Longtime Slashdot reader schwit1 shares a report from Autoblog: For years, the Chinese auto industry has employed a hostile price war to kneecap global competitors. Armed with massive state subsidies, cheap raw materials, and an aggressive "scale-first" business model, Chinese automakers flooded the market with electric vehicles priced so low that legacy manufacturers stood no chance to compete. How did they do it? Simple, they couldn't. They did it anyway. Reports from CarNewsChina show that Chinese automakers have been selling vehicles at a loss until a recent law passed by the Chinese government banned below-cost sales of new vehicles. During the ongoing sales slump in China caused by rolled-back subsidies and direct government intervention banning below-cost sales, the truth behind the rapid expansion of the Chinese auto industry has been exposed. "By the first quarter of 2026, China captured 32 percent of the global auto market, with its New Energy Vehicles (NEVs) controlling an incredible 61 percent of global share," the report notes. Yet that dominance has come at a steep cost: throughout 2025, "the profit margin for China's auto industry plunged to 4.4 percent and dropped further to a historic low of 3.2 percent in early 2026." "Gross profit, not net profit, per vehicle, plummeted to a mere $2,000. We can expect the net figure to be loss-making." Autoblog adds: "Data shows over 70 percent of Chinese car sales were loss-making. This left more than half of the country's auto industry in the red. Great Wall Motor (GWM) even saw net profits drop 17 percent despite steady revenue growth." China's EV price war has now hit a wall. New regulations are discouraging below-cost sales, rising material costs are forcing automakers to cut discounts and raise prices, and reduced tax incentives are weakening domestic demand. To sustain growth, manufacturers are increasingly turning to exports.

Read more of this story at Slashdot.

Google threat hunters spotted yet another Chinese state-sponsored espionage group that for years had burrowed into systems belonging to government and private organizations to steal data across academia, medicine, military, cybersecurity and foreign policy. 

Google Threat Intelligence Group discovered the previously unknown threat group UNC6508, which targeted organizations in the United States and Canada, in late 2025 but traced its earliest known compromise back to September 2023. 

The revelation mirrors an alarming pattern of Chinese espionage groups dropping backdoors into critical infrastructure to pre-position for potential sabotage, intercept research and steal data with national security implications. These groups working at the behest of China’s government, including UNC6508, operated in stealth for years before authorities or researchers discovered their activity.

“We don’t know the full extent or impact of the campaign,” Patrick Whitsell, senior security engineer at GTIG, told CyberScoop. Researchers said the threat group intruded a medical research university in September 2023, stole credentials and communications, and remained active on the institution’s systems through November 2025 when it was discovered.

Google said it confirmed multiple victims compromised with INFINITERED, a custom backdoor the threat group deployed on targeted networks to steal administrative credentials after it exploited externally facing REDCap (Research Electronic Data Capture) servers.

Researchers still don’t know how UNC6508 gained initial access to the REDCap servers. Google said the survey and database software, which was created at Vanderbilt University and issued multiple patches for critical remote-code execution vulnerabilities throughout 2023, is widely used across the medical research community. 

“Given the breadth of the threat actor’s intelligence collection criteria and their ability to remain undetected within compromised networks for more than a year, we assess the known victims likely represent only a fraction of a larger campaign,” Whitsell said. “We also assess that this highly capable threat actor will remain active and continue to be a threat to the defense, technology and medical industries for the foreseeable future.”

Google said the campaign targeted clinical providers, academic medical centers and U.S. military health institutions, demonstrating advanced capabilities from a threat group that doesn’t currently overlap with any other publicly known groups.

The threat group abused domain compliance rules to steal data, a technique that doesn’t rely on malware or living-off-the-land tools, and routed traffic through U.S.-based IPs to blend in with legitimate traffic, researchers said.

“We have some evidence to suggest this is a large threat group with multiple sub-teams, but this is not confirmed,” Whitsell said.

Like other previously identified China state-sponsored espionage groups, UNC6508 remains active.

Google said it disrupted some of UNC6508’s known infrastructure by disabling an Gmail account it used to exfiltrate data, notified the affected organizations and helped remediate compromises before it published research on UNC6508’s activities.

Whitsell said several unconfirmed instances of compromise remain under investigation.

The post Google exposes China espionage group that’s been lurking in networks undetected since 2023 appeared first on CyberScoop.

Google’s Threat Intelligence Group has been tracking the cyberespionage group as UNC6508 since early 2025.

The post Chinese Hackers Target Medical, Military, and AI Research in North America appeared first on SecurityWeek.

