Arrest Of Intelligence Officer Sparks Fears Of Chinese Hacking Attack

Top figures in the infosec industry fear that the recent arrest of a top Chinese intelligence officer will spark an increase in cyber-attacks from Chinese hacking groups in the coming months.

These fears were expressed after the US Department of Justice announced the arrest and extradition of Yanjun Xu, a high-ranking director in China's Ministry of State Security (MSS), the country's counter-intelligence and foreign intelligence agency.

Xu was not arrested on hacking charges, but for attempting to commit economic espionage and steal trade secrets after trying to recruit several insiders from multiple US aviation and aerospace companies.

But reports from US cyber-security firm Recorded Future, and from shadowy group Intrusion Truth, have pegged the MSS as the Chinese agency in control of China's cyber-espionage operations.

"Currently, the Ministry of State Security (MSS) is the primary government agency engaged in the majority of cyber-attacks with Chinese-government nexus, and CrowdStrike has observed multiple intrusions demonstrating their sophisticated tradecraft," Dmitri Alperovitch, Co-Founder and CTO of US cyber-intelligence firm CrowdStrike, told ZDNet today.

Alperovitch now fears that this arrest might trigger a retaliatory action from Chinese hackers, an opinion also shared by former Facebook Chief Security Officer, Alex Stamos, and others.

For years, Chinese state-sponsored hackers have breached US companies and pilfered proprietary technology that mysteriously made its way into the hands of Chinese companies.

The two nations agreed to cease all hacking operations aimed at intellectual property (IP) theft in the autumn of 2015, when the countries' two presidents, US President Obama and Chinese President Xi, signed a political agreement on the matter.

A FireEye report released in June 2016 found that China's IP theft cyber operations had considerably wound down following the pact, and the country appeared to have stopped all major operations.

But this pact appears to have unofficially dissolved during the Trump presidency, as diplomatic relations broke down between the two countries, and a trade war is slowly unraveling today.

The Trump administration accused China in March of breaking the Obama-Xi hacking agreement. A US Department of the Treasury investigation detailed in a 215-page report listed several Chinese hacking operations that took place after the pact's signing.

In a report published today, CrowdStrike confirmed the US Treasury's findings. The company said it detected an uptick in Chinese hacking operations during the past year, uptick that placed China above Russia in terms of number of attacks.

"CrowdStrike can now confirm that China is back (after a big drop off in activity in 2016) to being the predominant nation-state intrusion threat in terms of volume of activity against Western industry," Alperovitch said in a tweet today, an opinion he also shared in an interview on Bloomberg TV. "MSS is now their [number one] cyber actor," he added.

Even if there is no evidence Xu was involved in China's cyber operations, it is now a general opinion among many infosec pundits that China does not abide by the terms of the Obama-Xi agreement anymore [1, 2], and the arrest of one of its top MSS directors would unleash hacking efforts on the same level as they were before the pact.

In comments provided to ZDNet, Alperovitch also hoped today's arrest would also serve as a deterrent.

Nonetheless, that might not be the case as the indictment of three Chinese nationals believed to be MSS hacking contractors last year, who were also involved in IP theft, didn't appear to stop Chinese cyber-espionage operations at all.

The Washington Post has more details on Xu's indictment and insider recruitment tactics, as well as how federal agents lured the top MSS official in Belgium, where they arrested him on April 1, this year.

ZDNet:

You Might Also read:

China Is 'biggest state sponsor of Cyber-Attacks on the West'

« Facebook Sued Over Video Viewing Figures
Amazon Scraps AI Recruiting Tool That Showed Bias Against Women »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

Millennium Corporation

Millennium Corporation

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity.

ABPCyber

ABPCyber

ABPCyber offers holistic cybersecurity solutions spanning DevSecOps, advisory and consultancy, designing and integration, managed operations, and cybersecurity investment optimization.