Cyberspionage, how the United States moves. The article by Giuseppe Gagliano
The inclusion of Singapore’s security firm Computer Security Initiative Consultancy (COSEINC) by the Bureau of Industry and Security (BIS) on the US Department of Commerce blacklist on November 3 caused a stir.
The company was accused of distributing unsupervised exploits. COSEINC has been hosting its own cyber vulnerability capture program, pwn0rama, since 2016. Its website quickly removed the link to the program following the BIS announcement, although the pwn0rama site is still running and still contains references to COSEINC .
The US sanctions are all the more political due to the fact that COSEINC was founded by Thomas Lim, an engineer close to the Singapore security services. He worked for the Singaporean Cyber ​​Security Agency He also worked for a while for the Italian interception software manufacturer Hacking Team, which has now become Memento Labs.
However, COSEINC is not Lim’s only source of employment. Since 2018 he has also managed Pwnzen Technology, the Singaporean branch of China’s Shanghai Ben Zhong Information Technology, aka Pwnzen InfoTech.
Pwnzen was founded in 2014 by Chinese hackers Han Zhengguang, Xu Hao, Chen Xiaobo, Li Xiaojun, Wang Tielei and Tang Zhushou, who also started the ethical hacking group Pangu Team, which specializes in security on terminals operating under iOS. The company is funded by Chengdou Mao Ji Chuangye Invest, the investment arm of Chinese cybersecurity firm Qihoo 360, as well as Qi An Xin, an IT company founded by Qihoo co-founder Qi Xiangdong.
Officially, Pwnzen works exclusively in the field of cyber defense. In this field, he also indicates that he works closely with Chinese IT institutions, including the National Computer Network Emergency Response Technical Team (CNCERT) and the China National Vulnerability Database (CNNVD), managed by the CNCERT and the Ministry of Security. State (Guoanbu). CNNVD was established as an equivalent to the National Vulnerability Database maintained by the US National Institute of Standards and Technology (NIST).
Pwnzen, a specialist in mobile security, has developed several systems to find and fix vulnerabilities affecting the Android and iOS operating systems, as well as to detect malware and operations carried out by advanced groups of persistent threats targeting mobile phones.
According to Euronews, however, Pwnzen also carries out other more confidential and strong-arm operations. He reported a claim that the company raided the phone of a Chinese opposition figure to extract data from his Facebook and Twitter accounts.
The BIS also blacklisted Israeli cyber intelligence firms NSO Group and Candiru (aka Saito Tech, formerly Taveta Ltd). Candiru, founded by Isaac Zack – a close collaborator of NSO founder Omri Lavie – is particularly active in Singapore, where it seeks zero day vulnerabilities for local intelligence services.
The other BRI-sanctioned company, Russia’s Positive Technologies, has been accused of distributing exploits. The company had already been sanctioned by the Office of Foreign Assets Control (OFAC) in mid-April but that didn’t stop the company from bragging about its Western clients on its website, including French bank Societe Generale and the French brokerage agency. ANSSI computer security.