Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Accuses China of Hacking Into Defense Contract Firms

WASHINGTON – Chinese hackers believed to be linked to Beijing conducted dozens of cyberattacks on US defense contractors between 2012 and 2013, potentially compromising military operations, a congressional probe warned Wednesday.

WASHINGTON – Chinese hackers believed to be linked to Beijing conducted dozens of cyberattacks on US defense contractors between 2012 and 2013, potentially compromising military operations, a congressional probe warned Wednesday.

A study by the Senate Armed Services Committee found that hackers gained access to systems run by companies doing contract work for the US Transportation Command (TRANSCOM) at least 50 times in a one-year period ending May 30, 2013.

“Of those 50, at least 20 were successful intrusions into contractor networks attributed to an ‘advanced persistent threat’ (APT), a term used to distinguish sophisticated cyber threats that are frequently associated with foreign governments,” the report warned.

The report, as well as committee chairman Senator Carl Levin, attributed all 20 APTs to China.

“The security of our military operations is what is at stake,” Levin told reporters as he unveiled a de-classified version of the report.

The probe uncovered dramatic gaps in reporting requirements by the companies, and poor coordination between the firms and US agencies like the Federal Bureau of Investigation that left TRANSCOM virtually in the dark about the intrusions.

Of the 20 major breaches, TRANSCOM had been made aware of just two of them, a “troubling finding” according to the report.

“Information about these threats isn’t getting where it needs to go,” Levin said.

Advertisement. Scroll to continue reading.

Some 90 percent of US military personnel are transported on private airlines, and Senator James Inhofe, the committee’s top Republican, warned that the hacks had the potential to “disrupt our mission readiness” by compromising such companies, particularly during national emergencies.

Investigators studied the little-known Civil Reserve Air Fleet program through which commercial companies help TRANSCOM move troops and equipment around the world.

A committee staffmember said such firms might let down their guard or slow their reporting of cyber intrusions during peacetime, allowing Chinese hackers to crack into their systems and lie in wait until a US military emergency arises.

The hacking has apparently occurred for years. Between 2008 and 2010, for example, a “Chinese military intrusion” into a TRANSCOM contractor compromised emails, documents, computer code and passwords, the report said.

In 2012, there was a similar intrusion into several systems onboard a commercial ship contracted by TRANSCOM.

As a result of the findings, the committee said, lawmakers have inserted requirements in the 2015 defense spending bill that streamline the information process about cyberattacks and tighten reporting procedures for defense contractors.

The United States has accused China of hacking into its systems before. In July, The New York Times quoted US officials saying Chinese hackers accessed US government computers containing personal information on all federal employees.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Register

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

Orchid Security has appointed a new Chief Product Officer and three advisors.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.