(CyberWar.news) A recent discovery by cyber sleuths has uncovered a massive, state-sponsored cyber espionage ring working on behalf of the Chinese government, even as Washington and Beijing come to terms on a new hacking agreement.
As reported by The Wall Street Journal, the new discovery will likely ratchet up tension between the U.S. and China over cyber theft, particularly of American government, defense and private sector systems, despite efforts by both governments to tamp down – or at least downplay – hacking.
The WSJ noted one technique used by “China’s army of cyberwarriors”:
The email attachment would tempt anyone following the diplomatic standoff between China and other countries in the South China Sea. The Microsoft Word document contained text and photos depicting Thai naval personnel capturing Vietnamese fishermen and forcing them to kneel at gunpoint.
But the attachment was a decoy: Anyone who opened it inadvertently downloaded software that searched their computers for sensitive information and sent it to an obscure corner of the Internet. Manning that corner, according to a new report from U.S. security researchers, was Ge Xing, a member of a Chinese military reconnaissance unit.
Such decoys are becoming increasingly common and have routinely served China’s hackers well. As such, China has continued to press the boundaries of cyber espionage to the point of leaving U.S. and allied governments scrambling to come up with solutions to address a growing problem – before China pushes the envelope a step too far.
As for Ge, the hacking does not fit his public profile. As the WSJ noted, his published academic papers identify him as an expert in a very non-technical subject: politics in Thailand. And frequent posts on Chinese social media that researchers have tied to him show that he’s a new father, avid bicyclist and owner of a white Volkswagen Golf sedan. He even occasionally criticizes China’s communist government.
However, his Internet activity elsewhere links him to a China-based hacker collective that often targets an area of strategic interest to the U.S., according to a new report from the cybersecurity research firm ThreatConnect and security consultant Defense Group Inc (DGI).
The U.S. has been stunned by a series of high-profile cyber hacks and other acts of cyber espionage originating from China in recent months, including the monster hack of the Office of Personnel Management (OPM) and earlier cyber thefts of designs for the B-2 bomber and F-22 and F-35 fighters.
China, meanwhile, has rejected attempts to paint it as a cyber thief. Also, Chinese officials have pointed to documents disclosed by former NSA contractor Edward Snowden indicating that the U.S. conducts cyber espionage against Beijing.
Still, the new report from ThreatConnect and DGI sheds new light on a still little-known aspect of China’s cyber ops: the relationship between the Chinese military and “an aggressive corps of Chinese-speaking hackers that appear to be pressing the country’s interests abroad,” the WSJ reported.
The paper further noted:
Through accounts allegedly tied to Mr. Ge, the report draws a direct link between his unit, People’s Liberation Army Unit 78020, a military intelligence arm based in China’s southwest, and a hacker collective known as Naikon that security researchers say has successfully penetrated key computer networks in countries competing with China for control over the South China Sea.
“What we see from Chinese intrusions is that they have a very grass roots, bottom-up kind of model,” James Mulvenon, director of DGI’s Center for Intelligence Research and Analysis, told the paper. “They have a lot of groups that are encouraged with relatively vague guidance to go out and develop hundreds of accesses and bring back lots of data.”
Hacking group Naikon develops well-crafted emails in order to fool recipients into opening attachments that are summarily infected with malicious code, researchers noted. Infected attachments used by the group thus far include a calendar of Laotian beauty contestants, news stories and memos based on topics of strategic interest in English and local languages, and memos that seem to have been based on classified information, said a May report by Russian anti-virus maker Kaspersky Lab.
The technique – known as spear phishing – has been highly successful for Naikon, whose hackers have penetrated the networks of governments, military, media and energy companies in Vietnam, the Philippines and other countries throughout Southeast Asia, Kaspersky said.
“Their success rate has been high,” Kurt Baumgartner, principal security researcher at Kaspersky, told the Journal. “When they want to get in, they get in.”
Have you ‘liked’ Cyberwar.news on Facebook? Click here!