View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 20, 2018updated 21 Dec 2018 10:44am

UK Blames Chinese Ministry of State Security for Hacking Campaign

"Ministry of State Security (MSS) now the most active Chinese cyber threat actor..."

By CBR Staff Writer

The UK government and more than a dozen international allies including the US have called out what they say are China’s persistent efforts to steal other countries’ trade secrets and advanced technologies, and to compromise sensitive government and corporate computers.

The move is the first time that the UK government has publicly named the Chinese government as responsible for a malicious cyber campaign.

They say a group known as APT 10 acted on behalf of the Chinese Ministry of State Security to carry out a campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the US. That campaign was initially discovered through collaboration between the NCSC, PwC and BAE.

The UK’s National Cyber Security Centre (NCSC) assesses that APT 10 was almost certainly responsible for a campaign of activity against global Managed Service Providers (MSPs) since at least 2016, widely known as Cloud Hopper.

“This targeted intellectual property and commercially sensitive information of the MSPs and their clients. It is highly likely that these accesses were used to engage in commercial espionage,” the UK government said today.

FireEye says APT 10 campaigns typically include both traditional spear phishing and access to victim’s networks through managed service providers; the former being “relatively unsophisticated, leveraging .lnk files within archives, files with double extensions (e.g. [Redacted]_Group_Meeting_Document_20170222_doc_.exe) and in some cases simply identically named decoy documents and malicious launchers within the same archive.”

China Hacking Alert: Indictments Pending

The action comes as the US Justice Department is shortly expected to unveil criminal charges against hackers affiliated with China’s main intelligence service who allegedly took part in a long-running cyberspying campaign targeting US and other countries’ networks, according to CrowdStrike.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

See also: Russians in your Router: Unprecedented Joint Technical Alert from UK and US Intelligence

“The National Cyber Security Centre (NCSC) assesses with the highest level of probability that the group widely known as APT 10 is responsible for this sustained cyber campaign focused on large-scale service providers. The group almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets,” the government said.

Foreign Secretary, Jeremy Hunt said: “This campaign is one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the world.”

“These activities must stop. They go against the commitments made to the UK in 2015, and, as part of the G20, not to conduct or support cyber-enabled theft of intellectual property or trade secrets. Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld.”

The announcement follows an unprecedented joint technical alert by he UK’s National Cyber Security Centre (NCSC) and US’s Department of Homeland Security (DHS) in April – alongside the Federal Bureau of Investigation (FBI) – that detailed malicious cyber activity “carried out by the Russian government”.

Dmitri Alperovitch, CTO and Co-Founder at CrowdStrike emailed the following comment: “For the past year, CrowdStrike has been reporting on the increase of activity we’ve seen from Chinese state-affiliated cyber threat actors, aimed at stealing trade secrets from nearly every sector of the economy, including biotech, defense, mining, pharmaceutical, professional services, transportation, and more.

china hacking “Today’s announcement of indictments against Ministry of State Security (MSS), whom we deem now to be the most active Chinese cyber threat actor, is another step in a campaign that has been waged to indicate to China that its blatant theft of IP is unacceptable and will not be tolerated.”

He added: ” While this action alone will not likely solve the issue and companies in US, Canada, Europe, Australia and Japan will continue to be targeted by MSS for industrial espionage, it is an important element in raising the cost and isolating them internationally.”

More to follow. 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.