The FBI, along with Google and Lumen Technologies, took down a major cybercrime network based in China that was responsible for an estimated $1.9 billion in losses, officials said Friday. 

Outsider, which provided phishing kits and hosted infrastructure for cybercriminals since July 2023, facilitated a wave of phishing attacks against people and businesses in 55 countries, including the United States, the FBI said in a LinkedIn post.

The jointly coordinated effort dubbed “Operation Ghost Hook” netted the seizure of several domains of the group’s core admin servers, a Shopify storefront, roughly $100,000 from Outsider payment wallets and thousands of domains registered through U.S.-based providers, officials said.

The FBI said it also used an Outsider Telegram bot to access information on the cybercrime network’s customers.

“The criminals behind Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims,” Brett Leatherman, assistant director of the FBI’s cyber division, said in a statement.

Authorities traced Outsider’s phishing domains to nearly 3.9 million stolen credit cards.

Google, one of the vendors impersonated by the phishing kits, described Outsider as a massive AI-powered operation. 

Outsider provided its phishing kit, which allowed cybercriminals to create fake sites and phishing campaigns to steal credit cards, bank account credentials and personal data, for a weekly subscription as low as $88 per week, the company said in a civil lawsuit it filed to dismantle the cybercrime network’s infrastructure. 

The China-based group behind the operation encouraged and provided step-by-step instructions for customers to use Gemini and other AI platforms to generate custom code for phishing lures and corresponding sites for illegitimate missed packages, overdue highway tolls, parking violations, issues with a brokerage account or wireless carrier rewards.

“The Outsider software allows scammers to request multiple types of verification from victims, including SMS, PIN, email and app verification,” Google wrote in the lawsuit filed in the U.S. District for the Southern District of New York. “This flexibility enables the enterprise to defeat various forms of authentication security.”

Google said it’s working with AT&T, T-Mobile and Verizon to intercept the spam messages before they reach customers, but these types of phishing attacks are prevalent and have been spreading for years. 

Google is also pushing for legislative action, including a series of bills, to combat these scams, General Counsel Halimah DeLaine Prado wrote in a blog post.

“Litigation alone won’t end this,” she wrote. “As threats evolve, our laws must, too.”

Google said it doesn’t know the real names of the people or entities involved in Outsider, but said the operation is supported by multiple cybercrime groups providing different roles with overlapping infrastructure.

The FBI said the takedown was part of Operation Riptide, an ongoing campaign targeting cybercriminals and the infrastructure and financial networks they use to commit fraud.

The post FBI takes down massive China-based cybercrime network that caused $1.9B in losses appeared first on CyberScoop.

