Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Chinese Cyberattacks are Back

May 22, 2013

The New York Times reported Monday that China has resumed its cyberattacks on the U.S. There had been a three month hiatus from hackers working for a cyberunit of China’s People’s Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies. But now they appear to have renewed their attacks using new techniques according to cybersecurity experts and American officials.

Security company Mandiant said that many of the victims had been attacked previously. Cyberunit 61398 is believed to be responsible for an attack on Coca-Coca in 2009 when it attempted to acquire the China Huiyuan Juice Group and a 2011 attack on RSA, which makes data security products used by the U.S. government and defense contractors. From the 2011 attack, the unit gleaned enough information to attack Lockheed Martin. Security experts have said that the group has more recently targeted companies with access to the nation's power grid.

Mandiant reports that the renewed attacks mean the Chinese cyberunit is operating at 60-70% of its previous level. Interesting that Mandiant performed their study at the request of The New York Times. As you may recall, Mandiant had previous been hired by the company to investigate an attacks on its news operations that originated in China. Another security company, Crowdstrike, agrees that the Chinese hackers have largely returned to "business as usual."

The exposure of the cyberunit’s actions resulted in haphazard cleanup operations according to Mandiant. Attack tools were unplugged from victims’ systems. Command and control servers went silent. And of the 3,000 technical indicators Mandiant identified in its initial report, only a few kept operating. Some of the unit’s most visible hackers, with names like “DOTA,” “SuperHard” and “UglyGorilla,” disappeared, as investigators looked for clues to their real identities.

The unit’s hackers have now set up new beachheads from compromised computers all over the world, many of them small Internet service providers and mom-and-pop shops whose owners do not realize that by failing to rigorously apply software patches for known threats, they are enabling state-sponsored espionage.

Amid this happy news, India appears to be joining the global hacking club too – more on that tomorrow.

E-mail: Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Chinese Cyberattacks are Back

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer