CSOs warned of serious cyber-espionage attack
A cybersecurity consulting firm has documented the existence of a China-based espionage operation that has infiltrated the
computer systems of at least 22 organizations in the government and private sectors in the U.S., Europe and Asia.
But the biggest surprise was how the compromised entities reacted when notified of the breach by e-mails, which were followed
up by phone calls.
“Not a single company actually responded. No one said ‘thank you,’ no one said give me more information, how did you do this,
nothing,” Adam Vincent, chief executive of Cyber Squared, said Tuesday. “Either we notified the wrong people or people didn’t
care. I’m not sure which.”
Cyber Squared won’t disclose the names of the organizations that seemed to ignore what the firm found to be a sophisticated
attack, most likely sanctioned or sponsored by some entity within China.
The victims included U.S. public policy think tanks, North American technology companies, European food safety, environmental
and maritime organizations, East Asian economic policy and diplomacy groups, and international mining organizations and law
firms. What was stolen from these organizations is not known.
The reason Cyber Squared believes the attacks were state sanctioned or sponsored is because all the victims were tied to Chinese
strategic interests. For example, one organization was involved with efforts in the U.S. government to sell F-16 fighter jets
to Taiwan, an action China opposed. Another was involved with efforts in the United Nations to minimize greenhouse gas emissions
within the international maritime industry.
In many ways, the operation was a classic example of what the security industry calls an advanced persistent threat, which
means the attackers studied each organization closely in order to tailor the attack to specific people. The cyber criminals
constantly updated the malware used in order to hide from antivirus software and other security technology found on most organizations’
networks.
Cyber Squared was introduced to the espionage operation in September 2011, when an organization connected to the Taiwan discussions
received e-mail with an address that closely resembled the name of a senior executive. The missive, sent from a popular U.S.
Web mail service, contained a link to a Web site that directed the victim to download a malicious file. The e-mail was sent
within 32 hours after Congress received a bill that would authorize the jet sale to Taiwan.
The simplicity of the original e-mail and malware masked a highly sophisticated operation that would subsequently download
software tools and file-stealing applications that could spread through a corporate network in secrecy, Vincent said. Attackers
often wait to launch their best malware after they’ve infiltrated a system. “They’re not going to bring their A-game, if they
only need C-players.”
While Cyber Squared could only identify 22 organizations, it believes dozens more have been compromised by the cyber criminals,
who are capable of managing spy operations in each compromised organization at the same time “like moving pieces on a chessboard,”
Vincent said.