An anonymous reader quotes a report from Bloomberg: While traditional hotspots in the region such as Thailand, South Korea and Malaysia focus on services such as cosmetic surgery, IVF or physicals, China is trying to differentiate itself by providing some of the world's most advanced procedures. "There are two reasons why a patient travels for medical treatments: availability of advanced treatments and price," said Victor Cao, operations director of Joyful Medical, an agency in Shanghai that connects international patients to advanced cancer therapies in China. "Chinese people used to travel overseas for treatments that were not available at home, but now tables have turned." As expanding visa-free policies eased travel in the past year or so, videos are proliferating on social media of foreigners recounting their positive experiences of treatment in China, usually for consumer procedures like acupuncture and tooth scaling. But one treatment that's more quietly gaining traction is CAR-T, among the most promising breakthroughs in oncology but unavailable in most countries, or extremely costly. The process sees doctors collect T cells from the patient's blood then modify them in a lab to produce a special receptor, CAR, that can bind to a specific protein on cancer cells. These engineered cells are then multiplied into large numbers and infused back into the patient. The CAR-T cells seek out cancer cells carrying the target antigen and kill them. In the US, one single infusion can cost between $300,000 to $475,000, according to the American Cancer Society. In China, the equivalent costs about $150,000 to $180,000, and it could get even cheaper -- its drug regulator recently accepted a marketing application for a therapy aimed to be priced below 300,000 yuan ($44,000). China's medical tourism market remains in its infancy. Lecheng International Medical Tourism Pilot Zone in Hainan, which was designated as the country's only special medical zone in 2013, treated just a few thousand foreign medical tourists last year, compared to hundreds of thousands of domestic patients who visited. There, patients can access advanced drugs, devices, and therapies approved in other countries but not elsewhere in mainland China. But China is pushing to upgrade its economy and reshape its global image from just a manufacturing hub into a provider of high-value services, and demand for medical tourism is surging. Globally, the market is estimated at around $34 billion and expected to reach $126 billion by 2035, according to San Francisco-based Grand View Research. Meanwhile, China's sector is projected to grow from $1.3 billion in 2025 to $3.4 billion by 2035, according to New York-based firm Market Research Future. "The patients chose China for something they can't get at home," said Shi Haoying, the group's founder and chief executive officer. "I think the growing attention to medical tourism to China is the inevitable result of long-term accumulation and development in many areas, such as growing medical technologies, quality of service and cost-effectiveness." Jeroen Groenewegen-Lau, an analyst at the Mercator Institute for China Studies, added: "Many new treatments, including in very advanced areas, are made in China but too advanced for the state of its healthcare system and the ability of its patients to pay for these things. It's in China's interest to integrate into the international system."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Politico: China was likely behind an online influence operation to sway U.S. perceptions of artificial intelligence technology and reshape the debate in Washington around the infrastructure needed to support it, according to research from OpenAI published Wednesday. OpenAI said it caught the influence campaign because China-backed operatives were using ChatGPT to create content for the social media campaign. [...] OpenAI's researchers identified two clusters of ChatGPT users "likely originating from China" who used the AI chatbot to generate social media content "in support of apparent covert influence operations" promoting certain narratives about AI. This includes claims that data center build-outs are raising electricity costs for the average American family and that President Donald Trump has weaponized tariffs to keep the U.S. ahead in the global tech race. These accounts have since been banned, the report said. One cluster of users asked ChatGPT to generate images and comments pushing these narratives. These comments were then posted on social media by "batches of accounts" posing as Americans, [said Ben Nimmo, principal investigator of intelligence and investigations at OpenAI]. Another cluster identified by researchers used AI to generate social media content criticizing the Trump administration's tariffs as an attempt to "dominate technological competition." Prompts used for this campaign were submitted in Simplified Chinese and asked that AI-generated content not include Chinese President Xi Jinping and focus solely on Trump -- a possible tell that China was behind the operation, according to the report. Nimmo said that the influence campaign amplified existing public backlash in the U.S. against the creation of new AI data centers, which has resulted in dozens of proposed moratoriums at the local, state and national level. "Neither campaign appears to have gained much authentic engagement," Nimmo said. "They're important for what they reveal about the intentions of influence operators from China, and the narratives they're testing and seeking to amplify, but not for the impact."

Read more of this story at Slashdot.

The 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances

The post FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers appeared first on SecurityWeek.

OpenAI’s threat intelligence team tracked what it believes are two distinct clusters of activity online from groups with ties to China and posting content seemingly designed to stoke anger around divisive topics like AI and data centers.

The first, dubbed “Data Center Bandwagon,” used ChatGPT to create imagery and social media comments claiming data center buildouts were raising electricity prices for Americans.

Another used the tool to develop images and online posts characterizing tariffs as a covert means for the countries to exert control over the global technological landscape. According to OpenAI, the originating prompts directed ChatGPT to only include U.S. President Donald Trump in this content, while leaving out Chinese President Xi Jinping, who has also made use of tariffs.  

In both cases, OpenAI said the operators “likely originated” in China. The anti-data center content was traced to an unnamed Chinese technology company that holds multiple contracts with regional Chinese governments, and both clusters used VPNs to evade restrictions, prompted ChatGPT in simplified Chinese and asked for both English and Chinese-language outputs, all while posing as Americans on social media platforms like X and YouTube.

“This looks like a classic example of a foreign influence operation jumping onto the bandwagon of a genuine and pre-existing domestic debate and trying to manipulate it by using fake accounts posing as Americans,” online, said Ben Nimmo, principal investigator at OpenAI and author of the report. 

While OpenAI – which has sought to raise hundreds of millions of dollars in funding to build datacenters in the U.S. – is not a neutral party, the report does not claim that anti-data center sentiment in the country is being driven or bolstered by foreign propaganda online.

There’s little evidence that the campaigns got much attention outside their own amplification networks. Such engagement from third parties is an imperfect but important indicator of an influence operation’s impact. OpenAI rated the campaigns a 1 and 2 on the Bookings breakout scale, scores that indicate activity on one or more platforms but no evidence of meaningful engagement by targeted audiences.

Additionally, researchers who study state-sponsored influence campaigns say these groups are happy to latch onto and amplify genuine domestic movements or messaging so long as it serves their larger destabilization goals.

Others have suggested that piggybacking off established narratives with organic momentum – like public anger at AI and data centers – can make an influence operation appear more effective.

