Log in
Log in
Or log in with
Twitter Twitter
Facebook Facebook
Apple Apple     
Sign up
Or log in with
Twitter Twitter
Facebook Facebook
Apple Apple     
  1. Homepage
  2. Equities
  3. China
  4. Shenzhen Stock Exchange
  5. Midea Group Co., Ltd.
  6. News
  7. Summary
    000333   CNE100001QQ5


End-of-day quote Shenzhen Stock Exchange  -  2022-11-24
46.69 CNY   +1.70%
11/25Fitch Rates Kunming Rail Transit Group's Proposed USD Bonds 'BBB+'
11/25Chinese Home Appliance Manufacturers Expand in Middle East, Africa
11/25Exclusive-China central bank to offer cheap loans to support developers' bonds-sources
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Ankura CTIX FLASH Update - September 2, 2022

09/07/2022 | 06:10am EST

Ransomware/Malware Activity

800 Million State-Surveillance Records Exposed in Publicly-Available Database

A giant database from Chinese electronics manufacturer Xinai Electronics was identified as being publicly available, exposing millions of faces and vehicle license plates. The exposed database held over 800 million records, which is the second largest known data security breach of the year. Xinai Electronics creates systems for "controlling access for people and vehicles to workplaces, schools, construction sites and parking garages across China." The company utilizes facial recognition for "a range of purposes beyond building access, including personnel management, like payroll, [and] monitoring employee attendance and performance", and it also uses a cloud-based vehicle license plate recognition system to allow drivers to pay for parking in unattended garages. According to the company's website, all data collected was supposedly stored securely on the company's servers, but security researcher Anurag Sen identified an Alibaba-hosted server containing the unsecured database. Sen reported that the database included "hundreds of millions of records and full web addresses to image files hosted on several domains owned by Xinai" and emphasized that "neither the database nor the hosted image files were protected by passwords." Specifically, the database included information about Chinese citizens, including links to high-resolution photos of faces, each person's name, age, sex, and resident ID numbers, as well as vehicle license plates in parking garages, driveways, and other office entry points. As of mid-August, the database was no longer publicly accessible. Prior to this, however, an undated and unclaimed ransom note was left that claimed the database contents had been stolen and demanded "a few hundred dollars worth of cryptocurrency" in order to return the data. TechCrunch noted that the blockchain address left in the note does not have any evidence of receiving funds from Xinai. In China, facial recognition technology is routine and state surveillance is hyper present. Ensuring that this personally identifiable information (PII) is stored securely is of high priority. CTIX analysts will provide any updates regarding this breach as it becomes available.

  • TechCrunch: Exposed Chinese Database Article
  • Threat Actor Activity

    REvil Hits First High-Level Target Since 2021

    After a several month hiatus, REvil ransomware has reemerged into the threat landscape and has claimed responsibility of compromising Midea Group, a Chinese electrical appliance manufacturing organization. REvil has remained fairly silent since the Kaseya hack in 2021 where the group compromised software vendor Kaseya which allowed the successful breach of several IT management service companies. Several members of the REvil organization were reportedly arrested back in January as a part of an international law enforcement operation. In this latest attack, assets exfiltrated by REvil claim to be several terabytes of information including blueprints and firmware sources, financial information, scans of physical ID's and digital ID documents, screenshots of internal vSphere environments, SSH keys, and several compressed ZIP archives. REvil has already dumped some of the files to their leak site, pushing for the Midea Group to pay the undisclosed ransom. REvil is known for their double extortion tactics in previous attacks, encrypting systems and files alongside exfiltrating the data offsite to use as leverage in ransom demands. CTIX will continue to monitor the fallout of this incident and provide additional updates as more information is released.

  • ITPro: REvil Article
  • VM: REvil Article
  • Vulnerabilities

    Microsoft Researchers Discover Account Takeover Vulnerability in Android TikTok Application

    Researchers from Microsoft's 365 Defender Research Team have discovered a one-click account takeover vulnerability in the popular short-form video app TikTok. The vulnerability, tracked as CVE-2022-28799, exists in the Android version of the application, which has over 1 billion downloads on the Google Play Store. Identified in February 2022, the flaw was quickly patched in the affected versions following the responsible disclosure. The vulnerability relies on the application's implementation of WebView JavaScript interfaces, which allow apps to load and display web pages. These interfaces also create a bridge between JavaScript and Android's native language, Java. The researchers discovered a common vulnerability with these JavaScript interfaces that allows a threat actor to inject a malicious interface that could lead to "data leakage, data corruption, or, in some cases, arbitrary code execution." By utilizing a deeplink, a feature in the Android operating system that allows URLs to be handled by an application rather than a web browser, the researchers could exploit the JavaScript interface injection flaw. First, they utilized a redirect to access a deeplink normally only used inside the TikTok application rather than through external links. This internal deeplink uses a filter to block potentially malicious websites from being loaded through it. The researchers discovered two parameters they added to the deeplink URL which bypassed this filter. Loading a malicious website using this deeplink gave access to 70 internal Java methods, ultimately allowing a threat actor to compromise a TikTok user account. The researchers create a proof-of-concept (PoC) exploit that was successfully able to replace a victim user's description to "!! SECURITY BREACH !!" when the user clicks on the malicious link. As stated, the vulnerability has been patched in the most recent version of the TikTok Android application and no exploitation has been discovered in the wild.

