14 Year Long Chinese Hacking Ring Identified
Up until now, the longest undetected hacking operation that I was aware of was at Nortel Networks. It lasted 12 years and resulted in the company shutting down in bankruptcy and sold for scrap.
This one beats that one.
The DoJ unsealed indictments today for 7 Chinese nationals (note to these folks: do not travel to US friendly countries on vacation) for their involvement.
The targets of the 14 year long hacking campaign includes US and foreign critics of China, journalists, businesses and politicians like Congresspeople and Senators.
The hacking collective known as APT31 AKA Altaira AKA Bronze Vinewood AKA Judgement Panda and AKA Violet Typhoon has been active since AT LEAST 2010. That means that 14 years is a low estimate; it could be more.
Some of the people indicted are linked to Wuhan Xiaoruizhi Science and Technology Company, Limited (yes, the same Wuhan as in the pandemic). It is reputed to be a front company for China’s Ministry of State Security.
The US and UK are trying to find these people. They have put up a $10 million reward for information leading to the identification or whereabouts of people associated with APT31.
The DoJ added “These allegations pull back the curtain on China’s vast illegal hacking operation that targeted sensitive data from U.S. elected and government officials, journalists and academics; valuable information from American companies; and political dissidents in America and abroad,”.
The attacks were low tech – send spam email to targets of interest, get them to open the emails and start harvesting information. While the initial information was relatively benign like IP address, device information and similar stuff, the hackers used this information to launch very targeted attacks and install malware.
For the political category of victims think White House, DoJ, Commerce, Treasury and State, among others. In the private sector, targets include defense contractors, IT, telecomm, manufacturing, finance, trade, legal, research and others.
Basically, anyone, anywhere, that might have information that they could use.
Just because these folks have been outed (but not arrested) does not mean that the hacking has stopped, that they have been kicked out of their hiding places or that they are not trying to find new victims.
If you fit into one of these categories, apparently, China thinks it can slip into your network undetected. For at least 14 years, that seems to be undeniable. If this makes you nervous, it should. Also apparently, if you think you would know if someone was inside your network stealing your stuff, you would be wrong. Need some help fighting back? Call us.
Credit: The Hacker News