The
United States charged two Chinese men hacking attacks targeting number of companies and government agencies in
the US and around the world for more than a decade.
According
to the US Department of Justice, Zhu Hua and Zhang Shilong worked for the Chinese Ministry of State Security in coordinating
espionage activity through a hacking group known as APT10, to steal
trade secrets and technologies from at least 12 countries. APT10 also known as “Red Apollo” and “Stone Panda”.
The indictment bu USA indicated the pair worked for Huaying Haitai Science and
Technology Development Company. An entity described by an online Chinese
business directory as being involved in the development of e-commerce
websites and network operations.
The group is accused of multiple breaches involving a large number of companies and government entities. These attacks go back to 2006, The first, the “Technology Theft Campaign”, set to steal information about various technologies, began in or about
2006 and involved the group gaining access to the computer networks of
more than 45 technology companies and US government agencies.
The government agencies like the NASA Goddard
Space Centre and Jet Propulsion Laboratory and the US Department of
Energy’s Lawrence Berkeley National Laboratory, were targeted by the hacking campaign.
The other campaign is more recent, starting in about 2014, APT10 launched an intrusion
campaign to hack in to the computer networks of
managed service providers (MSPs). These service providers are used by businesses and governments around
the world.
The “MSP Theft Campaign” accessed computers
providing services to or belonging to victim companies in at least 12
countries, namely Brazil, Britain, Canada, Finland, France, Germany,
India, Japan, Sweden, Switzerland, the United Arab Emirates, and the
United States.
According to FBI, the victim companies were involved in the
fields of global finance, telecommunications, consumer electronics,
manufacturing, healthcare, biotechnology, mining, automotive supplies
and drilling. While not indicated by the indictment, Reuters reported multiple sources saying the MSPs were Hewlett Packard Enterprise and IBM.
The first public reference to APT10 was made by FireEye in a 2013 report identified as “Poison Ivy”, it identified APT10 as an affiliate domain name
to “menuPass”, a group that was known to have been targeting US and
other defence contractors since at least 2009.
PwC’s cybersecurity practice and British multinational defence
company BAE Systems published a report in 2017, in cooperation with Britain’s
National Cyber Security Centre, that claimed to have uncovered a hacking
campaign – “Operation Cloud Hopper”, the MSP attack by APT10.
China responded to the charges by accusing Washington of cyber hacking and denying any involvement.
No comments:
Post a Comment