China-Based Hacking Group Targets UK Firms

Following news that UK firms are being targeted by China-based global hacking group, APT10, Matt Walmsley, EMEA Director at Cyber Security Company Vectra Networks commented below.

Matt Walmsley, EMEA Director at Vectra Networks:

“This latest act of cybercrime has worrying implications for organisations and the cloud service providers hosting their data and applications, with intellectual property compromised as well as personally identifiable information (PII). The fact the activities were aligned with Chinese Standard Time could imply a concerning involvement of Chinese nationals, either working alone or at a state level, to harvest valuable data such as proprietary data on new products that could be used to produce cheap copies or other competing materials, or simply strengthen their hands in commercial negotiations.

“These criminals continue to play a long game, prepared to wait months – even years – to harvest valuable data without being noticed. Malicious code or indeed a live connection to a bad actor can sit, unnoticed like a leech, harvesting useful data slowly and consistently. By playing the long game, access can be gained and regularised so as not to raise alarm, ensuring the activities of the hacker or malicious code do not appear abnormal to the extent they are seen as obvious security breaches by IT staff or basic anti-malware tools and firewalls. It’s another argument in favour of automation of security countermeasures, using machine learning and network analysis to relentlessly hunt for hidden attackers inside enterprises. No defence is full proof and cyber criminals are getting more sophisticated with their attacks. Large organisations, along with their partners and suppliers such as managed service providers, are most likely to be in the crosshairs of this type of attacker. This type of attack is not dissimilar from the ABTA attack last month in that a supplier’s infrastructure was the target. It highlights why companies need to support IT security professionals with technology that can help them spot the subtle nuances of a long game attack before valuable data is disrupted or walked out the door.

A year from now, if these braches keep happening, companies in or working within the EU could also find themselves exposed to significant fines under GDPR, as well as the long-term value destruction from loss of reputation and intellectual property.”