The group alleges that they have gained access to sensitive information within the organization, posing significant risks to the ministry's operations and data integrity. The attack has reportedly compromised critical data, which could have far-reaching implications for China's industrial and technological sectors.
About Kill Security
Kill Security is a ransomware group known for targeting various industries and countries. The group has been active in carrying out ransomware attacks, demanding extortion amounts ranging from 1,500 EUR to 10,000 EUR. They use a variety of communication channels, including Telegram, Session Messenger, and Tox, and prefer Monero (XMR) cryptocurrency for transactions. The group is tracked and monitored by various cybersecurity platforms, including ID Ransomware and Ransom-DB.
Penetration and Vulnerabilities
While the exact method of penetration used by Kill Security in this attack is not publicly disclosed, it is likely that the group exploited vulnerabilities in MIIT's cybersecurity infrastructure. Common tactics employed by ransomware groups include phishing attacks, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials. Given MIIT's critical role in regulating and developing China's industrial and technological sectors, the ministry's extensive data repositories and interconnected systems make it an attractive target for threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.