Report: Chinese groups behind most state-sponsored attacks in 2014

11.02.2015
Chinese adversaries were the most active state-sponsored cyberthreat groups last year, according to report released today by CrowdStrike, but it was Vietnam, not the U.S., that was its top target.

A group CrowdStrike code-named "Goblin Panda" targeted the country because of ongoing disputes over territorial rights in the South China Sea.

Last May, a Chinese state-owned energy company deployed an oil rig in Vietnamese territorial waters, close to the Paracel Island, which are claimed by both countries. This resulted in clashes between ships belonging to the two countries, protests in Vietnam, and an increase in Chinese cyberattacks against Vietnamese government agencies.

At the end of the summer, China moved the rig away from Vietnamese waters, and attacks declined.

But the security company will continue to watch the South China Sea area, said Dmitri Alperovitch, CTO and co-founder at Irvine, Calif.-based CrowdStrike, Inc.

"There are lots of heated tensions between China and its neighbors and that usually spills over into cyber conflict as well," said Alperovitch.

After Vietnam, the U.S. was the next most-targeted country last year. One notable adversary here was the Chinese group code-named "Hurricane Panda," which CrowdStrike had personal experience with.

"We've been battling them for over a year at several of our customers," said Alperovitch. "They're truly defining what the word persistent means when it comes to these nation states."

For example, last April, one large technology discovered that Hurricane Panda had been in their systems since the previous summer.

By June, the intruders had been cleared out of all systems, with new technology in place to monitor all activity.

"Literally for the next six months straight we observed their continued attempts to get back in, including deploying zero day malware against this customer," said Alperovitch. "It was a never-ending onslaught against this company as they were trying to regain access that they lost. This is the real nature of this fight."

Most people think of cyber attacks as discrete events, he said.

"But the adversary does not stop," he said. "They'll try to find another way to get back in. Most companies are not prepared for this continuous assault that may last month -- or years."

Other high-profile targets last year included those related to tensions in the Ukraine and Iran, as well as Ukraine and Hong Kong elections.

CrowdStrike is continuing to keep an eye on regional conflicts in 2015.

"One of the things we're paying a lot of attention to is the negotiations over the Iranian nuclear program," said Alperovitch.

Negotiators have set June 30 as the final deadline for an accord in the talks, which include Iran and the U.S., as well as Russia, China, Britain, France and Germany.

"If the June deadline is not extended, and there's no deal to be had, we may very well see attacks from Iran against U.S. and European targets," he said.

Regional conflicts are also likely to spill over into cyberattacks, he said, such as what happened with Ukraine and Hong Kong in 2014.

"We might see more groups affiliated with ISIS conducting nuisance or propaganda attacks," he added. "We're also watching very carefully the South China Sea area."

(www.csoonline.com)

Maria Korolov

Zur Startseite