Chinese cyber-espionage against US and Europe

FireEye: Transportation and Telecom Firms Being Hit in Chinese Espionage

Chinese cyber-espionage against US and Europe

Security firm FireEye reported that Chinese espionage against US and European government entities used four new hacking tools and reached more commercial sectors than previously reported. 

Investigators uncovered breaches of the transportation and telecommunications industries associated with two gangs linked to China – as well as additional hacker they did not identify.

According to the company, the breaches previously affected the banking, defence, and government sectors only.

A VPN product called Pulse Connect Secure is being used by intruders to breach networks and steal important information.

FireEye’s incident response arm, Mandiant, notes that many of the hacker firms fall into verticals aligned with Beijing’s “strategic objectives” as outlined in its newest “Five Year Plan” for economic growth.

According to Sarah Jones, senior principal analyst at Mandiant Threat Intelligence, UNC2630 appears to be working on behalf of the Chinese government in most of the breaches.

These alleged Chinese hacker use four other types of malware to steal information and obscure their tracks.

Chinese cyber-espionage:

Mandiant analysts wrote on Thursday that “Chinese cyberespionage activity shows a higher tolerance for risk than previously thought.”

According to Microsoft, alleged Chinese spies used vulnerabilities in the Exchange Server software in March to steal email inboxes from U.S. firms.

The attackers left malicious code on victims’ systems that could have been exploited by a variety of criminal organizations. 

Some researchers perceived the intrusions as unethical due to the possibility that the code could be financially exploited. 

The Chinese Embassy in Washington, D.C. did not immediately respond to a request for comment on Mandiant’s findings.

Beijing consistently denies carrying out cyberattacks. US officials have spent a lot of time responding to the alleged Chinese operations and a suspected Russian operation that used SolarWinds software. 

Pulse Connect Secure:

In addition to 24 federal entities using Pulse Connect Secure, some laboratories researching national security openly use the software.

In the opinion of a representative of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Pulse Connect Secure cyberattack compromised at least five civilian agencies. 

As Mandiant prepared to reveal the operation last month, the claimed Chinese spies covered up traces of many of their hacks in some of the Pulse Connect breaches.

“The greater ambition and risk tolerance demonstrated by Chinese policymakers since 2019 indicates that the tempo of Chinese state-sponsored activity may increase in the near future and that the Chinese cyber threat apparatus presents a renewed and serious threat to U.S. and European commercial entities,” the Mandiant analysts stated.

Leave a Comment

Your email address will not be published.

schedule a meeting us, Leave your details and we'll talk soon.