While AI tools can be leveraged to create such internet content at scale, they often fail to gain traction. Some images used by Chinese actors appear clunky or use overly direct messaging that display a lack of familiarity with both the English language and internet virality.

“I do want to be really clear here: this was not a case of an influence operation creating a debate,” said Nimmo. “The debate existed already. This was an influence operation from China trying to interfere in it. We didn’t see any signs that it succeeded.”

He added that while such views are “reasonable” and “sincerely held” by many participants on both sides, “what we don’t want to see is a covert foreign influence operation posing as Americans to try to shape it, still less a foreign influence operation using the very AI that it attacks.”

According to the OpenAI report, the actors used ChatGPT to edit work reports which contained operational security details about their social media campaigns. In them, they described their goals as “establishing persistent and credible accounts, producing visually appealing content to expand audience reach in different regions and maintaining long term account viability by anticipating platform enforcement.”

Another report fed into ChatGPT discussed how best to leverage Facebook’s content ecosystem, groups, pages, hashtags, advertising tools, recommendation systems and reporting mechanisms, as well as strategies for evading Meta’s detection of coordinated inauthentic accounts.

The campaign around tariffs also used ChatGPT to create short comments, comics in English but also Italian, Japanese and traditional Chinese accusing the US of putting profits over loyalty to its allies. OpenAI said they were targeted by the same network on X with an influence campaign alleging a widespread user data breach that Nimmo said “never happened.”

While OpenAI said the campaigns likely originated in China, they do not directly attribute the operations to the Chinese government or actors working on their behalf, but do note that many parts of the campaign and its tactics overlap with pre-established Chinese government propaganda campaigns online.

The post OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers  appeared first on CyberScoop.

The Pentagon has added Alibaba, BYD, Baidu, Unitree, and other Chinese companies to its list of firms it says support China's military, barring them from U.S. defense contracts. The companies and China's embassy deny the allegations. The Associated Press reports: Created in 2021 by a congressional mandate, the list (PDF) seeks to identify Chinese companies that the Pentagon considers to have links to the Chinese military -- not only those directly controlled by the Chinese military and security forces but also those contributing to the country's defense industrial base. When updating the list last year, the Pentagon said the Chinese military sought to acquire advanced technologies and expertise developed by Chinese companies, universities and research programs that "appear to be civilian entities." The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement. [...] The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement.

Read more of this story at Slashdot.

Britain has weakened proposed cybersecurity protections for its telecoms networks that were developed in response to the Salt Typhoon espionage campaign, after the companies responsible for implementing the measures lobbied against them.

Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information.

The post Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities appeared first on SecurityWeek.

House Democrats criticized a draft Republican Department of Homeland Security spending bill Thursday that they said would cut funding for the Cybersecurity and Infrastructure Security Agency by $250 million.

Republicans said the bill provides $2.4 billion for CISA, and that among its focuses are “improving cybersecurity resilience,” in the words of House Appropriations Chairman Tom Cole, R-Okla.

But Democrats decried it as a funding reduction. The panel’s subcommittee on homeland security is set to vote on the bill Friday.

The fiscal 2027 funding measure “dramatically cuts funding for cybersecurity and infrastructure protection despite an increasing number of sophisticated attacks from foreign adversaries against U.S. businesses, health care systems, utilities, schools, and state and local governments,” Democrats said in a fact sheet.

They also said it limits DHS’s ability to counter foreign propaganda seeking to undermine U.S. democracy, and to protect states against foreign groups during the elections.

The second Trump administration has sought deep cuts in CISA’s personnel numbers and budget in both fiscal 2026 and 2027, drawing concerns from both sides of the aisle.

Congress last year sought to implement some, but not all, of Trump’s proposed cuts for the agency, advancing legislation to set its budget at $2.6 billion.

In their fact sheet, Republicans said they were reallocating $100 million from past appropriations to fund CISA’s core missions.

They acknowledged some cutbacks, saying that the bill “Includes strategic reductions to redundant, unauthorized, or duplicative contracts, positions, and programs.”

Despite the cutbacks at CISA over the last year and a half, officials have talked about wanting to hire additional personnel. The fiscal 2027 bill includes “$31 million to hire mission critical positions to counter threats from foreign adversaries, such as China,” according to the GOP.

The GOP also highlighted other cyber funds in the DHS bill. DHS’s management director would get $11.3 million for “enhanced cybersecurity protections,” while the Homeland Security Investigations division of Immigration and Customs Enforcement would get $5 million for the Cyber Crime Center.

Neither panel Republicans nor Democrats responded to requests for comment seeking more detailed numbers for the fiscal 2027 bill.

