Report: Chinese groups behind most state-sponsored attacks in 2014

But it was Vietnam, not the US, that was the top target

Chinese adversaries were the most active state-sponsored cyberthreat groups last year, according to report released by CrowdStrike, but it was Vietnam, not the US, that was its top target.

A group CrowdStrike code-named "Goblin Panda" targeted the country because of ongoing disputes over territorial rights in the South China Sea.

Last May, a Chinese state-owned energy company deployed an oil rig in Vietnamese territorial waters, close to the Paracel Island, which are claimed by both countries. This resulted in clashes between ships belonging to the two countries, protests in Vietnam, and an increase in Chinese cyberattacks against Vietnamese government agencies.

At the end of the summer, China moved the rig away from Vietnamese waters, and attacks declined.

But the security company will continue to watch the South China Sea area, said Dmitri Alperovitch, CTO and co-founder at Irvine, Calif.-based CrowdStrike, Inc.

"There are lots of heated tensions between China and its neighbours and that usually spills over into cyber conflict as well," said Alperovitch.

After Vietnam, the US was the next most-targeted country last year. One notable adversary here was the Chinese group code-named "Hurricane Panda," which CrowdStrike had personal experience with.

"We've been battling them for over a year at several of our customers," said Alperovitch. "They're truly defining what the word persistent means when it comes to these nation states."

For example, last April, one large technology discovered that Hurricane Panda had been in their systems since the previous summer.

By June, the intruders had been cleared out of all systems, with new technology in place to monitor all activity.

"Literally for the next six months straight we observed their continued attempts to get back in, including deploying zero day malware against this customer," said Alperovitch. "It was a never-ending onslaught against this company as they were trying to regain access that they lost. This is the real nature of this fight."

Most people think of cyber attacks as discrete events, he said.

"But the adversary does not stop," he said. "They'll try to find another way to get back in. Most companies are not prepared for this continuous assault that may last month - or years."

Other high-profile targets last year included those related to tensions in the Ukraine and Iran, as well as Ukraine and Hong Kong elections.

CrowdStrike is continuing to keep an eye on regional conflicts in 2015.

"One of the things we're paying a lot of attention to is the negotiations over the Iranian nuclear program," said Alperovitch.

Negotiators have set June 30 as the final deadline for an accord in the talks, which include Iran and the US, as well as Russia, China, Britain, France and Germany.

"If the June deadline is not extended, and there's no deal to be had, we may very well see attacks from Iran against U.S. and European targets," he said.

Regional conflicts are also likely to spill over into cyberattacks, he said, such as what happened with Ukraine and Hong Kong in 2014.

"We might see more groups affiliated with ISIS conducting nuisance or propaganda attacks," he added. "We're also watching very carefully the South China Sea area."

Join the CSO newsletter!

Error: Please check your email address.

Tags intrusionCrowdStrikecyber attacksespionagesecuritydata breachExploits / vulnerabilities

More about Inc.IslandPandaParacel

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place