Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Accuses China of Hacking Into Defense Contract Firms

WASHINGTON – Chinese hackers believed to be linked to Beijing conducted dozens of cyberattacks on US defense contractors between 2012 and 2013, potentially compromising military operations, a congressional probe warned Wednesday.

WASHINGTON – Chinese hackers believed to be linked to Beijing conducted dozens of cyberattacks on US defense contractors between 2012 and 2013, potentially compromising military operations, a congressional probe warned Wednesday.

A study by the Senate Armed Services Committee found that hackers gained access to systems run by companies doing contract work for the US Transportation Command (TRANSCOM) at least 50 times in a one-year period ending May 30, 2013.

“Of those 50, at least 20 were successful intrusions into contractor networks attributed to an ‘advanced persistent threat’ (APT), a term used to distinguish sophisticated cyber threats that are frequently associated with foreign governments,” the report warned.

The report, as well as committee chairman Senator Carl Levin, attributed all 20 APTs to China.

“The security of our military operations is what is at stake,” Levin told reporters as he unveiled a de-classified version of the report.

The probe uncovered dramatic gaps in reporting requirements by the companies, and poor coordination between the firms and US agencies like the Federal Bureau of Investigation that left TRANSCOM virtually in the dark about the intrusions.

Of the 20 major breaches, TRANSCOM had been made aware of just two of them, a “troubling finding” according to the report.

Advertisement. Scroll to continue reading.

“Information about these threats isn’t getting where it needs to go,” Levin said.

Some 90 percent of US military personnel are transported on private airlines, and Senator James Inhofe, the committee’s top Republican, warned that the hacks had the potential to “disrupt our mission readiness” by compromising such companies, particularly during national emergencies.

Investigators studied the little-known Civil Reserve Air Fleet program through which commercial companies help TRANSCOM move troops and equipment around the world.

A committee staffmember said such firms might let down their guard or slow their reporting of cyber intrusions during peacetime, allowing Chinese hackers to crack into their systems and lie in wait until a US military emergency arises.

The hacking has apparently occurred for years. Between 2008 and 2010, for example, a “Chinese military intrusion” into a TRANSCOM contractor compromised emails, documents, computer code and passwords, the report said.

In 2012, there was a similar intrusion into several systems onboard a commercial ship contracted by TRANSCOM.

As a result of the findings, the committee said, lawmakers have inserted requirements in the 2015 defense spending bill that streamline the information process about cyberattacks and tighten reporting procedures for defense contractors.

The United States has accused China of hacking into its systems before. In July, The New York Times quoted US officials saying Chinese hackers accessed US government computers containing personal information on all federal employees.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.