The post Hill Dems hammer GOP for $250M CISA budget cut appeared first on CyberScoop.

Relying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities.

The post Chinese Cybercrime Group in Spotlight for Record Campaign Pace appeared first on SecurityWeek.

A House subcommittee will hold an open hearing next week on how frontier artificial intelligence models are shaping the cybersecurity landscape, for good and for ill.

The June 4 hearing will be the second the Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection has held that was focused at least in part on the subject, following a similar hearing held in December. But unlike at that joint subcommittee hearing, where members also examined other emerging technologies, AI takes center stage next week.

It caps a series of closed-door meetings of the Homeland panel where members and staff have been evaluating the intersection of AI and cyber. CyberScoop is first to report details on the hearing.

The witnesses will be Sandra Joyce, vice president of Google Threat Intelligence; Chris Meserole, executive director of the Frontier Model Forum; Jack Cable, a former top official at the Cybersecurity and Infrastructure Security Agency and now chief executive officer and co-founder of Corridor Security; and Matthew Guariglia, senior policy analyst at the Electronic Frontier Foundation.

“Communist China is moving aggressively to control the technologies that will define the future of economic and military power, and few technologies are more consequential than artificial intelligence,” subcommittee chairman Andy Ogles, R-Tenn., said in a written statement. “Adversaries are already working to steal American AI capabilities, weaponize AI-enabled tools, infiltrate critical systems and undermine our national security.”

“AI is the America First mission of the future, and it is becoming our number one offensive and defensive weapon against cyber terrorists,” he continued. “I look forward to hearing from our witnesses on how we can stay ahead of AI-enabled cyber threats, protect the services Americans rely on and win this AI arms race.”

The hearing is the latest response from Capitol Hill to the spate of news about the capabilities of advanced AI models to uncover cyber vulnerabilities. Earlier this month, for instance, lawmakers wrote to National Cyber Director Sean Cairncross asking for a plan to deal with the potential surge in vulnerability discovery stemming from such models.

Last week, the Trump administration postponed a draft AI executive order. It’s something lawmakers are likely to ask about at next week’s hearing.

The post House panel poised to hold hearing centered on AI impact on cyber appeared first on CyberScoop.

Artificial intelligence is an “unstoppable force” that allows tech to be “weaponized just below the threshold of traditional warfare,” including in cyberspace, the head of a U.K. intelligence, security and cybersecurity agency said Wednesday.

We live in a world “where the latest frontier AI is rapidly unearthing fault lines in technologies our society relies on every single day,” said Anne Keast-Butler, director of the Government Communications Headquarters (GCHQ) spy agency. “The ground beneath our feet is shifting, and shifting fast. Which means cybersecurity has never been more important.”

She added; “we need to reimagine cybersecurity in the AI world.”

Keast-Butler said her agency has spent the last few months developing defensive capabilities that are integrated with agentic AI, and embedding it into its operations “responsibly and ethically.”

Her speech offered the view of one of the world’s cyber superpowers about how AI is evolving both cyber offense and defense. The GCHQ is the largest of the U.K.’s spy agencies and home to the National Cyber Security Centre.

The U.K.’s AI Security Institute recently reported on how advanced AI models have surpassed prior benchmarks for autonomously uncovering vulnerabilities. At the same time, government officials in Europe, the United States and elsewhere have warned about how AI will exacerbate cyber risks.

Keast-Butler said Wednesday that “warfare is being reconfigured; increasingly data-driven, AI-enabled, and automated in conflicts from Ukraine to Iran.”

Overall, “AI is an unstoppable force with great opportunity. But it’s also a force with risks,” she said. “As AI gains increased autonomy, we all have an intergenerational duty to harness and secure it for good; to protect our national security, our economy and our way of life.”

She warned about China’s arrival as a tech superpower, which includes its sophisticated cyber capabilities. She said China recognizes the value of AI combined with the availability of massive amounts of data.

And Russia is upping its use of hybrid warfare against both Ukraine and the U.K., Keast-Butler said, with both cyber and physical forces.

The post UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace appeared first on CyberScoop.

Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT.

The post Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns appeared first on SecurityWeek.

The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. 

The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek.

The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests.

The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.

On Tuesday, Zambia’s Minister of Technology and Science offered the first hint that the conference would be cancelled, telling a Zambian news outlet that participants’ security clearances were incomplete and that the government has concerns about the conference’s “dialogue.”

The aim of the campaigns was to steal credentials and likely enable “follow-on operations in the interest of the Chinese government,” the report said.