Inventory of e-mail security incidents in China in the first half of 2022

2022 In the first half of the year , Email security incidents caused by email attacks and human factors occur frequently . E-mail security incidents are still growing rapidly , The harm caused is becoming more and more serious , It poses a serious threat to government and enterprises . Here is an inventory for you ,2022 E-mail security incidents occurred in China in the first half of .

1、 The mail system of Northwestern Polytechnic University was attacked by overseas networks

6 month 22 Japan , Northwestern Polytechnic University issued a statement on its official microblog saying , Recently, the school e-mail system was attacked by the Internet , There are hacker organizations and criminals from abroad who send phishing emails containing Trojan horse programs to school teachers and students , Attempt to steal relevant teacher-student email data and personal information of citizens , Cause major risks and hidden dangers to the normal work and life order of the school . Preliminary judgment , This incident is a cyber attack launched by overseas hacker organizations and lawbreakers .

2、 Sohu's internal mailbox was stolen , Employees are cheated 4 More than RMB

All employees of Sohu are 5 month 18 I received a letter from “ Sohu Finance Department ” be known as 《5 Notice of monthly employee salary subsidy 》 The mail , A large number of employees scan the code according to the requirements of the attachment , And filled in the bank account number and other information , In the end, instead of waiting for the so-called subsidy , The balance in the salary card is also transferred . After investigation , In fact, an employee was accidentally phished when using email, resulting in password disclosure , Then he was pretended to be the finance department to send e-mail . According to statistics, there are 24 Employees were cheated out of more than 40000 yuan .

3、 Indian hackers continue to attack key institutions in China by using e-mail

India's APT Attack groups , Use Google 、 Yahoo mailbox or other mailboxes stolen , To neighboring countries such as China 、 Pakistan and other military and political targets sent extremely confusing harpoon mail , Trick the victim to run a variety of mature commercial remote-control Trojan loads , Achieve the purpose of stealing data for a long time .

4、 Social software leaks seriously

6 month , Office of the secrecy Committee of the CPC Zhejiang Provincial Committee 、 Issued by the Provincial State Security Bureau , Yes 2022 A number of violations of confidentiality laws and regulations were investigated and dealt with in the first half of 6 Cases were notified . Find out , Use Internet social software （ WeChat 、QQ、） Send at will 、 Taking pictures 、 Upload sensitive data ; Some minority organs 、 The unit has a weak sense of confidentiality 、 Lack of confidential knowledge 、 Lax confidentiality management and other issues ; For the mobile phones of secret related staff 、 The control of electronic equipment such as mobile devices is not in place , Transferring classified documents 、 Sensitive data , There are not enough safe ways .

5、 The internal mailboxes of many well-known domestic enterprises were stolen

6 month , Shanghai anti telecom network fraud Center released , The internal mailboxes of many well-known enterprises in the city were stolen , Send a lot of fraudulent emails . After analysis , Criminals are likely to steal the internal mailboxes of employees of many well-known enterprises in this city , Then send emails to the employees of the enterprise in the email address book , Panic said that many departments jointly issued relevant notices on wage subsidies , Wechat scanning email can be attached with QR code for registration , Receive salary allowance , Overdue shall be deemed as abandonment . Some victims believe it , After scanning the code, it jumps into the so-called “ Application page ”, And input the complete bank card number step by step as required 、 full name 、 Id card number 、 Phone number 、 Mobile phone verification code and other information , However, after confirming the submission, the mobile phone received several bank card consumption deduction tips , The victim was cheated of withholding .

6、 The mailbox system of domestic listed companies has been invaded , Loss of more than 20 million

4 At the beginning of , The email system of Daya holy elephant was hacked , Caused the company to lose 2275.49 Ten thousand yuan . The great Asian icon represents , A wholly-owned subsidiary, Shengxiang Group Co., Ltd., a subsidiary of the United States Home Legend LLC The company became the victim of a telecommunications fraud , The perpetrator invaded the Microsoft email system rented by the company , Fake e-mail to pretend to be a member of the company's management , Forge supplier documents and email paths , Commit fraud , The amount involved is about 356.9 Thousands of dollars （ About the yuan 2275.49 Ten thousand yuan ）.

7、 Macau 17 Luxury hotels were attacked by e-mail , Or cause guest data leakage

4 month , The researchers found that for Macao, China 17 A luxury hotel （ Include Grand Coloane Resort- Macao Luhuan Haitian Resort 、Wynn Palace- Wynn Palace Hotel Macau ） Including phishing email attacks . The main purpose is to destroy their network facilities and steal sensitive data from high-profile guests who live in resorts .

8、 Many domestic and foreign enterprises were attacked by virus e-mail

3 month 15 Japan , Security researchers found that there were fishing attacks against personnel in foreign trade related industries . The main channels of this phishing attack are business communication software and e-mail . Hackers deliver bait through business communication software or e-mail , Bait file names are mostly related to " Product examples "," Order example "," Brand name " of , The icon of the file is modeled after xlsx,pdf, Trademarks, etc. , After tracing and analyzing the attack , The target of this attack is some domestic foreign trade enterprises .

E-mail security is an important transmission channel that is easy to be ignored . The government and enterprise emails contain ： Customer information 、 Financial data 、 Personal data of citizens 、 Business secrets 、 Scientific research technology 、 Even state secrets , These classified data are easy to be leaked due to various vulnerabilities or improper management .