It has been reported that on Wednesday the U.S. Justice Department has charged five Chinese nationals in connection with the hacking of more than 100 American and foreign companies as well as of nonprofits and universities. The department also charged two Malaysian businessmen with conspiring with two of the indicted Chinese nationals to target companies in the billion-dollar computer game industry. American officials say Malaysian authorities have arrested the businessmen, who now face extradition to the United States. “The intrusions, which security researchers have tracked using the threat labels ‘APT41,’ ‘Barium,’ ‘Winnti,’ ‘Wicked Panda,’ and ‘Wicked Spider,’ facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information,” prosecutors said.
Full story here:
https://edition.cnn.com/2020/09/16/politics/chinese-nationals-cyberhacking/index.html
These indictments indicate how malicious actors are diversifying their tactics to achieve a broader range of outcomes. In particular, breaching gaming companies to steal in-game items and currency for real-world profit rather than stealing corporate data means security teams need to be sure their efforts are well-distributed across both internal and external systems. The attackers were able to gain access to internal networks and likely moved laterally across the infrastructure to identify the most profitable items. Unauthorized access to the infrastructure oftentimes starts with a phishing attack. Threat actors will target particular employees and phish their credentials in order to get access to particular parts of the infrastructure. These days, phishing attacks primarily start outside of the traditional email channels. The primary channels are now SMS, social media platforms, third-party chat platforms, direct messages in gaming apps, and others that are primarily accessed on mobile devices.
The drumbeat we hear in the background today resulting from today\’s U.S. Department of Justice indictments of Chinese nationals for hacking more than 100 companies, is China denying any role in espionage, hacking and/or other malicious activity against the U.S. And while we know full well what China is capable of and what their country has been actively involved in over the years, it comes down to a she said, Xi said moment in terms of accountability. Rest assured that Xi Jinping will either deny the allegations himself or we\’ll hear from one of his spokespeople that China would never be involved in such heinous activity.
Unfortunately, it is unlikely any of these nationalists will face justice in a U.S. courtroom. The Chinese are a cyber superpower and they are responsible for billions of dollars in IP theft annually from thousands of companies. Companies and government agencies need to take today\’s indictments seriously and heed the warning. It is imperative that they invest in improving their network defenses against these types of blatant and egregious espionage related activities. It is critical for all companies to invest in threat hunting services that are deployed around the clock like security guards are to protect physical property. Today\’s well trained cyber security guards have the skills to spot malicious computer network activity that put an end to massive amounts of IP theft and loss.