US Under Attack By Chinese & Iranian Hackers

Commerce, banks, business and, the US government have recently been attacked by Iranian and Chinese hackers who security experts believe have been energised by President Trump’s withdrawal from the Iran nuclear deal last year and his trade conflicts with China.

Recent Iranian attacks on American banks, businesses and government agencies have been more extensive than previously reported. Dozens of corporations and multiple United States agencies have been hit, according to seven people briefed on the episodes who were not authorised to discuss them publicly.

The attacks, attributed to Iran by analysts at the National Security Agency and the private security firm FireEye, prompted an emergency order by the Department of Homeland Security during the government shutdown last month.
The Iranian attacks coincide with a renewed Chinese offensive geared toward stealing trade and military secrets from American military contractors and technology companies, according to nine intelligence officials, private security researchers and lawyers familiar with the attacks who discussed them on the condition of anonymity because of confidentiality agreements.

A summary of an intelligence briefing read to The New York Times said that Boeing, General Electric Aviation and T-Mobile were among the recent targets of Chinese industrial-espionage efforts. The companies all declined to discuss the threats, and it is not clear if any of the hacks were successful.

Chinese cyberespionage cooled four years ago after President Barack Obama and President Xi Jinping of China reached a landmark deal to stop hacks meant to steal trade secrets.

But the 2015 agreement appears to have been unofficially canceled amid the continuing trade tension between the United States and China, the intelligence officials and private security researchers said. Chinese hacks have returned to earlier levels, although they are now stealthier and more sophisticated.

“Cyber is one of the ways adversaries can attack us and retaliate in effective and nasty ways that are well below the threshold of an armed attack or laws of war,” said Joel Brenner, a former leader of United States counterintelligence under the director of national intelligence.

Federal agencies and private companies are back to where they were five years ago: battling increasingly sophisticated, government-affiliated hackers from China and Iran, in addition to fighting constant efforts out of Russia, who hope to steal trade and military secrets and sow mayhem. And it appears the hackers substantially improved their skills during the lull.
Russia is still considered America’s foremost hacking adversary. In addition to meddling widely and spreading disinformation during United States elections, Russian hackers are believed to have launched attacks on nuclear plants, the electrical grid and other targets.

Threats from China and Iran never stopped entirely, but Iranian hackers became much less active after the nuclear deal was signed in 2015. And for about 18 months, intelligence officials concluded, Beijing backed off its 10-year online effort to steal trade secrets.

But Chinese hackers have resumed carrying out commercially motivated attacks, security researchers and data-protection lawyers said. A priority for the hackers, researchers said, is supporting Beijing’s five-year economic plan, which is meant to make China a leader in artificial intelligence and other cutting-edge technologies.

“Some of the recent intelligence collection has been for military purposes or preparing for some future cyber conflict, but a lot of the recent theft is driven by the demands of the five-year plan and other technology strategies,” said Adam Segal, the director of the cyberspace program at the Council on Foreign Relations. “They always intended on coming back.”
Officials at the Chinese embassy in Washington did not respond to a request for comment.

Mr. Segal and other Chinese security experts said attacks that once would have been conducted by hackers in China’s People’s Liberation Army are now being run by China’s Ministry of State Security.

These hackers are better at covering their tracks. Rather than going at targets directly, they have used a side door of sorts by breaking into the networks of the targets’ suppliers. They have also avoided using malware commonly attributed to China, relying instead on encrypting traffic, erasing server logs and other obfuscation tactics.

It is difficult to quantify the number of industrial-espionage attacks, in part because they have been designed mostly to steal strategic trade secrets, not the kind of personal information about customers and employees that companies must disclose. Only Airbus has acknowledged in recent weeks that Chinese hackers had penetrated its databases.

Many of the attacks by the Chinese Ministry of State Security have been against strategic targets like internet service providers with access to hundreds of thousands, if not millions, of corporate and government networks.

After the Trump administration pulled out of the nuclear deal, Kirstjen Nielsen, the homeland security secretary, testified before Congress that her agency was “anticipating it’s a possibility” that Iran would resort to hacking attacks.
The Iranian attacks, which hit more than a half-dozen federal agencies last month, still caught the department off guard. Security researchers said the hacks, which exploited underlying weaknesses in the internet’s backbone, were continuing and were more damaging and widespread than agency officials had acknowledged.

Iranian hackers began their latest wave of attacks in Persian Gulf states last year. Since then, they have expanded to 80 targets, including internet service providers, telecommunications companies and government agencies, in 12 European countries and the United States, according to researchers at FireEye, which first reported the attacks last month.

The current hacks are harder to catch than previous Iranian attacks. Instead of hitting victims directly, FireEye researchers said, Iranian hackers have been going after the internet’s core routing system, intercepting traffic between so-called domain name registrars. 

Once they intercepted their target’s customer web traffic, they used stolen login credentials to gain access to their victims’ emails. (Domain name registrars hold the keys to hundreds, perhaps thousands, of companies’ websites.)

“They’re taking whole mailboxes of data,” said Benjamin Read, a senior manager of cyberespionage analysis at FireEye. Mr. Read said Iranian hackers had targeted police forces, intelligence agencies and foreign ministries, indicating a classic, state-backed espionage campaign rather than a criminal, profit-seeking motive.

There is a long history of Iranian attacks against the United States, and episodes from five years back or longer are just now being made public.

On Wednesday, the Justice Department announced an indictment against a former Air Force intelligence specialist, Monica Witt, on charges of helping Iran with an online espionage campaign. Four members of Iran’s Islamic Revolutionary Guard Corps were also charged with “computer intrusions and aggravated identity theft” directed at members of the United States intelligence community.

The recent Iranian attacks have unnerved American officials. But after issuing the emergency order about the ones last month, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has largely played them down. An official with the cybersecurity agency said there was a belief that no information had been stolen and that the attacks had not “materially impacted” operations. But Mr. Read of FireEye and others said there had been a noticeable escalation in Iran’s digital espionage.

“If you tell the Iranians you’re going to walk out on the agreement and do everything you can to undermine their government,” said Mr. Brenner, the former counterintelligence official, “you can’t be surprised if they attack our government networks.”

NY Times:       Telegraph:       The Sun:

You Might Also Read:

Why Has The US Not Been Hit With A Devastating Cyber Attack?:

 

« Criminal Groups Offer Big Salaries For Cyber Skills
Sydney Airport Steps Up Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

FaceFirst

FaceFirst

FaceFirst provide face recognition technology solutions to detect and deter real time threats,

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

InfoGuard

InfoGuard

InfoGuard is a leading Swiss company providing comprehensive cyber security and network solutions.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

ecsec

ecsec

ecsec is a specialized vendor of security solutions including information security management, smart card technology, identity management, cloud computing and electronic signature technology.

BluBracket

BluBracket

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night.

CITRA - Information Security and Emergency Response

CITRA - Information Security and Emergency Response

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures is an early-stage investment vehicle focused on cybersecurity, data analytics and automation startups.

iTRUSTXForce

iTRUSTXForce

iTRUSTXForce is a global provider of DigitalX (cybersecurity, privacy, and digital trust) services. We offer comprehensive services that focus on delivering outcomes for our clients.

Cythera

Cythera

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies all over Australia.