State-sponsored Chinese hackers responsible for Marriott data breach

State-sponsored Chinese hackers responsible for Marriott data breach

Chinese hackers targeted global telecommunications providers for years

A recent hacking operation that compromised personal and financial information of up to 500 million people who made bookings at Marriott International’s Starwood hotels could have been carried out by hackers backed by China’s Ministry of State Security.

According to a report from The New York Times, two persons who are privy to the investigations on the massive Marriott data breach have revealed that China’s Ministry of State Security sponsored the cyber attack on Marriott’s Starwood reservation system and also carried out other widely-publicised hacking operations that targeted the U.S. Office of Personnel Management and Anthem, the largest health insurance firm in the United States.

China sponsored major attacks on OPM, Anthem & Marriott

In August last year, the FBI arrested Yu Pingan, a Shanghai resident, for carrying out a cyber-attack on the US Government’s Office of Personnel Management (OPM) in 2014 and stealing biometric data, including fingerprints, belonging to an estimated 5.6 million citizens and also stealing sensitive information about 21.5 million current and former federal employees, including military personnel.

Pingan was also accused of creating Sakula, a powerful malware that was used to steal data from OPM’s servers and was also used in a cyber-attack on Anthem, the largest health insurance company in the US, in 2015. The data breach compromised sensitive details of around 79 million American policyholders.

According to sources contacted by The New York Times, China’s Ministry of State Security has been sponsoring such massive cyber attacks as part of an information gathering exercise to build an extensive database of U.S. government officials and executives with security clearances.

Aside from obtaining sensitive information about U.S. citizens, it is also believed that China’s premier security agency is also sponsoring cyber operations to steal precious intellectual property owned by U.S. firms. The Chinese government is also reportedly forcing U.S. firms that intend to enter the Chinese market to hand over valuable technology to state agencies.

According to Marriott International, the recent breach suffered by the Starwood guest reservation database compromised names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest (“SPG”) account numbers, date of birth and gender of 327 million guests as well as payment card numbers and payment card expiration dates belonging to a number of other guests.

Dmitri Alperovitch, the chief technology officer at CrowdStrike, told NYT that China’s activities were akin to “big data hoovering” and that data obtained via large-scale cyber operations could be used for “counterintelligence, recruiting new assets, anti-corruption campaigns or future targeting of individuals or organisations”.

Sources also told NYT that China is also using such massive troves of data to “root out spies, recruit intelligence agents and build a rich repository of Americans’ personal data for future targeting”.

Chinese state agency targeted Australian firms too

The United States isn’t the only country that the Chinese government has been accused of targeting with cyber attacks in the recent past. In November, a report from Australian broadcaster Channel Nine and Fairfax media revealed that China’s top security agency was behind a large number of cyber-attacks that targeted Australian businesses and institutions this year.

They noted that cyber-attacks were being carried out in order to steal intellectual property belonging to Australian firms and institutions and were part of a much larger campaign dubbed “Operation Cloud Hopper” which is run with the blessings of China’s Ministry of State Security.

The report cited senior unnamed Australian officials who said that cyber-attacks emanating from China were “a constant, significant effort to steal our intellectual property” and that the involvement of Chinese hackers was confirmed by the Five Eyes Alliance, an intelligence gathering network composed of cyber security experts from the United States, Britain, Australia, Canada, and New Zealand.

Copyright Lyonsdown Limited 2021

Top Articles

Is your security in need of an update this Cybersecurity Awareness month?

Cyber security experts tell teiss about the evolving threat landscape and how organisations can bolster their cyber security defenses

A new case for end-to-end encryption

How a hacker group got hold of calling records and text messages deploying highly sophisticated tools that show signs of originating in China

Telcos in Europe put muscle behind firewalls as SMS grows

Messaging is set to be one of the biggest traffic sources for telcos worldwide prompting them to protect loss of revenue to Grey Route practices 

Related Articles

[s2Member-Login login_redirect=”” /]