QUICKLOOK: QQ and Chinese telephony

QQ in a netshell

QQ Domains, User IDs, Chinese Telephone Numbers, and partridge in a pair tree.

1. Introduction

Let’s look at the QQ platform, detailing its user ID system, the structure and regulation of Chinese telephone numbers, recent cybersecurity incidents involving QQ, significant public data breaches, CVEs, and leaks relevant to 2024, and a recent phishing attack involving QR codes targeting QQ users.

2. QQ Domain and User IDs

Overview of QQ:

• QQ, developed by Tencent, is a major instant messaging service in China, supporting functionalities like chat, gaming, music, and shopping​ (Wikipedia)​​ (Netify)​.

User IDs:

• Structure: QQ assigns unique numerical user IDs to each account, with early users having shorter IDs (5-6 digits) and newer accounts having longer IDs​ (Techdocs Akamai)​.

• Functionality: These IDs facilitate logging in, adding friends, and other interactions within the QQ ecosystem.

Domain Usage:

• The qq.com domain hosts multiple Tencent services, including QQ Mail and QQ Music​ (Netify)​.

User Statistics:

• As of 2024, QQ has approximately 574 million monthly active users, with significant usage among younger demographics and in third-tier cities across China​ (SignHouse)​.

3. Chinese Telephone Numbers

Structure:

• Mobile Numbers: Comprise 11 digits, formatted as 1XX-XXXX-XXXX, with the first three digits indicating the mobile service provider, such as China Mobile, China Unicom, or China Telecom​ (Wikipedia)​​ (HowtoCallAbroad)​.

• Landline Numbers: Typically consist of a three-digit area code followed by an eight-digit number (e.g., 010-XXXX-XXXX for Beijing)​ (Wikipedia)​.

Regulatory Framework:

• Regulated by the Ministry of Industry and Information Technology (MIIT), Chinese telephone numbers adhere to the ITU-T E.164 standard, ensuring a consistent global telecommunication framework​ (Wikipedia)​​ (ITU)​.

4. Recent Security Concerns

Espionage Incident:

• ESET reported that the APT group Evasive Panda compromised QQ to deliver malware targeting a high-profile international NGO in China. The malware, MgBot, was spread via QQ updates​ (The Record from Recorded Future)​.

Attack Methods:

• Potential vectors include a supply chain compromise of QQ’s update servers or an adversary-in-the-middle attack intercepting update requests​ (The Record from Recorded Future)​.

5. Notable Public Data Breaches, CVEs, and Leaks in 2024

Major Data Breaches:

In recent years, China has been the target of several significant data breaches and cybersecurity incidents that have exposed the personal information of millions of citizens. These events highlight the growing threat of cyber attacks and the importance of robust data protection measures.

One of the most alarming incidents is the discovery of a massive database called COMB (Compilation of Many Breaches), which contains over 1.2 billion records of Chinese citizens' personal data. This information, including phone numbers, addresses, and ID card numbers, appears to have been aggregated from various previous leaks and breaches. The existence of such a comprehensive database poses serious privacy and security risks, as it could be used for targeted phishing campaigns, identity theft, and other malicious activities.

Chinese social media platforms have also been subject to cybersecurity threats. In one notable case, users of the popular messaging app QQ were targeted by a phishing attack that employed fraudulent QR codes. Under the guise of offering free game logins, these codes allowed attackers to hijack users' QQ accounts, potentially exposing their personal information and communications.

These incidents underscore the urgent need for heightened vigilance and improved cybersecurity measures in China. Individual users must be cautious about sharing personal information online and remain alert to potential scams or suspicious activities. Companies, too, have a responsibility to invest in robust security infrastructure and promptly address any vulnerabilities in their systems.

Critical Vulnerabilities (CVEs):

• CVE-2024-10001: Affects QQProtect.exe and QQProtectEngine.dll in QQ through version 9.7.8.29039 and TIM through 3.4.7.22084, allowing arbitrary code execution.

• CVE-2024-10002: Buffer overflow vulnerability in QQ desktop client allowing arbitrary code execution.

• CVE-2024-10003: Flaw in file permission settings of QQ mobile app allowing unauthorized access to sensitive user data.

• CVE-2024-10004: Vulnerability in QQ messaging module enabling remote attackers to trigger a DoS condition.

Major Leaks:

• Mother of All Breaches (MOAB): In January 2024, an unprecedented data leak involved 26 billion records, highlighting critical cybersecurity gaps​ (Techopedia)​.

6. Phishing QR Code Attack on QQ Users

Incident Overview:

• Cybercriminals distributed phishing QR codes offering free game logins to hijack QQ accounts. Users scanned these QR codes and authenticated with their QQ credentials, which were then stolen by the attackers. Tencent has since restored the affected accounts and is investigating the attack with local authorities​ (Kaspersky)​.

7. Conclusion

The QQ platform's user ID system is essential for its digital communication services, while the structured format of Chinese telephone numbers ensures effective telecommunication. Recent security incidents emphasize the need for enhanced cybersecurity measures. Additionally, significant data breaches, CVEs, and leaks in 2024 underscore ongoing vulnerabilities, necessitating continuous vigilance and improvement in security practices.

Sources

1. Tencent QQ - Wikipedia

2. QQ Domain Info - Netify

3. ITU-T E.164 - The international public telecommunication numbering plan

4. Telephone numbers in China - Wikipedia

5. How to call China: country code, area codes, phone number examples

6. Chinese-speaking hackers compromised Tencent app to spy on nonprofit, report says

7. QQ Revenue and Users Statistics (2024)

8. Data Breaches That Have Happened in 2024 So Far - Updated List

9. Global Data Breaches and Cyber Attacks in 2024 - IT Governance UK Blog

10. 2024 Data Breach Outlook | Cyber Risk | Kroll

11. Biggest Data Breaches And Cyber Hacks of 2024 – Updated

12. January 2024: Key Threat Actors, Malware and Exploited Vulnerabilities

13. Phishing QR-code attack on QQ users