Friday, 11 April 2014

China’s APT groups can’t stop hacking US

origin_222121907
China apparently isn’t the least bit bothered that we know all about it’s cyberhacking activities, as security firm Mandiant reports that two of its major advanced persistent threat (APT) groups have resumed full operations, despite their public exposure last year.
The company announced the news in its M-Trends report, saying that it’s been keeping a close eye on the APT1 group that it first exposed in February 2013. It’s also been following APT12, a second Chinese group that reportedly hacked the New York Times in January 2013.
Beijing has always denied the accusations, in spite of compelling evidence that links APT1 to People’s Liberation Army Unit 61398, but Mandiant has once again said that’s crap:
“… Mandiant’s continued observations of APT1 and APT12 activity, measured by command and control (C2) sessions, revealed a different response behind the scenes, suggesting a possible acknowledgement that both groups had been exposed.”
“Based on comparisons between APT1 and APT12 activity during 2013 and the previous three years, Mandiant believes that these threat groups responded to their public exposure in two ways. First, both groups delayed their return to normal operations following the end of the Chinese New Year holidays in February. Second, both groups quickly shifted their operational infrastructure to continue their activities.”
Mandiant says that APT 1 resumed normal operations within 160 days of being exposed, while APT12 did so in just 150 days.
Both hacking groups have attempted to hide the resumption of their activities, changing their “operational architecture” and IP addresses that were exposed by Mandiant, in a failed effort to stay under the radar.
No one will be surprised that China hasn’t given up its spying operations, but it does make the Obama administration look a little bit dumb. US officials have previously warned Beijing that relations would be seriously undermined if it continued with its cyber-spying, but that doesn’t seem to have bothered the Chinese too much.
As Mandiant acknowledges:
“APT1 and APT12’s reactions to their public exposure suggest that the PRC, despite publicly denying engaging in state-sponsored data theft, is unwilling to permanently cease its use of intrusive cyber operations.”
Unfortunately, any moral high ground that the US may have had in this argument was lost when one Edward Snowden revealed to the world the full extent of the NSA’s cyber-espionage activities, which leave China’s own online spying campaign look almost trivial in comparison.

No comments:

Post a Comment