27 June 2018

Tariff war of words with China resulting in cyber-attacks against the US

by Doug Olenick

President Trump's threat last week to place additional tariffs on Chinese made goods have not only led to counter threats being made by China's leadership, but Stealthcare CEO Jeremy Samide believes the trade situation has spurred China to launch cyber-attacks against the United States. The attacks Samide's firm detected and attributed to China came from the LuckyMouse group, also known as, Emissary Panda, APT27. These were found pushing a new malware strain based on the HyperBro Remote Access Trojan RAT. Another incident involved an espionage campaign dubbed MirageFox, attributed to APT15, also known as Vixen Panda, Ke3chang, Royal APT and Playful Dragon. 

Many of the attacks are originating from known Chinese sources or state-sponsored groups, however, the art of misdirection is definitely in play. While attribution can be difficult, in many cases we can ascertain the source of the attack and not all of them are originating from China, Samide said.

“We are seeing an increase in more targeted espionage-style attacks towards government agencies, geospatial imaging, satellite communications and other defence contractors with the particular interest in infiltrating their networks and infecting their computer systems that control key communication and other geospatial data collection systems," Samide told SC Media.

There are many pieces to the geo-political puzzle in play here. Some of the attacks being launched are meant to be overt and thus noticed by government defenders these are also helping set the stage for additional, and possibly more damaging attacks down the road.

"However, there are other motives, tactics and tradecraft that are surreptitiously taking place as part of their sophisticated covert cyber espionage campaigns. Many of these attacks are designed as decoys which lay the foundation to the more highly sophisticated, complex yet efficient attacks," Samide said.

Such attacks are common with Samide noting these take place whenever international conflict intensifies both states and state-sympathisers ramp up their attacks. This also happened when the US, backed out of the Iran deal and with North Korea when the rhetoric heated up over the past months.

In response to these threats, Samide called for both private industry and the government to increase their defensive capabilities.

Tripwire conducted a survey of 416 attendees at recent European industry event and found the majority not only agreed with Samide about boosting their defensive posture but are already moving in that direction. Sixty-nine percent of those surveyed said their organisations have increased efforts to defend against nation-state attacks over the past 12 months.

“When asked how prepared they felt in defending against nation-state attacks, 60 percent said fairly prepared, 22 percent said very prepared and only 18 percent said not prepared,” the report said.

In general, Tripwire found the cyber-security community is very concerned about nation-state backed attacks.

Tripwire found 93 percent believe the number of such attacks will rise in the next 12 months. Many, 83 percent, believed the attacker's targets will also shift moving over to private and non-government organisations over the next year and a similar number expecting an increase in attacks on critical infrastructure with the intention of doing harm to those systems.

No comments: