They also seek competitive intelligence on the foreign business rivals of Chinese companies in many different industries, according to threat intel experts quizzed by The Daily Swig. Part of this involves spying on foreign governments. “ intelligence services routinely use LinkedIn and conferences as means to establish relationships that are later exploited in spear-phishing attacks used to gain an initial foothold inside targeted entities,” Wright said.Ĭhinese APT groups are employing the gamut of tactics, techniques, and procedures against their targets Why is China involved in cyber-espionage?Ĭhinese-associated threat actors typically conduct cyber-espionage operations to gather information in support of wider economic goals such as the Belt and Road Initiative and the ‘Made in China 2025’ program. “China, on the other hand, takes time to evaluate progress, identify follow-up tasks, and even develop specific modules depending on the type of machine being attacked.”īeijing goes beyond technical measures, for example by using social networks and other OSINT channels for early-stage reconnaissance. “Russia has moved from being more covert to more overt in the last few years,” Wright explained. Morgan Wright, chief security advisor at SentinelOne, and a former US State Department special advisor, told The Daily Swig that China is far more deliberate than Russia in its execution of cyber-attacks. “Chinese cyber-attacks have nonetheless often had weaknesses in their operational security that have enabled security researchers to attribute them to Chinese actors,” Prudhomme added. INSIGHT Software supply chain attacks – everything you need to know “Advanced features of Chinese cyber-espionage attacks have included the exploitation of zero-day vulnerabilities, the execution of supply chain and third-party attacks, and the use of proprietary or custom malware and other tools.” “Chinese cyber-espionage groups are among the most sophisticated in the world, but are not as sophisticated as their Russian counterparts,” Prudhomme told The Daily Swig. Paul Prudhomme, head of threat intelligence advisory at IntSights, agreed that China had become a top-tier cyber adversary for Western businesses and governments. The country’s cyber-espionage operations historically had a reputation for “preferring smash-and-grab over sophistication”, but this has changed over recent years, according to Marc Burnard, senior information security researcher at Secureworks. ![]() What kind of organizations are being targeted?Ĭhinese government-backed threat groups are said to be among some of the most prolific and well-resourced in the world. ![]() “China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations,” the intel agencies warn. ![]() The latest annual threat assessment (PDF) from the US intelligence community, presented to Congress this week, warns that “China presents a prolific and effective cyber-espionage threat, possesses substantial cyber-attack capabilities, and presents a growing influence threat”. Threat intelligence experts quizzed by The Daily Swig said that Chinese state-sponsored attackers are at the forefront of developing new or novel hacking techniques.įor example, supply chain attacks have long been a method of compromise by China-linked advanced persistent threat (APT) groups on different targets, predating the now-infamous SolarWinds attacks supposedly pulled off by Russian threat actors last year. Beijing adopting supply chain tactics and greater sharing of resources between spying groups, experts warnĪNALYSIS China’s long-established cyber-threat groups have been building up a huge arsenal of resources, comprising both publicly available and customized tools, and diversifying their repertoire amid the coronavirus pandemic.
0 Comments
Leave a Reply. |