China Escalates Hacks On The US

Uploaded on 2018-07-09 in INTELLIGENCE--USA, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

In 2015 the US and China agreed to a digital truce that banned hacking private companies to steal trade secrets. 
And though the agreement has been touted as a success, it hasn't stopped Chinese state-sponsored hackers from pushing the envelope of acceptable behavior. 

Moreover, it certainly hasn't slowed types of hacking that fall outside the purview of the accord. Lately, it seems, that means defense intelligence gathering.

In recent weeks, Chinese hackers have reportedly breached a US Navy contractor that works for the Naval Undersea Warfare Center, stealing 614 GB of data about submarine and undersea weapons technology. 

Attacks in the last few months originating from China have also targeted US satellite and geospatial imaging firms, and an array of telecoms. The incidents highlight the clandestine but incessant hacking campaigns that continue reliably between the US and China.

"China’s actually backed off quite a bit on intellectual property theft, but when it comes to military trade secrets, military preparedness, military readiness, satellite communications, anything that involves the US’s ability to keep a cyber or military edge, China has been very heavily focused on those targets," says David Kennedy, CEO of the threat tracking firm Binary Defense Systems, who formerly worked at the NSA and with the Marine Corps' signal intelligence unit.  "And the US does the same thing, by the way." 'They'll use that as a first step instead of having to send fighter jets or something.'

The submarine contractor breach reflects this intense focus on bridging any technological advantage the US may have. It involved attacks in January and February that nabbed important data, albeit from an unclassified network. When taken together, though, the information would have amounted to a valuable snapshot of US cutting edge underwater weapons development, plus details on a number of related digital and mechanical systems.

The attack fits into a known pattern of Chinese hacking initiatives. "China will continue to use cyber-espionage and bolster cyber-attack capabilities to support its national security priorities," US director of national intelligence Daniel Coats wrote in a February threat report. 

"The Intelligence Community and private-sector security experts continue to identify ongoing cyber-activity from China...Most detected Chinese cyber-operations against US private industry are focused on cleared defense contractors or IT and communications firms."

Recently, analysts from Symantec also published research on a series of attacks in the same category from November 2017 to April from a hacking group dubbed Thrip. Though Symantec does not go so far as to identify Thrip as Chinese state-sponsored hackers, it reports "with high confidence" that Thrip attacks trace back to computers inside the country. 

The group, which Symantec has tracked since 2013, has evolved to hide in plain site by mostly using prefab malware to infiltrate networks and then manipulating administrative controls and other legitimate system tools to bore deeper without setting off alarms. 

All of these off-the-shelf hacking tools and techniques have made Thrip harder to identify and track, which is likely the idea, but Symantec started to notice patterns in their anomaly detection scanners that ultimately gave these attacks away, and led the researchers to a unique backdoor that implicated Thrip.

The researchers found evidence of intrusions at some southeast Asian telecom firms, a US geospatial imagery company, a couple of private satellite companies including one from the US, and a US defense contractor. 
The breaches were all deliberate and targeted, and in the case of the satellite firms the hackers moved all the way through to reach the control systems of actual orbiting satellites, where they could have impacted a satellite's trajectory or disrupted data flow.

"It is scary," says Jon DiMaggio, a senior threat intelligence analyst at Symantec who leads the research into Thrip. "We looked at which systems they were interested in, where they spent the most time, and on the satellites it was command and control. And then they were also on the operational side for both the geospatial imagery and the telecom attacks."

Though hacking for intelligence-gathering is a priority for all nations and can sometimes be mutually tolerated, Binary Defense Systems' Kennedy points out that it can also serve as a way to make a statement when two countries are at odds. He notes that it's not surprising to detect escalating hacking operations from China against the US given rising geopolitical tensions between the two countries about trade and increased tariffs. 

"Hacking can be used as a sign of force in a lot of cases to say 'hey, we’re not happy and we’re going to make you feel some pain,'" Kennedy notes. "They'll use that as a first step instead of having to send fighter jets or something."

Though Chinese hacking was brought under control somewhat by the 2015 agreement, analysts say that China's nation state hackers have reorganized and retooled over the last few years to be even more stealthy and effective in their digital espionage operations. And recent attacks indicate that they are optimising their plans to get the most valuable information they can out of each victim.

"All of these pieces fit together," Symantec's DiMaggio says of Thrip. "It’s not targets of opportunity; it’s definitely a planned operation."

Wired

You Might Also Read: 

Inside The Chinese-Hacking Underground:

Chinese Hack Breached US Satellites:
 

« Theft & Subsequent Re-Use of Cyber Weapons
Cybercrime & Terrorism Threaten South Africa »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Lacuna Talent

Lacuna Talent

Lacuna Talent delivers the combined power of Via Resource, the international Cyber Security recruiter, and Lacuna Talent, the Specialist AI/Data recruiter.

InformationWeek

InformationWeek

InformationWeek is the world's most trusted online community for business technology professionals like you.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Cellebrite

Cellebrite

Cellebrite delivers comprehensive solutions for mobile data forensics and mobile lifecycle management.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

Crown Sterling

Crown Sterling

Crown Sterling delivers next generation software-based, AI-driven cryptography in the form of random number generators and encryption products.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity's mission is to provide value by dramatically improving the cybersecurity posture of our clients and business partners.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

Cloud Software Group

Cloud Software Group

Cloud Software Group provides mission-critical software to enterprises at scale.