  • The Record: TikTok Vulnerability Article
  • Microsoft: TikTok Vulnerability Report
  • Boeing Company Releases Safety Alert Following Vulnerabilities in the OPT Application

    The Boeing company has released a worldwide safety alert for their Onboard Performance Tool (OPT) for iOS following a vulnerability discovery from British security firm Pen Test Partners. Boeing's OPT allows flight crew and ground personnel to "perform real-time weight and balance and takeoff and landing calculations for all current Boeing airframes" and is available on iOS and Windows, as well as EFB versions for integrated devices onboard aircrafts. The researchers identified an issue with the calculations the tool made in the iOS version of the app, allowing threat actors to tamper with mission-critical data and causing pilots to use the wrong settings and potentially inducing a crash. While this vulnerability has a "low risk of interference," it was patched by Boeing last year. Further testing of the application led the researchers to discover another flaw in the application. The second vulnerability existed in a vital database used by the OPT, which was not secured against unauthorized changed. The database stored records of the length of runways at various airports. By changing the records in this database, threat actors could have increased the risk of a crash at takeoff or landing without any warnings that the modification had occurred. After two (2) years of working with Boeing, Pen Test Partners has confirmed that this issue has been fixed in July 2022. The long delays between discovery and patching are due to the number of regulatory approvals required to make the change to the OPT application. This example highlights the slow response times that have plagued the aviation industry for years. CTIX analysts recommend organizations utilizing Boeing's Onboard Performance Tool to ensure the tool is updated to the latest version OPT v4.72.

  • Telegraph: Boeing OPT Vulnerability Article
  • The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

    Ankura Consulting Group LLC
    Ankura Consulting Group LLC
    2000 K Street NW
    12th Floor
    DC 20006
    Tel: 202797 1111
    URL: ankura.com

    © Mondaq Ltd, 2022 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source Business Briefing

    All news about MIDEA GROUP CO., LTD.
    11/25Fitch Rates Kunming Rail Transit Group's Proposed USD Bonds 'BBB+'
    11/25Chinese Home Appliance Manufacturers Expand in Middle East, Africa
    11/25Exclusive-China central bank to offer cheap loans to support developers' bonds-sources
    11/21China regulator plans to improve balance sheets of 'good quality' developers
    11/17Global markets live: Chevron, Meta, Blackstone, Tencent, Activision...
    11/16Midea Buys Remaining Stake in Germany's Kuka
    11/16"Cloud Business, Win-win Future", 2022 Training Course for Russian Business Chinese Pro..
    11/16Midea Building New Heat Pump Production Facility in Italy
    11/16Midea Real Estate Gets Regulatory Nod to Issue $2.1 Billion of Bonds; Shares Fall 4%
    11/15Midea VRF Going Global, Sets Sail for Jakarta-Bandung High-speed Railway
    More news
    Analyst Recommendations on MIDEA GROUP CO., LTD.
    More recommendations
    Sales 2022 359 B 50 133 M 50 133 M
    Net income 2022 30 021 M 4 187 M 4 187 M
    Net cash 2022 77 718 M 10 838 M 10 838 M
    P/E ratio 2022 10,8x
    Yield 2022 4,03%
    Capitalization 320 B 44 645 M 44 645 M
    EV / Sales 2022 0,67x
    EV / Sales 2023 0,60x
    Nbr of Employees 165 799
    Free-Float 61,2%
    Duration : Period :
    Midea Group Co., Ltd. Technical Analysis Chart | MarketScreener
    Full-screen chart
    Technical analysis trends MIDEA GROUP CO., LTD.
    Short TermMid-TermLong Term
    Income Statement Evolution
    Mean consensus BUY
    Number of Analysts 29
    Last Close Price 46,69 CNY
    Average target price 68,62 CNY
    Spread / Average Target 47,0%
    EPS Revisions
    Managers and Directors
    Hong Bo Fang Chairman & Chief Executive Officer
    Zheng Zhong Chief Financial Officer
    Wentao Dong Chairman-Supervisory Board
    Zi Qiang Hu Chief Technology Officer & Vice President
    Xiao Zhang Zhang Head-Supply Chain System
    Sector and Competitors
    1st jan.Capi. (M$)
    MIDEA GROUP CO., LTD.-36.74%44 645
    HAIER SMART HOME CO., LTD.-19.04%29 982
    NEWELL BRANDS INC.-38.87%5 522
    ZHEJIANG SUPOR CO., LTD.-27.41%5 074