Domestic cybersecurity incidents in 2021
The rapid development of emerging technologies represented by cloud computing, big data, artificial intelligence and the Internet of Things has led to a comprehensive generalization of cybersecurity risks, and their complexity is also constantly increasing. Especially with the spread of the novel coronavirus pneumonia, while accelerating the process of digital transformation of enterprises, it has also led to the spread of cyber security risks in an increasing number of scenarios.
In recent years, despite the country's high banner of ensuring cyber security, cyber security issues have become increasingly severe. Many major cyber security incidents have occurred in various places, including the leakage of citizens' information and multiple incidents where production was forced to stop due to ransomware attacks. The year 2021 has come to an end. Let's take a look at the cybersecurity incidents that occurred in China in 2021, including cases of data leakage and cyber attacks.

1. SMS phishing attacks targeting rural credit cooperatives and city commercial banks
Since the Spring Festival in 2021, a series of security incidents have occurred in many cities across the country. These incidents involved luring customers to click on phishing website links by sending mass text messages, claiming that their mobile banking services were invalid or expired, and thus stealing their funds. Tianji Youmeng has detected that a large number of phishing websites were registered and put into use one after another after February 9th. The domain names of these phishing websites are the customer service phone numbers of rural credit cooperatives, city commercial banks and other financial institutions plus letters, or in the form of domain names similar to those of financial institutions. Most of them are registered and hosted by overseas domain name registrars.
2. Xianyao.com, a subsidiary of Xishanju, was attacked, resulting in data leakage
On March 2, 2021, Xishanju Games issued an announcement stating that its products had repeatedly been subject to DDos attacks and server intrusions by lawbreakers, resulting in the leakage of some user accounts and encrypted non-plaintext passwords and other information. The official suggested that users immediately change their short-digit passwords with a lower security level.
3. 315 exposed chaos such as the abuse of facial information and the leakage of resumes
On March 15, 2021, CCTV's 315 program exposed three cases involving personal information security: merchants installed cameras to capture and record customers' facial information, shared it among multiple stores and provided comprehensive quotations; On platforms like Zhaopin and Liepin, resumes can be downloaded freely for payment, and a large number of resumes have flowed into the black market. Many mobile phone cleaning apps developed for the elderly secretly obtain mobile phone information and push content with deceptive tricks.
Citic Bank was fined 4.5 million yuan for leaking customer information
On March 19, 2021, the Consumer Protection Bureau of the China Banking and Insurance Regulatory Commission announced a fine that China CITIC Bank was heavily fined 4.5 million yuan for "querying and providing the transaction information of a customer's personal bank account to a third party without the customer's authorization". It is reported that the fine is suspected to be the penalty result of the incident in May 2020 when the stand-up comedian Chi Zi reported that China CITIC Bank had illegally and privately provided his bank statement information to the public.
Taiwan's PC manufacturer Acer was hacked and demanded a ransom of 50 million US dollars, approximately 325 million yuan, setting a new record
In March 2021, the REvil ransomware gang announced on its data breach site that they had successfully hacked into Acer's system and simultaneously released several screenshots of stolen files as evidence.
After the relevant reports were released, Valery Marchive of LegMagIT discovered samples of the REvil ransomware used in the Acer attack. It can be seen that the ransom demanded by the threat party was as high as 50 million US dollars.
Not long after, the relevant enterprise also found this sample and confirmed with both sides based on the ransom record that the sample was indeed from the Acer attack incident.
An employee of the Construction Bank was fined 300,000 yuan for violating the Criminal law by leaking and selling citizens' personal information
In May 2021, the Jiande Branch of China Construction Bank was fined 300,000 yuan for its employees' illegal inquiries and leaks of customer information as well as their failure to report criminal case (risk) information as required. Xu Chi, as the direct person responsible for the employees' illegal inquiries and leaks of customer information, was banned from working in the banking industry for five years.
7. The computer system of the Macao Health Bureau was maliciously attacked
Macao, May 7, 2021 (Xinhua) -- The Health Bureau of the Macao Special Administrative Region Government announced that at around 10:30 a.m. on the 7th, it was discovered that the computer system was subject to a malicious cyber attack, affecting the normal operation of systems such as health codes, medical vouchers, COVID-19 vaccines, and nucleic acid testing. After emergency repairs by the Health Bureau and CTM Limited, all computer systems have now returned to normal.
The Health Bureau stated that upon discovering the problem, it immediately activated the response plan, promptly carried out system repairs, and at the same time informed all ports to temporarily switch to using the "Yuekang Code" for customs clearance and to switch to using paper health codes when entering medical facilities, etc.
On June 17, 2021, nearly 1.2 billion user data records of Taobao were leaked
On June 17, 2021, the People's Court of Suiyang District, Shangqiu City, publicly released a criminal judgment on the Judgments Online website, which revealed that a college graduate named Lu, who lives in Shangqiu City, Henan Province, had been conducting data crawling on Taobao for eight months since November 2019 and stealing a large amount of user data. Before Alibaba noticed this issue, 118,0738,048 pieces of user information had already been leaked.
A branch of Agricultural Bank of China was fined 200,000 yuan for an employee's illegal inquiry and disclosure of customer account transaction information
On June 24, 2021, the administrative penalty information released by the Fuyang Regulatory Bureau of the China Banking and Insurance Regulatory Commission showed that the Taihe Jiuxian Branch of Agricultural Bank of China Co., Ltd. was fined 200,000 yuan for its employees' illegal inquiry and leakage of customer account transaction information. Liu Jie, the then internal affairs supervisor of the Taihe Jiuxian Branch of Agricultural Bank of China Co., LTD., and Yang Liu, the deputy director of the branch, were also given a warning for bearing direct responsibility.
10. The Didi incident on July 2, 2021
On July 2nd, the Cyberspace Administration of China issued an announcement stating that in order to prevent national data security risks, safeguard national security and protect public interests, the Cybersecurity Review Office has conducted a cybersecurity review of "Didi Chuxing" in accordance with the "Cybersecurity Review Measures". On the evening of July 4th, the Cyberspace Administration of China issued a notice stating that based on reports, after testing and verification, the "Didi Chuxing" App was found to have seriously violated laws and regulations in collecting and using personal information, and informed App stores to remove the "Didi Chuxing" app.
11. A high-risk JNDI injection vulnerability in Apache Log4j2 has been exposed
On November 24, 2021, the Alibaba Cloud Security team reported a remote code execution vulnerability in Apache Log4j2 to the Apache official team. Apache Log4J2 is a logging library for Java that supports starting remote logging servers. Because some functions of Apache Log4j2 have recursive parsing capabilities, attackers can directly construct malicious requests and trigger remote code execution vulnerabilities. The vulnerability exploitation does not require special configuration. Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc. are all affected. Attackers can easily execute any code remotely through the form of jndi injection attacks. Subsequently, the official promptly released new version fixes 2.15.0 and 2.15.0-RC1, but still failed to completely resolve the issue. Currently, it has been updated to 2.16.0.
This vulnerability has been named Log4Shell and is numbered CVE-2021-44228.
