Chinese hackers resume attacks on U.S. targets

Chinese hackers resume attacks on U.S. targets

For the last three months or so, the U.S. government and some of its
defense contractors have engaged in a war of shame on China to pressure
it to cool its cyber-attacks on U.S. targets. The campaign appeared to
be yielding results, but it seems that Chinese hackers were only
catching their breath.

The notorious Unit 61398, also known as the “Comment Crew,”—an elite
cyber unit linked by U.S. security firms to the China’s People’s
Liberation Army (PLA)—has renewed its raids on U.S. entities using
different techniques, the New York Times reported Sunday.

Cyber security firm Mandiant told the Times that the attacks had been
renewed, but would not identify the targets—although it did acknowledge
that many of them were the same ones assaulted earlier by the Chinese
cyber unit.

Mandiant did not respond to a request for comment for this story.

Background

Mandiant released a report in February
that kicked off the shame campaign against China. In it, it tied Unit
61398 to cyber-attacks on 141 companies—87 percent of them have
headquarters in English-speaking countries and against companies that
work in 20 industries considered strategic by China.

Immediately following the report’s release, China repudiated the document, maintaining it was based on flawed evidence.


Nevertheless, the attacks began to abate after the report’s release,
and the hackers removed their spy tools from the organizations they had
infiltrated, according to Mandiant.

Over the past two months, however, Mandiant found an uptick in
infiltration activity aimed at the same companies but originating from
different servers.

Activity now is about 60 to 70 percent of what it was before the hiatus began in February, Mandiant estimated.

Not a good strategy?

The shame campaign was a dubious strategy, asserted Jeffrey Carr, CEO of Taia Global and author of Inside Cyber Warfare: Mapping the Cyber Underworld.

”It’s a terrible idea,” he told PCWorld.

Shame, as a diplomatic tool, doesn’t seem to work however it is used.
“We’ve tried to use it to shame North Korea into behaving itself and
obviously that hasn’t worked,” Richard Stiennon, chief research analyst
at IT-Harvest, told PCWorld.

Carr said that the U.S. government needs to cooperate and collaborate
with China to pursue criminal groups engaging in intellectual property
theft.

”You’re not going to stop a government from engaging in espionage, so that should just be off the table,” he said.

What might work

By collaborating with China to attack groups operating within its
border or commandeering its computers from outside its borders for
criminal espionage activity, much data theft could be stopped, Carr
said.

”The New York Times and Mandiant have collaborated on this theory
that Comment Crew is part of the PLA,” Carr added. “Mandiant has never
established that. It just made the claim that it is.”

Another way to counter cyber threats from China is to make it more
expensive for the hackers to get the information they want, added
Stiennon.

”Right now it’s very inexpensive to engage in these cyber-attacks,” he said.

”Mandiant’s report slowed them down, forced them to retrench, pull
their tools out, and reengage,” he continued. “They spent a lot of man
hours because of that report.”

”That reaction was expensive for the attackers,” he added. 

Tags:

Add a Comment