APT10 Indictments Show Shift to MSP Targets
December 21 2018The US government has indicted two Chinese hackers for their role in a state-sponsored cyber esponiage campaign that included attacks on managed service providers (MSPs) and, subsequently, the MSPs’ clients. Security experts wonder, however, what impact the indictments will really make.
In an indictment unsealed in Manhattan federal court, the Justice Department described Zhu Hua and Zhang Shilong as members of APT10, a cyber espionage group working for the Chinese Ministry of State Security’s Tianjin State Security Bureau.
Security researchers have long identified China as one of the biggest sources of hacking activity targeted against US companies, critical infrastructure and government. APT10 has been previously linked to attacks on construction companies, aerospace firms, telecoms and government organizations for years.
“APT10 has been tracked by FireEye for years and is one of the most prolific cyber espionage groups,” said Ben Read, senior manager of cyber espionage analysis at FireEye, in a statement. “Their move towards compromising managed service providers (MSPs) showcases the danger of supply chain compromises and reflects their continuously evolving tactics.”
Through their involvement with APT10, Zhu and Zhang are alleged to have broken into computers and networks belonging to numerous managed service providers around the world in order to then gain access to systems belonging to the clients of the MSPs. Over the course of the MSP theft campaign, which began in 2014, Zhu and Zhang allegedly gained access to and stole data from computers belonging to organizations in various sectors including banking, finance, manufacturing, consumer electronics, medical equipment, biotech and automotive.
Longstanding Issue
In announcing the charges, U.S. officials accused the Chinese government of actively supporting the hacking activities to further its own long-term economic and security goals.
“It is galling that American companies and government agencies spent years of research and countless dollars to develop their intellectual property, while the defendants simply stole it and got it for free,” U.S. Attorney for the Southern District of New York, Geoffrey Berman said. “As a nation, we cannot, and will not, allow such brazen thievery to go unchecked.”
FBI Director Christopher Wray described China’s cyber campaigns and the alleged motives behind them as hurting American businesses, jobs and consumers. “No country should be able to flout the rule of law – so we’re going to keep calling out this behavior for what it is: illegal, unethical, and unfair,” he said.
The allegations are not new but are almost certain to put further pressure on the already strained relationship between the U.S. and China. The Washington Post last week in fact had described the then forthcoming indictments as part of an intensifying US campaign to confront China over the economic espionage activities.
Planned actions include sanctions against individuals responsible for the activities and de-classification of information related to the breaches.
How far such measures will go to deter China remains an open question. Though China famously signed an agreement with the US in 2015 promising not to engage in cyber activities for economic espionage, there’s no evidence that hacking activity out of the country has even abated, far less stopped.
Dave Weinstein, vice president of threat research at Claroty sees the latest actions as yet another example of the effort law enforcement is putting into investigating and holding accountable those responsible for such attacks. “At the same time, we’ve seen this play out before, dating back to 2014 when several [People’s Liberation Army] officers were indicted on hacking charges,” Weinstein says. “It’s not clear to me that the legal process is the best way of stopping what has been China’s persistent behavior for over a decade.”
Pravin Kothari, CEO of CipherCloud says indictments like these highlight the challenge the private industry faces in defending against well-funded, state-sponsored actors with little concern about reprisals. “The US government needs defend our Internet infrastructure to protect commerce and communications.”
It needs to be done within the rule of the law and by making all evidence available for public view. “In the meantime we also need to engage in constructive discussions with the Chinese government to try to reach an end to this activity,” Kothari says.
The charges
The victim organizations of the MSP campaign were scattered across 12 countries including the United States, U.K, Germany, France, Switzerland, Sweden and India.
Separately, Zhu, a penetration tester, and Zhang, a malware developer, also broke into computers and networks belonging to 45 technology companies and U.S. government agencies in 12 states. The technology theft campaign began in 2006 and resulted in Zhu and Zhang stealing hundreds of gigabytes of sensitive data. Among the victims were seven organizations in the aviation and space sectors; three communications companies; three manufacturers of advanced electronic components, NASA and the Jet Propulsion Laboratory.
The APT10 intrusions include one that compromised more than 40 computers belonging to the Navy and resulted in the theft of personally identifiable information belonging to some 100,000 Navy personnel.
