Arrest Of Intelligence Officer Sparks Fears Of Chinese Hacking Attack

Uploaded on 2018-10-30 in TECHNOLOGY--Hackers, NEWS-News Analysis, INTELLIGENCE--USA, FREE TO VIEW

Top figures in the infosec industry fear that the recent arrest of a top Chinese intelligence officer will spark an increase in cyber-attacks from Chinese hacking groups in the coming months.

These fears were expressed after the US Department of Justice announced the arrest and extradition of Yanjun Xu, a high-ranking director in China's Ministry of State Security (MSS), the country's counter-intelligence and foreign intelligence agency.

Xu was not arrested on hacking charges, but for attempting to commit economic espionage and steal trade secrets after trying to recruit several insiders from multiple US aviation and aerospace companies.

But reports from US cyber-security firm Recorded Future, and from shadowy group Intrusion Truth, have pegged the MSS as the Chinese agency in control of China's cyber-espionage operations.

"Currently, the Ministry of State Security (MSS) is the primary government agency engaged in the majority of cyber-attacks with Chinese-government nexus, and CrowdStrike has observed multiple intrusions demonstrating their sophisticated tradecraft," Dmitri Alperovitch, Co-Founder and CTO of US cyber-intelligence firm CrowdStrike, told ZDNet today.

Alperovitch now fears that this arrest might trigger a retaliatory action from Chinese hackers, an opinion also shared by former Facebook Chief Security Officer, Alex Stamos, and others.

For years, Chinese state-sponsored hackers have breached US companies and pilfered proprietary technology that mysteriously made its way into the hands of Chinese companies.

The two nations agreed to cease all hacking operations aimed at intellectual property (IP) theft in the autumn of 2015, when the countries' two presidents, US President Obama and Chinese President Xi, signed a political agreement on the matter.

A FireEye report released in June 2016 found that China's IP theft cyber operations had considerably wound down following the pact, and the country appeared to have stopped all major operations.

But this pact appears to have unofficially dissolved during the Trump presidency, as diplomatic relations broke down between the two countries, and a trade war is slowly unraveling today.

The Trump administration accused China in March of breaking the Obama-Xi hacking agreement. A US Department of the Treasury investigation detailed in a 215-page report listed several Chinese hacking operations that took place after the pact's signing.

In a report published today, CrowdStrike confirmed the US Treasury's findings. The company said it detected an uptick in Chinese hacking operations during the past year, uptick that placed China above Russia in terms of number of attacks.

"CrowdStrike can now confirm that China is back (after a big drop off in activity in 2016) to being the predominant nation-state intrusion threat in terms of volume of activity against Western industry," Alperovitch said in a tweet today, an opinion he also shared in an interview on Bloomberg TV. "MSS is now their [number one] cyber actor," he added.

Even if there is no evidence Xu was involved in China's cyber operations, it is now a general opinion among many infosec pundits that China does not abide by the terms of the Obama-Xi agreement anymore [1, 2], and the arrest of one of its top MSS directors would unleash hacking efforts on the same level as they were before the pact.

In comments provided to ZDNet, Alperovitch also hoped today's arrest would also serve as a deterrent.

Nonetheless, that might not be the case as the indictment of three Chinese nationals believed to be MSS hacking contractors last year, who were also involved in IP theft, didn't appear to stop Chinese cyber-espionage operations at all.

The Washington Post has more details on Xu's indictment and insider recruitment tactics, as well as how federal agents lured the top MSS official in Belgium, where they arrested him on April 1, this year.

ZDNet:

You Might Also read:

China Is 'biggest state sponsor of Cyber-Attacks on the West'

« Facebook Sued Over Video Viewing Figures
Amazon Scraps AI Recruiting Tool That Showed Bias Against Women »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Zurich

Zurich

Zurich’s Security and Privacy policy is designed to manage financial and reputational costs as a result of a breach of network security or unauthorized access or release of private information.

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

Cybersecurity Manufacturing Innovation Institute (CyManII)

Cybersecurity Manufacturing Innovation Institute (CyManII)

CyManII was established to create economically viable, pervasive, and inconspicuous cybersecurity in American manufacturing to secure the digital supply chain and energy automation.

About Cyber Security.

About Cyber Security.

About Cybersecurity provides a galaxy-wide knowledge base of cybersecurity tactics and techniques derived from actual experience.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

ShardSecure

ShardSecure

ShardSecure Microshard technology eliminates data sensitivity, providing security, privacy and compliance beyond encryption.

Redhorse

Redhorse

Redhorse provides top-tier consulting to help clients address mission-critical government problems in National Security, Networking Technology, Energy and the Environment.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

D2 Network Associates (D2NA)

D2 Network Associates (D2NA)

D2NA help businesses deliver and achieve their goals, through innovative IT solutions, robust cyber security services and proactive IT managed services.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.

Velum Labs

Velum Labs

Velum Labs is a cyber intelligence company that provides simple and non-intrusive, cloud and cyber intelligence solutions; built from a market-leading understanding of cyber-attack methodology.