New Threat Research: Analyzing CryptoJS Encrypted Phishing Attempt 

Read Threat Research


China Brings Back DDoS Cannon to Combat Hong Kong LIHKG Forum

China: After nearly two years of retirement, China has brought back its “Great Cannon” to fire Distributed Denial-of-Service (DDoS) attacks against a forum being used by Hong Kong residents for anti-Beijing propaganda. The forum, LIHKG, is being used by residents to spread their message against the Chinese regime during a time when protests in Hong Kong are still being carried out. The Chinese government has used the cannon in the past to carry out attacks against websites such as GitHub which was being used to share software and tools that allow Chinese residents to bypass China’s national firewall. The cannon works by intercepting traffic meant for websites hosted inside China and injects JavaScript code into the responses received in their browsers. The malicious code is executed in the browser of the victim and used to secretly access websites multiple times, which creates massive traffic spikes for the webserver of the target website. Using the cannon is rare because of the bad press that China receives from using it. According to AT&T cybersecurity, the Chinese government decided to bring the cannon out of retirement for this situation. Attacks on the forum ranged from August 31, 2019, through November 27, 2019. LIHKG received more than 1.5 billion requests per hour during times when the cannon was being used whereas the normal request rate for the website was 6.5 million per hour.

Analyst Notes

China bringing this tool out of requirement shows how serious the government is about silencing protests over the situation in Hong Kong. Now that the tool is being used and is out in the public, China may decide to hold off on using it for any more attacks in the near future in order to avoid negative press. This is likely not the last time the cannon will be used against this forum or other sites. Source information: