Industrial espionage by China

Main article: Industrial espionage

2023

US accuses Apple employee of transferring "huge amounts" of technology to China

On May 16, 2023, the US Department of Justice formally indicted a former Apple employee in the case of stealing "huge amounts" of data and trying to transfer it to China. Read more here.

NASA employee admitted to draining military software to the Chinese

In January 2023, ex-employee NASA Jonathan Yeth Wing Sung admitted that he deliberately violated the agreement with the American space organization and participated in the transfer of the military ON to the Chinese. Now he faces up to 20 years in prison and a fine of $1 million. More here.

General Electric employee gets 2 years in prison for transferring auto turbine technology to Chinese

On January 3, 2023, a former General Electric (GE) employee was sentenced to two years in prison for conspiracy to commit economic espionage. Read more here.

2022: Chinese hackers from Winnti steal hundreds of gigabytes of commercial secrets from American companies - Cybereason

The Chinese hackers stole hundreds of gigabytes of commercial secrets the American from companies. This became known on May 5, 2022.

The Winnti group has been active since 2010 and is supposedly supported by the Chinese government.

According to the researchers, the group has already stolen hundreds of gigabytes of information from more than 30 organizations around the world. A huge part of the stolen data is trade secrets, including drawings, formulas, diagrams, proprietary production documents, etc.

In addition, Winnti has collected information about the network architecture of the attacked organizations, user accounts, customer data and business documents for use in future attacks.

Cybereason specialists handed over the data collected about Winnti, FBI which back in 2019 warned financed Beijing of cybercriminal groups engaged in mass thefts intellectual property from American companies as part of the of the Chinese economy Made in 2025 modernization initiative. China

Some information security companies consider Winnti as a general term for many hacker groups operating under the control of Chinese special services.

Experts revealed the latest malicious campaign of the group in 2021 during an investigation into the hacking of a company worth $5 billion with production facilities in Asia, North America and Europe.

The investigation was conducted for 12 months and was called Operation CuckooBees, since cuckoo bees are elusive, and Winnti is one of the most elusive hacker groups in the world.

One of the features of Winnti's latest campaign is the use of a feature Windows called Common Log File System (CLFS) for hiding. malware According to the researchers, the mechanism of CLFS is very unclear and has not yet been documented. With Microsoft its help, attackers hide their payload in places that are not scanned by security solutions and escape the attention of information security experts. This method of hiding malware is not ON used by any hacker group except Winnti.

In this campaign, the group attacks vulnerable servers available over the Internet, through which it gains initial access to the network. In some cases, attackers also exploit known vulnerabilities in ERP platforms^[1].

2020

" Informzaschita" spotted an attempt at industrial espionage by the Chinese group Winnti

IZ specialists: SOC, the company's detection and countermeasures center to cyber threats , Informzaschita spotted hacker an attack allegedly carried out by the notorious the Chinese Winnti group, which has been operating since 2012. This was reported by "Informzaschita" on December 18, 2020. The main victims of the hack group Winnti are organizations related to the MILITARY INDUSTRIAL COMPLEX aerospace industry, government organizations, developers. ON Winnti has previously repeatedly hacked industrial and high-tech companies out of and, Taiwan but apparently, decided Europe to switch to the Russian companies. Analyzing the actions and functionality of attackers used, cybercrime experts "Informzaschita" unequivocally say that this is an attempt at industrial espionage.

The first steps of intelligence were recorded in early December. All this time, the actions of the attackers were under control, despite the fact that throughout the attack, cybercrime specialists observed not only the work of malware, but also the actions of the attackers, which they carried out, as they say, with their hands, online. And this was a particular difficulty, since, for example, the attackers changed the ways to hide their presence on the fly.

Cybercrime experts have studied techniques, tactics and methods used. The tools used by cybercriminals included tools for collecting information, remote control tools, a Bisonal family multifunctional backdoor, utilities for scanning the network for a CVE-2017-0144 vulnerability (MS17-010), utilities from the Impacket suite, programs for redirecting network traffic and extracting passwords from memory, dynamic libraries for injecting malicious code into legitimate processes. To increase powers, according to our assessment, they used, among other things, zero-day vulnerabilities in the means of protection of Russian production.

In the process of working with this data, the IZ: SOC Monitoring Center identified specific markers of infection, compiled recommendations for detection. This information was provided to a number of vendors of protective equipment and other interested parties.

We are faced with highly professional actions of a well-organized group. Part of the tools used by them has not yet come across "in the field" on the territory of the Russian Federation and was not detected by standard means of protection. This once again tells us that countering cyber threats is possible only with the involvement of specialists with special knowledge and relevant experience, such as those working at IZ: SOC- says I. Melekhin, Development Director of NIP Informzaschita

Preparations for a spy attack by a Chinese APT group on Russian fuel and energy complex enterprises discovered

On September 24, 2020, it became known that the developer of information security tools, Doctor Web, published a study of a phishing campaign that was aimed at Russian enterprises in the fuel and energy complex. The first wave was dated April 2020, the last manifestations of activity occurred in September 2020. Read more here

In the US, the Chinese was imprisoned for 1.5 years for stealing secrets from semiconductor companies

In early September 2020, it became known that the Northern California District Court sentenced Chinese citizen Hai Zhang to 1.5 years in prison, finding him guilty of stealing commercial secrets from American semiconductor companies Avago Technologies and Skyworks Solutions. Read more here.

2019: Chinese state hackers from APT40 five years attack defence businesses

Specialists of the information security company FireEye discovered^[2] cyber espionage operation, which lasts for five years. The operation is being carried out by the government-funded PEOPLE'S REPUBLIC OF CHINA hacker group APT40, and its goal is to strengthen naval power Beijing^[3]

Attackers hack into the networks of defense industry enterprises and steal secret drawings and other information that can be used to modernize the Chinese naval forces and influence elections in foreign countries.

At first, the researchers decided that the operation was two separate campaigns, behind which were the groups TEMP.Periscope and TEMP.Jumper. However, as it turned out later, the cyber espionage operation they discovered was the work of "state hackers" from APT40.

As the researchers explained, in order to modernize their fleet, the Chinese steal technology from defense equipment manufacturers. Most often, their victims are engineering, transport and defense enterprises, especially those engaged in the field of shipbuilding. With the help of APT40, the Chinese government is also trying to influence the election results in different countries in order to provide itself with a foothold for profitable trade.

Hackers attack their victims with targeted phishing (send emails with malicious attachments). In addition, they create malicious web pages with a built-in exploit to infect computers with a backdoor. Having gained access to the attacked system, attackers steal credentials to access the rest of the corporate network.

2018: Chinese cybercriminals attack businesses in Germany

The Chinese cybercriminal group Cloudhopper attacks businesses in Germany in 2018. In particular, she is interested in engineering, commercial and research companies. According to the Suddeutsche Zeitung, the Federal Agency for the Security of Information Technology of Germany (BSI) has sent appropriate warnings to enterprises^[4].

A distinctive feature of Cloudhopper is the fact that the group does not attack the victim himself directly, but cloud and hosting providers that provide their services to her. Provider systems tend to be less secure, so getting through them to company networks is much easier. In total, Cloudhopper attacked only a small number of German companies, but all the victims were carefully chosen.

2017: Chinese hackers intensify attacks on Russian military industry

Gostev Alexander, a cybersecurity expert at Kaspersky Lab, said in December 2017 about the increased cyber attacks by Chinese hackers on state structures and the military industry of the Russian Federation in 2017, Interfax reports. ^[5].

According to Gostev, hackers have shifted the focus of their attacks USA from to, Russia since it has many large enterprises of interest to cyber spies. In particular, in 2017, attacks were recorded on the Russian Federation military industry and industry companies oilgas.

The expert also noted that out of about 100 detected "LK" hacker groups, 24 speak Chinese. In 2017, attacks by two new Chinese groups, IronHusky and Travis, were identified.

In 2018, Kaspersky Lab predicts an increase in the number of attacks on software developers. Large companies of interest to hackers, as a rule, have reliable and multi-layered protection against cyber attacks, so it is easier for attackers to attack an intermediary, for example, a manufacturer of popular programs used in the corporate segment, the researchers noted.

In addition, experts announced possible massive hacks of routers and modems, since a successful attack on these devices allows an attacker to quietly gain a foothold in the network and take further action. Also, experts talk about a possible increase in the number of attacks on new "smart" devices, for example, cars and medical equipment.

2016: The number of attacks by Chinese hackers on the Russian military-industrial complex has tripled - Kaspersky Lab

Kaspersky Lab (Kaspersky) has recorded a significant increase in the number of attacks by Chinese hackers on Russian enterprises related to the nuclear, aviation and defense industries, Newsru.com reports in the summer of 2016, citing Bloomberg.

According to the chief expert of the Laboratory, Alexander Gostev, in 2015 there were only 72 attacks from China, while from January to July 2016, the number of attacks was 194. At the same time, the real number of attacks is much higher, since only 10% of the company's corporate clients transmit data on hacks, the expert said. The increase in the number of attacks was confirmed by the California company Proofpoint.

Gostev did not specify the names of the attacked companies and organizations, but said that almost every enterprise of the Russian military-industrial complex was attacked, which most likely ended in a data leak. According to him, among the 35 organizations attacked were seven enterprises for the production of missile systems, radars and ship technologies, five ministries, four aircraft enterprises and two companies related to the nuclear industry. At the same time, cybercriminals used over 50 varieties of malware.

"They act like a vacuum cleaner, downloading everything indiscriminately. Then someone analyzes the stolen information. Probably, hundreds of people are required to organize this work, "Gostev said.

At the same time, in his opinion, it is impossible to directly connect Chinese hackers with the country's authorities, but the nature of the activities of cybercriminals who are engaged in espionage makes it possible to assert that government agencies are behind them.

Gostev also noted that the activity of Chinese hackers increased after China and the United States signed an agreement last fall to abandon economic cyber espionage. A similar agreement between Beijing and Moscow was concluded in May 2015.

2014: China's industrial cyber espionage against US costs US companies billions of dollars - FBI

In October 2014, during a 60-minute broadcast on CBS, James Corney, director of FBI, said web attacks against the U.S. cost American companies billions of dollars each year.

"There are two kinds of big companies in the United States," Corney said: "Those that have already been hacked by the Chinese and those that don't know they have been hacked by the Chinese."

Let's add here the annual losses from Chinese hackers, which are "impossible" to calculate, said Corney, and we will talk about billions. He cites an indictment for five Chinese service members who hacked American firms involved in the nuclear, metalworking and solar power industries issued in May as just one example of costly attacks.

Korney said China's hackers are targeting industrial secrets and doing what they are doing so that "there is no need to invent."

"They can copy or steal anything to learn about how a company can negotiate with a Chinese company," he added.

The 60-minute narrative is a reminder to the nation that China is the bad guy, given that Russia is behind the country's biggest data breach at JPMorgan Chase, and the group behind the incident has been accused of nine other cases.

Yet while many allegations have been made, there is little evidence to support them. Every time there is a problem, China is in the news.

This does not mean that someone from Russia and China did not attack the United States. Obviously, such cases occur, but there are serious doubts that they dealt a blow to the extent to which the government inflates it.

Speaking about online crime in general, Corney said it was becoming increasingly inclusive.

people connect their whole lives with the internet, there are those who want to steal money, harm or cheat. So, the epidemic exists for obvious reasons. "

2004: Chinese attack Lockheed-Martin

In 2004, in the network of one of the enterprises of the defense concern Lockheed Martin, Chinese hackers broke through the computer protection system, left many traces of their stay in the form of Trojans and backdoors. It is still not clear whether the hackers managed to copy important data, but some of the company's data was badly spoiled.

Hackers and the computer network of the US Department of Defense did not ignore, whose sysadmins did not even notice that attackers have had free access to valuable information for 2 years. The US government accused Russian programmers of a hacker attack, but the Official Kremlin denied this accusation.