U.S. cyber security experts see recent spike in Chinese digital espionage

U.S. cyber security experts see recent spike in Chinese digital espionage

A U.S. cyber security firm said Wednesday it has detected a surge in new cyber spying by a suspected Chinese group dating back to late January, when the coronavirus began to spread beyond China.

FireEye Inc. said in a report it had spotted a spike in activity from a hacking group it dubs “APT41” that began on Jan. 20 and targeted more than 75 of its customers, from manufacturers and media companies to healthcare organizations and nonprofits.

There were “multiple possible explanations” for the spike in activity, said FireEye Security Architect Christopher Glyer, pointing to long-simmering tensions between Washington and Beijing over trade and more recent clashes over the coronavirus outbreak, which has killed more than 17,000 people since late last year.

The report said it was “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”

FireEye declined to identify the affected customers. China’s embassy in Washington did not immediately respond to a request seeking comment.

The U.S. National Security Council and the Office of the Director of National Intelligence also did not immediately respond requests seeking comment.

FireEye said in its report that APT41 abused recently disclosed flaws in software developed by Cisco, Citrix and others to try to break into scores of companies’ networks in the United States, Canada, Britain, Mexico, Saudi Arabia, Singapore and more than a dozen other countries.

Cisco said in an email it had fixed the vulnerability and it was aware of attempts to exploit it, a sentiment echoed by Citrix, which said it had worked with FireEye to help identify “potential compromises.”

Others have also spotted a recent uptick in cyber-espionage activity linked to Beijing.

Matt Webster, a researcher with Secureworks – Dell Technologies’ cybersecurity arm – said in an email that his team had also seen evidence of increased activity from Chinese hacking groups “over the last few weeks.”

In particular, he said his team had recently spotted new digital infrastructure associated with APT41 – which Secureworks dubs “Bronze Atlas.”

Tying hacking campaigns to any specific country or entity is often fraught with uncertainty, but FireEye said it had assessed “with moderate confidence” that APT41 was composed of Chinese government contractors.

FireEye’s head of analysis, John Hultquist, said the surge was surprising because hacking activity attributed to China has generally become more focused.

“This broad action is a departure from that norm,” he said.

Source: Reuters 25 March

Reporting: Raphael Satter & Christopher Bing 

Copyright Lyonsdown Limited 2021

Top Articles

Carnival Cruises hit by fourth data breach in 18 months

Carnival Cruises, one of the world’s largest cruise ship operators, has confirmed that it suffered another data breach in mid-March.

NHS Test & Trace Consolidates Cyber Security

NHS Test and Trace has teamed up with cybersecurity company Risk Ledger to proactively manage its supply chain cybersecurity risks.

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]