The Department of Justice this week charged seven Chinese nationals with widespread cyber espionage against US businesses and politicians.
Aided by UK law enforcement in identifying the cybercriminals as affiliates of threat group APT31 this week, all seven are believed to reside in the People’s Republic of China, according to the indictment. Likewise, on March 25, the Department of the Treasury unveiled sanctions against the shell company that runs APT31 and is funded by the PRC’s Ministry of State Security (MSS) in Wuhan, China.
According to a statement from US Deputy Attorney General Lisa Monaco, the APT31 worldwide hacking campaign included more than 10,000 malicious emails and thousands of victims over more than 14 years.
“APT31 Group’s practices further demonstrate the size and scope of the PRC’s state-sponsored hacking apparatus,” special agent in charge Robert W. “Wes” Wheeler Jr. of the FBI Chicago Field Office said, also in a statement.
Cybersecurity experts applauded the DoJ for taking action against the Chinese.
“It’s high time the administration takes more aggressive action to suppress the overt colonization of American infrastructure by the PRC,” says Tom Kellerman, senior vice president of cyber strategy at Contract Security. “We must stop playing defense. These sanctions are long overdue; however, I would love to see forfeiture of their Western assets.”
Chinese State Actors Getting Stealthier
Chinese state-sponsored hackers are getting more subtle and strategic in their espionage efforts, according to John Hultquist, chief analyst with Mandiant Intelligence/Google Cloud.
“We are no longer in the era of brazen, loud intrusions against wide swaths of the economy,” Hultquist said in a statement. “The activity we see now is far more narrowly focused and far better than it once was. Chinese cyber espionage is stealthier and more advanced than before. They have invested in better tactics, and those investments are paying off.”
While sanctions and charges may send a message to the Chinese government, the perpetrators remain out of reach of US law enforcement, and enterprises are unlikely to observe any material change in the Chinese threat. Instead, Callie Guenther, senior manager of cyber threat research with Critical Start, says that an increase in state-sponsored threats from China and elsewhere means countries need to up their cooperation game to blunt any Chinese advantage.
“The indictment of the seven individuals linked to APT31 highlights the need for international collaboration to combat state-sponsored cyber threats,” Guenther says. “It emphasizes the importance of strong cyber defenses and intelligence sharing.”
Source: www.darkreading.com