Related Content:
- Cloud, China, Generic Malware Top Security Concerns for 2019
- Report: China’s Intelligence Apparatus Linked to Previously Unconnected Threat Groups
- Evidence in Starwood/Marriott Breach May Point to China
- 8 Threats That Could Sink Your Company
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio
APT10 Indictments Show Shift to MSP Targets
December 21 2018The US government has indicted two Chinese hackers for their role in a state-sponsored cyber esponiage campaign that included attacks on managed service providers (MSPs) and, subsequently, the MSPs’ clients. Security experts wonder, however, what impact the indictments will really make.
In an indictment unsealed in Manhattan federal court, the Justice Department described Zhu Hua and Zhang Shilong as members of APT10, a cyber espionage group working for the Chinese Ministry of State Security’s Tianjin State Security Bureau.
Security researchers have long identified China as one of the biggest sources of hacking activity targeted against US companies, critical infrastructure and government. APT10 has been previously linked to attacks on construction companies, aerospace firms, telecoms and government organizations for years.
“APT10 has been tracked by FireEye for years and is one of the most prolific cyber espionage groups,” said Ben Read, senior manager of cyber espionage analysis at FireEye, in a statement. “Their move towards compromising managed service providers (MSPs) showcases the danger of supply chain compromises and reflects their continuously evolving tactics.”
Through their involvement with APT10, Zhu and Zhang are alleged to have broken into computers and networks belonging to numerous managed service providers around the world in order to then gain access to systems belonging to the clients of the MSPs. Over the course of the MSP theft campaign, which began in 2014, Zhu and Zhang allegedly gained access to and stole data from computers belonging to organizations in various sectors including banking, finance, manufacturing, consumer electronics, medical equipment, biotech and automotive.
Longstanding Issue
In announcing the charges, U.S. officials accused the Chinese government of actively supporting the hacking activities to further its own long-term economic and security goals.
“It is galling that American companies and government agencies spent years of research and countless dollars to develop their intellectual property, while the defendants simply stole it and got it for free,” U.S. Attorney for the Southern District of New York, Geoffrey Berman said. “As a nation, we cannot, and will not, allow such brazen thievery to go unchecked.”
FBI Director Christopher Wray described China’s cyber campaigns and the alleged motives behind them as hurting American businesses, jobs and consumers. “No country should be able to flout the rule of law – so we’re going to keep calling out this behavior for what it is: illegal, unethical, and unfair,” he said.
The allegations are not new but are almost certain to put further pressure on the already strained relationship between the U.S. and China. The Washington Post last week in fact had described the then forthcoming indictments as part of an intensifying US campaign to confront China over the economic espionage activities.
Planned actions include sanctions against individuals responsible for the activities and de-classification of information related to the breaches.
How far such measures will go to deter China remains an open question. Though China famously signed an agreement with the US in 2015 promising not to engage in cyber activities for economic espionage, there’s no evidence that hacking activity out of the country has even abated, far less stopped.
Dave Weinstein, vice president of threat research at Claroty sees the latest actions as yet another example of the effort law enforcement is putting into investigating and holding accountable those responsible for such attacks. “At the same time, we’ve seen this play out before, dating back to 2014 when several [People’s Liberation Army] officers were indicted on hacking charges,” Weinstein says. “It’s not clear to me that the legal process is the best way of stopping what has been China’s persistent behavior for over a decade.”
Pravin Kothari, CEO of CipherCloud says indictments like these highlight the challenge the private industry faces in defending against well-funded, state-sponsored actors with little concern about reprisals. “The US government needs defend our Internet infrastructure to protect commerce and communications.”
It needs to be done within the rule of the law and by making all evidence available for public view. “In the meantime we also need to engage in constructive discussions with the Chinese government to try to reach an end to this activity,” Kothari says.
The charges
The victim organizations of the MSP campaign were scattered across 12 countries including the United States, U.K, Germany, France, Switzerland, Sweden and India.
Separately, Zhu, a penetration tester, and Zhang, a malware developer, also broke into computers and networks belonging to 45 technology companies and U.S. government agencies in 12 states. The technology theft campaign began in 2006 and resulted in Zhu and Zhang stealing hundreds of gigabytes of sensitive data. Among the victims were seven organizations in the aviation and space sectors; three communications companies; three manufacturers of advanced electronic components, NASA and the Jet Propulsion Laboratory.
The APT10 intrusions include one that compromised more than 40 computers belonging to the Navy and resulted in the theft of personally identifiable information belonging to some 100,000 Navy personnel.
Related Content:
- Cloud, China, Generic Malware Top Security Concerns for 2019
- Report: China’s Intelligence Apparatus Linked to Previously Unconnected Threat Groups
- Evidence in Starwood/Marriott Breach May Point to China
- 8 Threats That Could Sink Your Company
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio
