US-based researchers have discovered that China is hammering the US with a wave of stealthy attacks that pose a threat of leaking confidential information from American defense contractors, governmental agencies, and technology and telecommunications firms.
Researchers from Alphabet Inc.’s Google revealed that state-sponsored hackers from China had created methods for dodging standard cybersecurity technologies, The Wall Street Journal reported.
These attacks allow Beijing to penetrate government and commercial networks and spy on targets for years without being discovered.
Systems that aren’t generally the targets of cyber espionage have been hacked during the past year, according to analysts at Google’s Mandiant division.
Rather than hacking into corporate firewall-protected systems, they compromise network edge devices, sometimes even firewalls, and target software developed by firms like VMware Inc. or Citrix Systems Inc.
These products function on computers that don’t frequently have an antivirus or endpoint detection software installed.
Charles Carmakal, Mandiant’s chief technology officer, told the Journal that the attacks show new ingenuity and expertise from China and frequently exploit previously unknown vulnerabilities.
After analyzing the victims’ accounts, researchers have linked the activity to a purported China-nexus hacker organization.
Experts believe that a group from China is responsible for the attacks. This is because the victims have been targeted repeatedly, the attacks are very complicated and require a lot of resources, and the hackers use a unique malware code that is usually only used by Chinese cybercriminals.
The information released on March 16 comes after the recent discovery of an alleged Chinese spy balloon that violated American airspace, which has increased fears about the scope of Chinese intelligence against the West.
China has consistently denied interfering with the affairs of other nations’ governments or corporations.
However, the Biden administration has previously issued advisories suggesting that the possibility of China sabotaging crucial American systems during a bilateral conflict is increased by technological interdependence.
Experts have previously pointed out that China has the legal and political means to persuade private Chinese enterprises to disclose any special access they might have to American software or hardware. Such access could permit actual assaults and (explicit or implicit) threats against American infrastructure.
Breach Of Sensitive Data?
US officials have long seen Beijing as a top cyber espionage threat. They have been alarmed by the ease with which Chinese hacker groups have compromised military targets and defense contractors to obtain data on cutting-edge military technology.
The American intelligence community has also noticed hackers suspected of working for the Chinese Communist Party honing their capabilities in recent years.
Carmakal noted that except for a massive assault on Microsoft Exchange email servers in 2021 traced to China, Beijing’s attacks had been precisely targeted, frequently striking just a few valuable government and commercial targets.
According to Mandiant, the scale of Chinese incursion into Western and American targets is likely much greater than is currently known because of the stealthy nature of the measures employed.
Carmakal further explained that it is far more difficult for them to analyze the cyberattack’s methodology, and it is undoubtedly much more difficult for victims to find these incursions independently.
“Even with our hunting techniques, it’s hard for them to find it,” Carmakal noted.
The US-based researchers found that the newly identified attacks with connections to Beijing most heavily affected defense contractors, government organizations, and technology and telecommunications companies.
The impact is enormous because of the value of what is being stolen, even though the relative number of victims who have been identified may be few—perhaps in the dozens, Carmakal noted.
The report said the systems frequently compromised in the recent wave of cyberattacks were explicitly created to protect companies.
In an annual threat assessment issued earlier this month, US intelligence authorities stated that China likely poses the biggest, most proactive, and persistent cyberattack threat to the US government and private-sector networks.
Private software developing companies, meanwhile, have fixed a few problems and given users instructions on how to make their virtual machine software more secure.