Arrest Of Intelligence Officer Sparks Fears Of Chinese Hacking Attack

Uploaded on 2018-10-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

Top figures in the infosec industry fear that the recent arrest of a top Chinese intelligence officer will spark an increase in cyber-attacks from Chinese hacking groups in the coming months.

These fears were expressed after the US Department of Justice announced the arrest and extradition of Yanjun Xu, a high-ranking director in China's Ministry of State Security (MSS), the country's counter-intelligence and foreign intelligence agency.

Xu was not arrested on hacking charges, but for attempting to commit economic espionage and steal trade secrets after trying to recruit several insiders from multiple US aviation and aerospace companies.

But reports from US cyber-security firm Recorded Future, and from shadowy group Intrusion Truth, have pegged the MSS as the Chinese agency in control of China's cyber-espionage operations.

"Currently, the Ministry of State Security (MSS) is the primary government agency engaged in the majority of cyber-attacks with Chinese-government nexus, and CrowdStrike has observed multiple intrusions demonstrating their sophisticated tradecraft," Dmitri Alperovitch, Co-Founder and CTO of US cyber-intelligence firm CrowdStrike, told ZDNet today.

Alperovitch now fears that this arrest might trigger a retaliatory action from Chinese hackers, an opinion also shared by former Facebook Chief Security Officer, Alex Stamos, and others.

For years, Chinese state-sponsored hackers have breached US companies and pilfered proprietary technology that mysteriously made its way into the hands of Chinese companies.

The two nations agreed to cease all hacking operations aimed at intellectual property (IP) theft in the autumn of 2015, when the countries' two presidents, US President Obama and Chinese President Xi, signed a political agreement on the matter.

A FireEye report released in June 2016 found that China's IP theft cyber operations had considerably wound down following the pact, and the country appeared to have stopped all major operations.

But this pact appears to have unofficially dissolved during the Trump presidency, as diplomatic relations broke down between the two countries, and a trade war is slowly unraveling today.

The Trump administration accused China in March of breaking the Obama-Xi hacking agreement. A US Department of the Treasury investigation detailed in a 215-page report listed several Chinese hacking operations that took place after the pact's signing.

In a report published today, CrowdStrike confirmed the US Treasury's findings. The company said it detected an uptick in Chinese hacking operations during the past year, uptick that placed China above Russia in terms of number of attacks.

"CrowdStrike can now confirm that China is back (after a big drop off in activity in 2016) to being the predominant nation-state intrusion threat in terms of volume of activity against Western industry," Alperovitch said in a tweet today, an opinion he also shared in an interview on Bloomberg TV. "MSS is now their [number one] cyber actor," he added.

Even if there is no evidence Xu was involved in China's cyber operations, it is now a general opinion among many infosec pundits that China does not abide by the terms of the Obama-Xi agreement anymore [1, 2], and the arrest of one of its top MSS directors would unleash hacking efforts on the same level as they were before the pact.

In comments provided to ZDNet, Alperovitch also hoped today's arrest would also serve as a deterrent.

Nonetheless, that might not be the case as the indictment of three Chinese nationals believed to be MSS hacking contractors last year, who were also involved in IP theft, didn't appear to stop Chinese cyber-espionage operations at all.

The Washington Post has more details on Xu's indictment and insider recruitment tactics, as well as how federal agents lured the top MSS official in Belgium, where they arrested him on April 1, this year.

ZDNet:

You Might Also read:

China Is 'biggest state sponsor of Cyber-Attacks on the West'

« Facebook Sued Over Video Viewing Figures
Amazon Scraps AI Recruiting Tool That Showed Bias Against Women »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSIS Security Group

CSIS Security Group

CSIS provide actionable threat intelligence, prevention, incident response and 24/7 managed security services.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

Cydome

Cydome

Cydome offers full-spectrum cybersecurity solutions tailored for the maritime industry.

Altaro Software

Altaro Software

Altaro provide backup solutions that are intuitive, easy to use, well-priced and backed by outstanding 24/7 support as part of the package.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

InsightCyber

InsightCyber

InsightCyber is on a mission to keep the world’s critical infrastructure, supply chains, and manufacturing operations cyber-safe, helping to prevent attacks that can have catastrophic impacts.

Kindus

Kindus

Kindus is an IT security, assurance and cyber security risk management consultancy.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.

CNF Technologies

CNF Technologies

CNF Technologies is an award-winning cyber company providing technology-focused research and development to commercial, federal, and Department of Defense clients.

Roberts & Obradovic Law

Roberts & Obradovic Law

Roberts & Obradovic Law Group is a corporate, privacy, employment and litigation law firm.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.