As another evidence of hackers targeting the weaker links in the ecosystem, this WSJ report indicates that North Korean hackers have targeted social service organizations helping North Korean defectors settle down in South Korea. We have seen similar scenarios when hackers target employment background check companies for the heist of large amounts of personnel data.

https://www.wsj.com/articles/hackers-steal-personal-information-of-north-korean-defectors-in-south-korea-11546001022  

According to this report, some Chinese hackers specifically target IT service providers, because they can use such service providers as a spring board to hack their customers. This makes total sense, and means that the IT department of enterprises who want to outsource their IT operations must conduct plenty of due diligence of the service provider's cybersecurity posture.


https://www.washingtonpost.com/world/national-security/us-and-more-than-a-dozen-allies-to-condemn-china-for-economic-espionage/2018/12/20/cdfd0338-0455-11e9-b5df-5d3874f1ac36_story.html?noredirect=on&utm_term=.4bbcd70aed11

Another instance of compromise of SMS-based 2FA. This time it is combined with phishing to capture the user ID and password first.

https://arstechnica.com/information-technology/2018/12/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail/

Many recent reports indicate multitude of Chinese hacking activities against US targets:

- Chinese hackers breach US Navy Contractors (https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401). The report says that this hack is linked to Temp.Periscope, a suspected Chinese government hacking unit that uses phishing emails to gain network access.

- Marriott breach is a part of APT from China aiming to gather more intelligence about US citizens (https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401)

Hope the US-China trade talks will turn the tide on this ill-development and bring more peace to the cyberspace.