Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

China, Russia Linked to Cyberspying: Researchers

WASHINGTON – The Russian and Chinese governments are likely behind widespread cyberespionage that has hit targets in the US and elsewhere, two separate security reports said Tuesday.

One team of researchers led by the security firm Novetta Solutions said it identified a hacker group believed to act “on behalf of a Chinese government intelligence apparatus.”

WASHINGTON – The Russian and Chinese governments are likely behind widespread cyberespionage that has hit targets in the US and elsewhere, two separate security reports said Tuesday.

One team of researchers led by the security firm Novetta Solutions said it identified a hacker group believed to act “on behalf of a Chinese government intelligence apparatus.”

A separate report by the security frim FireEye said a long-running effort to hack into US defense contractors, Eastern European governments and European security organizations is “likely sponsored by the Russian government.”

The Chinese group, which was dubbed Axiom, “is a well resourced, disciplined and sophisticated cyberespionage group operating out of mainland China,” said Novetta chief executive Peter LaMontagne in a statement released with the study.

“Novetta has moderate to high confidence that the organization tasking Axiom is a part of Chinese Intelligence apparatus,” the company said.

“This belief has been partially confirmed by a recent FBI flash released to Infragard (a partnership with the FBI and private sector) stating the actors are affiliated with the Chinese government.”

Axiom has hacked pro-democracy non-governmental organizations and other groups and individuals “perceived as a potential threat to the stability of the Chinese state,” Novetta said.

“Axiom uses a varied tool-set ranging from generic malware to very tailored, custom malware designed for long-term persistence that at times can be measured in years.”

The report was the result of research from a variety of security organizations including Cisco, FireEye, F-Secure, iSight Partners, Microsoft, Tenable and others.

Coordinated ‘disruption’

The report said the firms went beyond simply collecting information and cooperated on a “coordinated, effective remediation and disruption” of the Chinese networks.

“Novetta feels that the unified approach… provides the highest level of visibility and establishes the foundation necessary to effectively counter a threat of this nature,” the report said.

“It is Novetta’s hope that others within industry will embrace and adopt a similar approach in the future.”

In the other report, FireEye researchers said they uncovered evidence that links the Russian government to the cyberespionage efforts that have been known to originate from that part of the world.

FireEye said the hacker group dubbed APT28 “does not appear to conduct widespread intellectual property theft for economic gain, but instead is focused on collecting intelligence that would be most useful to a government.”

It has targeted insider information related to governments, militaries, and security organizations since 2007, the report noted.

“Despite rumors of the Russian government’s alleged involvement in high-profile government and military cyber-attacks, there has been little hard evidence of any link to cyberespionage,” said Dan McWhorter, FireEye vice president of threat intelligence.

“FireEye’s latest advance persistent threat report sheds light on cyberespionage operations that we assess to be most likely sponsored by the Russian government, long believed to be a leader among major nations in performing sophisticated network attacks.”

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.