CSOs warned of serious cyber-espionage attack

A cybersecurity consulting firm has documented the existence of a China-based espionage operation that has infiltrated the computer systems of at least 22 organizations in the government and private sectors in the U.S., Europe and Asia.

But the biggest surprise was how the compromised entities reacted when notified of the breach by e-mails, which were followed up by phone calls.

"Not a single company actually responded. No one said 'thank you,' no one said give me more information, how did you do this, nothing," Adam Vincent, chief executive of Cyber Squared, said Tuesday. "Either we notified the wrong people or people didn't care. I'm not sure which."

Cyber Squared won't disclose the names of the organizations that seemed to ignore what the firm found to be a sophisticated attack, most likely sanctioned or sponsored by some entity within China.

The victims included U.S. public policy think tanks, North American technology companies, European food safety, environmental and maritime organizations, East Asian economic policy and diplomacy groups, and international mining organizations and law firms. What was stolen from these organizations is not known.

The reason Cyber Squared believes the attacks were state sanctioned or sponsored is because all the victims were tied to Chinese strategic interests. For example, one organization was involved with efforts in the U.S. government to sell F-16 fighter jets to Taiwan, an action China opposed. Another was involved with efforts in the United Nations to minimize greenhouse gas emissions within the international maritime industry.

In many ways, the operation was a classic example of what the security industry calls an advanced persistent threat, which means the attackers studied each organization closely in order to tailor the attack to specific people. The cyber criminals constantly updated the malware used in order to hide from antivirus software and other security technology found on most organizations' networks.

Cyber Squared was introduced to the espionage operation in September 2011, when an organization connected to the Taiwan discussions received e-mail with an address that closely resembled the name of a senior executive. The missive, sent from a popular U.S. Web mail service, contained a link to a Web site that directed the victim to download a malicious file.Ã'Â The e-mail was sent within 32 hours after Congress received a bill that would authorize the jet sale to Taiwan.

The simplicity of the original e-mail and malware masked a highly sophisticated operation that would subsequently download software tools and file-stealing applications that could spread through a corporate network in secrecy, Vincent said. Attackers often wait to launch their best malware after they've infiltrated a system. "They're not going to bring their A-game, if they only need C-players."

While Cyber Squared could only identify 22 organizations, it believes dozens more have been compromised by the cyber criminals, who are capable of managing spy operations in each compromised organization at the same time "like moving pieces on a chessboard," Vincent said.

The company believes on Chinese group is responsible for the attacks, which share a common infrastructure and a common attack method. "They [the attacks] all had strategic purpose for China, specifically."

For Vincent, the silence the company received after contacting affected organizations left him wondering how much security executives understand the risks. "If you admit that you're a target, that's the first step to knowing that you have a problem," he said. "So many organizations today, and so many CSOs, can't admit that China would be looking at them and potentially is already conducting cyberattack operations against their organizations."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

More about United Nations

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts