Eagle vs. Dragon: The Escalation of Transpacific Cyber Espionage


“Cyber espionage is a form of cyber attack that steals classified, sensitive data or intellectual property to gain an advantage over a competitive company or government entity.” 
- VMWare Carbon Black

Recent news surrounding cyber espionage acts attributed to the US and China have reinvigorated my interest in the state of cyber relations between the two superpowers. 

It all started with APT1’s disclosure by Mandiant back in 2004. Ever since Chinese cyber espionage campaigns have been waged against the US and Western world. It is now well-documented that the Chinese government has state-sponsored hacking groups to infiltrate companies with some of the most valuable intellectual property out there. China may justify this how it chooses, the fact remains the government is still targeting private enterprises to steal sensitive information and industrial secrets.

However, the US has also partaken in its fair share of cyber espionage directly against Chinese government entities and state owned enterprises. The NSA’s Tailored Access Operations (TAO) Unit and the CIA’s malware arsenal exists for a reason. 

Back in 2015, the Chinese Premier Xi Jinping met with then POTUS Barack Obama, in the United States, to discuss many things, with cyber espionage being one of them. Obama was able to win a commitment from his counterpart Xi that China would not conduct commercial cyber espionage - after the US warned against severe sanctions.  

“Let your plans be dark and as impenetrable as night, and when you move, fall like a thunderbolt.” – Sun Tzu

Cut to two years later and we now know China was responsible for one of the largest, most valuable and cunning data breaches in history - the Equifax hack. In 2017, credit reporting giant Equifax came clean: It had been hacked, and the sensitive personal information of around 150 million US citizens had been compromised. The credit rating firm held data on more than 820 million consumers as well as information on 91 million businesses. Names, birth dates, and Social Security numbers all gone in an unprecedented heist the world has never seen before. 

On 11 February 2020, the US Department of Justice (DOJ) indicted four Chinese military officers over the Equifax hack. Upon announcing the indictments, Attorney General William Barr called the hack "one of the largest data breaches in history" and that the evidence shows these attackers spent weeks in the company's system, breaking into security networks and siphoning of Terabytes of personal data. 

“Appear weak when you are strong, and strong when you are weak.” – Sun Tzu

Chinese foreign ministry spokesman Geng Shuang denied the allegations the next day and said China's government, military and their personnel "never engage in cyber theft of trade secrets". He said China was itself a victim of cyber-crime, surveillance and monitoring by the US.


On 3 March 2020, a Chinese antivirus vendor Qihoo 360 (also known as 360 Total Security) published its report into a group of CIA hackers which spent 11 years breaking into several Chinese industry sectors including aviation organizations, scientific research institutions, petroleum industry, Internet companies, and government agencies. This group of CIA hackers, dubbed APT-C-39, was publicly disclosed initially via Joshua Adam Schulte, a whistleblower who was responsible for the research, development and production of cyber weapons. Schulte is currently being tried after he gave 8716 classified documents to WikiLeaks, now known as the Vault 7 leak (also known as zero-year due to the vast amount of 0day vulnerabilities).

Qihoo 360’s Advanced Intelligence Center analysed these hacking tools and found that indicators of compromise from prior attacks - dating back years - were all attributed to Vault 7 and the CIA. These leaks cemented the fact that the US was behind this decade-long campaign of cyber espionage against China. 

Analysis:
The United States - like China and other world powers - rarely comments when accused of cyber espionage. Former NSA contractor Edward Snowden, helped the world learn more about secret US campaigns abroad. Whilst US prosecutors and private cybersecurity firms have uncovered what China does. Both countries hack their opponents.

The Equifax hack was not the first nor last state-sponsored data breach, but what is concerning for the US and its allies is that its main competitor has stolen one of the largest databases of personal information ever. What some security experts have suggested is that China could create “targeting packages” whereby its intelligence agency, the Ministry of State Security (MSS), could calculate which sets of individuals are members of which sectors, industries, organisations, enterprises or departments. This dataset will likely be used as the first reference point before any of China’s next cyber espionage campaigns. It has a potential foothold in nearly every organisation in America and many others across the world.

References

Popular posts from this blog

Deep-dive: The DarkHotel APT

Turkey targeted by Cerberus and Anubis Android banking Trojan campaigns

My first year in Cyber Threat Intelligence