China is not happy with me. I was recently glancing over this site’s analytics and noticed something interesting that occurred beginning Oct 30th.
Before I address the 2 events that I’m going to write about, just as I currently write about them, I’m also currently addressing a DMARC / DKIM email spoofing attempt from this very domain, from you guessed it, a Hong Kong based IP – 14.1.22.15. This IP used to resolve to xiecheng-xxxxx.com.
Xiecheng, currently will redirect to ctrip.com, a Chinese based travel agency.
I’m supposed to travel soon……
I received 2 alerts today, the 1st one from Google, and then later in the day from Zoho.
Just changed my email passwords and turned on DKIM.
Now to discuss the original 2 events. Beginning Oct 30th, a Chinese threat actor visited this site to send a message. I know this because the spike in traffic was an anomaly. Received about 100x the traffic from a China based IP. This bot then visited 1 page about 417 times for an elapsed timespan of x:xx.
Now if you know me, these are very significant numbers, so whichever China based threat group this is (if it even is an APT group) are not happy with the dent our consultants have put in Chinese Geopolitics in the Northeast region of the United states.
This story is long and complex, and begins long ago, obviously. But the context for the one I’m talking about begins around 2 momentous times : 1. The advent of cyber in around the early 2000’s, and then later in the mid 2010’s with the leadership of Northeast state’s governors, and In particular Charlie Bakers first term in Massachusetts in 2010.
To be Continued…
Leave a Reply