The UK government and more than a dozen international allies including the US have called out what they say are China’s persistent efforts to steal other countries’ trade secrets and advanced technologies, and to compromise sensitive government and corporate computers.
The move is the first time that the UK government has publicly named the Chinese government as responsible for a malicious cyber campaign.
They say a group known as APT 10 acted on behalf of the Chinese Ministry of State Security to carry out a campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the US. That campaign was initially discovered through collaboration between the NCSC, PwC and BAE.
The UK’s National Cyber Security Centre (NCSC) assesses that APT 10 was almost certainly responsible for a campaign of activity against global Managed Service Providers (MSPs) since at least 2016, widely known as Cloud Hopper.
“This targeted intellectual property and commercially sensitive information of the MSPs and their clients. It is highly likely that these accesses were used to engage in commercial espionage,” the UK government said today.
FireEye says APT 10 campaigns typically include both traditional spear phishing and access to victim’s networks through managed service providers; the former being “relatively unsophisticated, leveraging .lnk files within archives, files with double extensions (e.g. [Redacted]_Group_Meeting_Document_20170222_doc_.exe) and in some cases simply identically named decoy documents and malicious launchers within the same archive.”
China Hacking Alert: Indictments Pending
The action comes as the US Justice Department is shortly expected to unveil criminal charges against hackers affiliated with China’s main intelligence service who allegedly took part in a long-running cyberspying campaign targeting US and other countries’ networks, according to CrowdStrike.
“The National Cyber Security Centre (NCSC) assesses with the highest level of probability that the group widely known as APT 10 is responsible for this sustained cyber campaign focused on large-scale service providers. The group almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets,” the government said.
Foreign Secretary, Jeremy Hunt said: “This campaign is one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the world.”
“These activities must stop. They go against the commitments made to the UK in 2015, and, as part of the G20, not to conduct or support cyber-enabled theft of intellectual property or trade secrets. Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld.”
The announcement follows an unprecedented joint technical alert by he UK’s National Cyber Security Centre (NCSC) and US’s Department of Homeland Security (DHS) in April – alongside the Federal Bureau of Investigation (FBI) – that detailed malicious cyber activity “carried out by the Russian government”.
Dmitri Alperovitch, CTO and Co-Founder at CrowdStrike emailed the following comment: “For the past year, CrowdStrike has been reporting on the increase of activity we’ve seen from Chinese state-affiliated cyber threat actors, aimed at stealing trade secrets from nearly every sector of the economy, including biotech, defense, mining, pharmaceutical, professional services, transportation, and more.
“Today’s announcement of indictments against Ministry of State Security (MSS), whom we deem now to be the most active Chinese cyber threat actor, is another step in a campaign that has been waged to indicate to China that its blatant theft of IP is unacceptable and will not be tolerated.”
He added: ” While this action alone will not likely solve the issue and companies in US, Canada, Europe, Australia and Japan will continue to be targeted by MSS for industrial espionage, it is an important element in raising the cost and isolating them internationally.”
More to follow.