{"id":5614,"date":"2020-10-08T09:09:49","date_gmt":"2020-10-08T16:09:49","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5614"},"modified":"2023-10-12T13:52:05","modified_gmt":"2023-10-12T20:52:05","slug":"cisa-alert-domain-registration-hacking-by-chinese-threat-groups","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/","title":{"rendered":"CISA Alert &#8211; Domain Registration Hacking by Chinese Threat Groups"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">The Cybersecurity and Infrastructure Security Agency (CISA) put out Alert AA20-275A on 10.1.2020 on the Potential for China Cyber Response to Heightened U.S. &#8211; China Tensions. <\/span><span style=\"font-weight: 400;\">The genesis of the alert is increasing tensions between the United States and China. The alert declares that \u201cChina has a history of using national military and economic resources to leverage offensive cyber tactics in pursuing its national interests.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The \u201cMade in China 2025\u201d 10-year plan defines some of China\u2019s policy priorities. Per the CISA alert, China may seek to target industries that are core to U.S. interests. These industries include new energy vehicles (electric, fuel cell, hydrogen, etc.), next-generation information technology (IT), biotechnology, new materials, aerospace, maritime engineering and high-tech ships, railway, robotics, power equipment, and agricultural machinery.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The U.S. intelligence community and various private industry organizations have repeatedly identified the Chinese People\u2019s Liberation Army (PLA) and the Ministry of State Security (MSS) as behind a history of Chinese state-sponsored cyberattacks. There are examples of the PLA and the MSS managing these attacks directly and using designated proxy contractors in the Chinese business community.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Many Years of Documented Malicious Activity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">These Chinese Government-sponsored malicious activities have gone on for years. In 2014, the Zombie Zero\u00b9<\/span><span style=\"font-weight: 400;\"> supply-chain attack targeted shipping and logistics firms by implanting malware in brand new scanner hardware manufactured in China. Once a particular supply chain was compromised, the perpetrators could make orders in the database appear and disappear at will. In Zombie Zero, a Chinese government-sponsored private industry contractor embedded all newly manufactured scanner hardware with malicious firmware. The malware allowed the setup of command and control directly to the supply chain software. This allowed the threat actors to track virtually all shipments to and from each of the organizations compromised by these devices.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The CISA alert cites other examples of the very long history of Chinese threat actors involved with much offensive cyber activity. Those mentioned in the CISA alert include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">February 2013 \u2013 Cyber Threat Intelligence Researchers Link Advanced Persistent Threat (APT) 1 to China. This comprehensive report publicly exposed APT1 as part of China\u2019s military cyber operations and a multi-year effort that exfiltrated IP from roughly 141 companies spanning 20 major industries. A year later, the DOJ indicted Chinese cyber threat actors assigned to PLA Unit 61398 for the first time (also highlighted in the report).<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">April 2017 \u2013 Chinese APTs Targeting IP in 12 Countries. CISA announced that Chinese state-backed APTs carried out a multi-year cyber-enabled IP theft campaign that targeted global technology service providers and their customers. The threat actors leveraged stolen administrative credentials (local and domain). They placed sophisticated malware on critical systems to steal companies\u2019 IP and sensitive data in at least 12 countries.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">December 2018 \u2013 Chinese Cyber Threat Actors Indicted for Compromising Managed Service Providers (MSPs). DOJ indicted two Chinese cyber threat actors believed to be associated with APT10, who targeted MSPs and their large customer base through phishing and spear-phishing campaigns aimed at exfiltrating sensitive business data and, possibly, PII.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">February 2020 \u2013 China\u2019s Military Indicted for 2017 Equifax Hack. DOJ indicted members of China\u2019s PLA for stealing large amounts of PII and IP. The Chinese cyber threat actors exploited a vulnerability in the company\u2019s dispute resolution website to enter the network, conduct reconnaissance, upload malware, and steal credentials to extract the targeted data. <\/span><span style=\"font-weight: 400;\">The breach impacted roughly half of all American citizens and stole Equifax\u2019s trade secrets<\/span><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">May 2020 \u2013 China Targets COVID-19 Research Organizations. The Federal Bureau of Investigation (FBI) and CISA reported the targeting and compromise of U.S. organizations conducting COVID-19-related research by cyber actors affiliated with China. Large-scale password spraying campaigns were a commonly observed tactic in illicitly obtaining IP related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">DNS Compromise is a Key Attacker Technique<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The CISA Alert references key threat actor pre-attack techniques using the MITRE ATT&amp;CK framework. Pre-attack techniques involve reconnaissance, staging, and testing before the execution of an attack. The identified Chinese threat actors have been found to use the MITRE ATT&amp;CK Technique ID: T1326\u00b2<\/span><span style=\"font-weight: 400;\">, Domain Registration Hijacking. Domain registration hijacking involves changing the registration of a domain name without the permission of the original registrant. This technique was used explicitly by the APT1 threat group, which is attributed to the 2nd Bureau of the People\u2019s Liberation Army (PLA) General Staff Department\u2019s (GSD) 3rd Department, known by the Military Unit Cover Designator (MUCD) as Unit 61398.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The CISA Alert also references enterprise-class MITRE ATT&amp;CK techniques. CISA calls out the use of MITRE ATT&amp;CK technique DNS T1071.004\u00b3<\/span><span style=\"font-weight: 400;\">. This is part of the command and control tactic set and specifically involves hidden communications by threat actors using the Domain Name System (DNS) application protocol. The goal is to avoid detection\/network filtering by blending in with existing traffic. Command and control dialog with remote entities, and the results of those commands, are hidden and embedded in DNS protocol traffic between the client and server. DNS tunneling allows adversaries to use DNS to communicate with systems through the victim\u2019s network, hidden within the normal and expected traffic.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Attackers use DNS Tunneling to encode the data of other programs or protocols in DNS communication activity. DNS tunneling may include data payloads added to an attacked DNS server and used to control a remote server and applications. DNS tunneling requires the compromised system to have external network connectivity, as DNS tunneling requires access to an internal DNS server with network access. Hackers must also control a domain and a server that can act as an authoritative server to execute the server-side tunneling and data payload executable programs.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Protecting DNS with Foundational Security<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">BloxOne Threat Defense uses behavior analytics combined with machine learning to perform real-time analysis of incoming DNS queries, including entropy, n-gram, lexical, size, and frequency analysis to detect DNS tunnels. Threat Insight, the component in BloxOne Threat Defense that does this, also reduces false positives by detecting benign usage of DNS tunnels. DNS tunneling can be detected with two important methods\u2014using threat intelligence to find known tunnels (for example, known malicious IPs and known bad domains) or using behavior-based analytics to detect known or previously unknown methods of DNS tunneling. The Infoblox solution uses both methods to uncover previously unknown attacks. Other solutions mostly use only threat intelligence methods, limiting their ability to identify and catch new attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS based-controls also gives you scalable web and content filtering and can reduce your overall threat defense costs. BloxOne detects and blocks phishing, exploits, ransomware, and other malware, and it can also protect the modern workforce, including remote workers, from accessing objectionable or dangerous content.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">BloxOne also provides deep visibility into compromised devices or potential insider threats by giving detailed information such as device type, IP address, MAC address, and, most importantly, the user associated with the device trying to exfiltrate data. This greatly reduces the time to identify and remediate threats. Security teams can be more productive, identify threats faster, and reduce the risk of a potential breach.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Learn more about DNS security here:<\/span><\/p>\n<p><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Learn more about preventing DNS-based data exfiltration &#8211; check out this solution note:<\/span><\/p>\n<p><a href=\"https:\/\/www.infoblox.com\/wp-content\/uploads\/infoblox-solution-note-preventing-dns-based-data-exfiltration.pdf\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/wp-content\/uploads\/infoblox-solution-note-preventing-dns-based-data-exfiltration.pdf<\/span><\/a><span style=\"font-weight: 400;\">\u00a0\u00a0<\/span><\/p>\n<p>If you want to know more, please reach out to us directly via <a href=\"https:\/\/info.infoblox.com\/contact-form\" target=\"_blank\" rel=\"noopener\">https:\/\/info.infoblox.com\/contact-form<\/a>.<\/p>\n<p>\u00b9<a href=\"https:\/\/www.forbes.com\/sites\/kurtmarko\/2014\/07\/10\/trojan-hardware-spreads-apts\/#4082b0942536\">https:\/\/www.forbes.com\/sites\/kurtmarko\/2014\/07\/10\/trojan-hardware-spreads-apts\/#4082b0942536<\/a><\/p>\n<p>\u00b2<a href=\"https:\/\/attack.mitre.org\/techniques\/T1326\/\">https:\/\/attack.mitre.org\/techniques\/T1326\/<\/a><\/p>\n<p>\u00b3<a href=\"https:\/\/attack.mitre.org\/techniques\/T1071\/004\/\">https:\/\/attack.mitre.org\/techniques\/T1071\/004\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Cybersecurity and Infrastructure Security Agency (CISA) put out Alert AA20-275A on 10.1.2020 on the Potential for China Cyber Response to Heightened U.S. &#8211; China Tensions. The genesis of the alert is increasing tensions between the United States and China. The alert declares that \u201cChina has a history of using national military and economic resources [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":5615,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[332,333,236,253,247,334],"class_list":{"0":"post-5614","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-china","9":"tag-cyberattack","10":"tag-cyberthreat","11":"tag-mitre-attck","12":"tag-dns-tunneling","13":"tag-cisa","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>CISA Alert - Domain Registration Hacking by Chinese Threat Groups<\/title>\n<meta name=\"description\" content=\"The Cybersecurity and Infrastructure Security Agency (CISA) put out Alert AA20-275A on 10.1.2020 on the Potential for China Cyber Response to Heightened U.S. - China Tensions.The genesis of the alert is increasing tensions between the United States and China. The alert declares that \u201cChina has a history of using national military and economic resources to leverage offensive cyber tactics in pursuing its national interests.\u201d\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CISA Alert - Domain Registration Hacking by Chinese Threat Groups\" \/>\n<meta property=\"og:description\" content=\"The Cybersecurity and Infrastructure Security Agency (CISA) put out Alert AA20-275A on 10.1.2020 on the Potential for China Cyber Response to Heightened U.S. - China Tensions.The genesis of the alert is increasing tensions between the United States and China. The alert declares that \u201cChina has a history of using national military and economic resources to leverage offensive cyber tactics in pursuing its national interests.\u201d\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-08T16:09:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-12T20:52:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png\" \/>\n\t<meta property=\"og:image:width\" content=\"414\" \/>\n\t<meta property=\"og:image:height\" content=\"282\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"CISA Alert &#8211; Domain Registration Hacking by Chinese Threat Groups\",\"datePublished\":\"2020-10-08T16:09:49+00:00\",\"dateModified\":\"2023-10-12T20:52:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/\"},\"wordCount\":1254,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png\",\"keywords\":[\"china\",\"Cyberattack\",\"Cyberthreat\",\"MITRE ATT&amp;CK\",\"DNS Tunneling\",\"CISA\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/\",\"name\":\"CISA Alert - Domain Registration Hacking by Chinese Threat Groups\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png\",\"datePublished\":\"2020-10-08T16:09:49+00:00\",\"dateModified\":\"2023-10-12T20:52:05+00:00\",\"description\":\"The Cybersecurity and Infrastructure Security Agency (CISA) put out Alert AA20-275A on 10.1.2020 on the Potential for China Cyber Response to Heightened U.S. - China Tensions.The genesis of the alert is increasing tensions between the United States and China. The alert declares that \u201cChina has a history of using national military and economic resources to leverage offensive cyber tactics in pursuing its national interests.\u201d\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png\",\"width\":414,\"height\":282},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"CISA Alert &#8211; Domain Registration Hacking by Chinese Threat Groups\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CISA Alert - Domain Registration Hacking by Chinese Threat Groups","description":"The Cybersecurity and Infrastructure Security Agency (CISA) put out Alert AA20-275A on 10.1.2020 on the Potential for China Cyber Response to Heightened U.S. - China Tensions.The genesis of the alert is increasing tensions between the United States and China. The alert declares that \u201cChina has a history of using national military and economic resources to leverage offensive cyber tactics in pursuing its national interests.\u201d","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/","og_locale":"en_US","og_type":"article","og_title":"CISA Alert - Domain Registration Hacking by Chinese Threat Groups","og_description":"The Cybersecurity and Infrastructure Security Agency (CISA) put out Alert AA20-275A on 10.1.2020 on the Potential for China Cyber Response to Heightened U.S. - China Tensions.The genesis of the alert is increasing tensions between the United States and China. The alert declares that \u201cChina has a history of using national military and economic resources to leverage offensive cyber tactics in pursuing its national interests.\u201d","og_url":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/","og_site_name":"Infoblox Blog","article_published_time":"2020-10-08T16:09:49+00:00","article_modified_time":"2023-10-12T20:52:05+00:00","og_image":[{"width":414,"height":282,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png","type":"image\/png"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"CISA Alert &#8211; Domain Registration Hacking by Chinese Threat Groups","datePublished":"2020-10-08T16:09:49+00:00","dateModified":"2023-10-12T20:52:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/"},"wordCount":1254,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png","keywords":["china","Cyberattack","Cyberthreat","MITRE ATT&amp;CK","DNS Tunneling","CISA"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/","url":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/","name":"CISA Alert - Domain Registration Hacking by Chinese Threat Groups","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png","datePublished":"2020-10-08T16:09:49+00:00","dateModified":"2023-10-12T20:52:05+00:00","description":"The Cybersecurity and Infrastructure Security Agency (CISA) put out Alert AA20-275A on 10.1.2020 on the Potential for China Cyber Response to Heightened U.S. - China Tensions.The genesis of the alert is increasing tensions between the United States and China. The alert declares that \u201cChina has a history of using national military and economic resources to leverage offensive cyber tactics in pursuing its national interests.\u201d","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups.png","width":414,"height":282},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/cisa-alert-domain-registration-hacking-by-chinese-threat-groups\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"CISA Alert &#8211; Domain Registration Hacking by Chinese Threat Groups"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5614"}],"version-history":[{"count":6,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5614\/revisions"}],"predecessor-version":[{"id":9010,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5614\/revisions\/9010"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/5615"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}