Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

China Spends Massively on Cyber Spying, Congress Told

WASHINGTON – China is pouring massive amounts of money and resources into cyber attacks aimed at stealing business secrets, security researchers told a congressional panel on Tuesday.

WASHINGTON – China is pouring massive amounts of money and resources into cyber attacks aimed at stealing business secrets, security researchers told a congressional panel on Tuesday.

Cyber attacks purported to come from China, a topic which has drawn the attention of US President Barack Obama and other top officials, are part of “an extensive effort to pilfer intellectual property,” said Kevin Mandia, head of the security firm Mandiant.

APT1 China's Cyber Espionage

“It’s been supported monetarily,” said Mandia, whose firm released a report earlier this year linking the People’s Liberation Army to a long-running cyber espionage campaign.

“It would take thousands of people, thousands of systems… the mere infrastructure alone, and the time, and duration and scope of this effort to steal our secrets has gone on for so long that there’s a large amount of investment in it.”

Mandia told a hearing of the Senate Armed Services Committee that “based on that investment, it’s hard to conclude anything other than that there’s an advantage being gained from that investment.”

PodcastSecurosis’ Rich Mogull on Mandiant’s APT1 Report & Advanced Threat Actors

Richard Bejtlich, Mandiant’s chief security officer, said the army unit identified in the report is “just one element of a large campaign.”

“There are other teams working in other cities in other parts of the country that, in some cases, target other areas of the economy,” he added.

Based on the firm’s investigation, “We can say with confidence that they’re Chinese units… I would say they’re at least government sanctioned. We can’t say for sure these other units, whether they are uniform-wearing military or if they’re contractors or if they’re outsourced third parties.”

Mandia said the methods of the attacks suggest clear economic goals. “These attacks are against companies,” he said. “They’re not against individuals at the highest levels. It’s to steal corporate secrets; it’s not individual secrets, necessarily.”

He added that most of the attacks are carried out by luring people to open infected emails which allow outsiders access to networks.

“But they are not targeting an individual at home. And it’s very clear to us after responding to Chinese intrusions for nearly 15 years now in my career, the attacks do follow a rule of engagement,” he said.

“I’ve never witnessed Chinese intruders — other than breach the confidentiality of your documents, I’ve never seen them change things.”

Obama earlier this month pledged “some pretty tough talk” with China and added that “we’ve made it very clear to China and some other state actors that, you know, we expect them to follow international norms and abide by international rules.”

China has consistently denied the charges, and also claimed that it was a victim of such attacks.

In its report, Mandiant alleged that APT1 — known also as “Comment Crew” for its practice of planting viruses on the comment sections of websites — has stolen hundreds of terabytes of data from at least 141 organizations spanning 20 industries. 

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).