China Has Found A Brutally Simple Way To Steal Corporate Secrets
The report even identifies the unit and the building behind the cyberwar.
Beijing has long been suspected of espionage costing global corporations billions of dollars — such as when a hacking incident at Lockheed Martin was followed by the appearance of suspiciously familiar Chinese jets — though it was hard to find evidence.
Indeed, it makes sense that China, in its breakneck push to become a world power, would use all available technology to catch the west.
Following Mandiant's 75-page report, however, the cyberwar is all but official.
We have distilled the alarming report and posted it below.
According to Mandiant, what China's hacking program coordinators do is seek students with outstanding English skills who are handpicked for "Advanced Persistent Threat" training (APT). The APT teams are broken down into groups and divided among locations in and around Shanghai, universities, commercial corridors, and largely innocuous places.
Wherever they go, each team is assigned a Military Unit Cover Designator (MUCD). The MUCD is a five-digit number by which the unit, its people, its location, and its work is referred to. The designation makes the teams more difficult to isolate and track.
MUCDs report all the way up to the Chinese equivalent to the Joint Chiefs of Staff, according to Mandiant. That implies this practice is part of China's overt military policy against foreign nations.
Mandiant offers an example of the type of expertise required:
- Covert communications
- English linguistics
- Operating system internals
- Digital signal processing
- Network security
The needs are then broken down further into Profession Codes — such as 080902 for Circuits & Systems — Required Proficiencies — such as 101 for political, 201 for English, etc.
With hundreds or thousands of these teams lined up, the Chinese start phishing for passwords, according to Mandiant. The teams have refined and perfected dialogue, slang, and responses that appear nearly seamless to the colleagues they're trying to impersonate. In the beginning it all looks just like this:
Victims who click that link will download a malicious ZIP file named Internal_Discussion_Press_Release_In_Next_Week8.zip, which contains a custom APT1 backdoor called WEBC2-TABLE.
Happening on such a large scale, these attacks presumably have government support. Mandiant writes: "The sheer scale and duration of these sustained attacks leave little doubt about the enterprise scale of the organization behind this campaign."
Not surprisingly, China is denying the report.
Chinese Foreign Ministry spokesman Hong Lei told reporters on Tuesday:
"To make groundless accusations based on some rough material is neither responsible nor professional."
Mandiant says it felt compelled to expose this hack despite possibly compromising its ability to collect information. Here's why:
"The decision to publish a significant part of our intelligence about Unit 61398 was a painstaking one. What started as a “what if” discussion about our traditional non-disclosure policy quickly turned into the realization that the positive impact resulting from our decision to expose APT1 outweighed the risk to our ability to collect intelligence on this particular APT group.
It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively. The issue of attribution has always been a missing link in publicly understanding the landscape of APT cyber espionage. Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.
We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches. At the same time, there are downsides to publishing all of this information publicly. Many of the techniques and, technologies described in this report are vastly more effective when attackers are not aware of them.
Additionally, publishing certain kinds of indicators dramatically shortens their lifespan. When Unit 61398 changes their techniques after reading this report, they will undoubtedly force us to work harder to continue tracking them with such accuracy. It is our sincere hope, however, that this report can temporarily increase the costs of Unit 61398’s operations and impede their progress in a meaningful way. We are acutely aware of the risk this report poses for us. We expect reprisals from China as well as an onslaught of criticism."
Below this Mandiant APT1 Report are a couple of photos and a list of the hardest hit English-speaking industries.
Now Watch: How Syria Might Have Gotten Its Chemical Weapons
- I've had the new iPhone 14 for 2 weeks. I should've listened to Steve Jobs' daughter because I now regret buying it.
- China tells state banks to prepare for a massive dollar dump and yuan buying spree as Beijing's prior interventions have failed to stem its currency's worst year since 1994
- Airtel 5G launched in eight cities, entire country to be covered by 2024
- IISC joins hands with AIIMS Rishikesh to develop algorithm that can read brain scans to detect epilepsy
- Overlapping symptoms of dengue, Covid-19 confusing in many cases, say doctors
- Sterlite Technologies launches optical solution for 5G rollout
- NASA pushes back Artemis I Moon mission launch to November
- Auto sales jump in September: Maruti reports over a 100% jump in volumes
- Tata Tiago Electric Car
- HCL Tech
- World Heart Day 2022
- Apple Tablets in Amazon Sale
- RBI Repo Rate
- Akash Ambani
- Amazon festival Sale
- Upcoming new Mobile in October
- Amazon Festival Sale
- Best Companies for Work
- India's Richest People
- RBI Interest Rate hike
- Upcoming Smartphone in 2022
- Top 10 Colleges in India
- Top 10 Airlines in World