According to a PricewaterhouseCoopers expert, an elite Chinese hacking group with ties to operatives indicted by a US grand jury in 2020 has increased its activity this year, targeting sensitive data held by companies and government agencies in the US and dozens of other countries.
The findings highlight the Biden administration’s most significant cyber-espionage challenge: combating a Chinese hacking program that the FBI has described as more prolific than all other governments combined.
The Justice Department has aggressively sought to expose the alleged data-stealing campaigns through indictments, arguing that Chinese hackers have stolen intellectual property from American companies, causing massive losses. According to analysts, China-based hackers have frequently developed new tools or altered their operations.
One of the Chinese groups tracked by PwC has targeted dozens of US organizations in the last year, including government agencies and software or tech firms, said Kris McConkey, who leads PwC’s global cyber threat intelligence practice.
The intruders often comb networks for data that could offer insights into foreign or trade policy, he said, but also dabble in cryptocurrency schemes for personal profit. He declined to detail what types of US government agencies, whether at the federal, state, or local level, were targeted.
“They are by far the most active and globally impactful [hacking group] that we track right now,” says McConkey, who closely follows Chinese hackers. He believes the attackers were successful in breaching at least some organisations because they operate on a large scale, targeting at least 35 organisations this year alone.
McConkey traced some of the activity to an ostensibly legitimate cybersecurity firm based in Chengdu, China, but he stopped short of publicly linking the hacking to the Chinese government. For years, US officials have accused China of using front companies to conduct hacking that feeds the government’s vast intelligence gathering efforts.
China has repeatedly denied allegations of hacking, and in recent months, Beijing has increased its own claims that Washington has conducted cyber operations against Chinese assets.
Cybersecurity has been a source of contention between the world’s two largest economies; President Joe Biden brought it up during a phone call with Chinese President Xi Jinping last year.
At a recent conference called LABScon, hosted by US security firm SentinelOne in Scottsdale, Arizona, McConkey was one of several private cyber specialists who exposed the operations, and sometimes the alleged locations, of hackers from China, Iran, and elsewhere.
Adam Kozy, who tracked Chinese hackers at the FBI from 2011 to 2013, showed the audience a photo of a People’s Liberation Army building in the city of Fuzhou that allegedly houses officers who conduct information operations against Chinese adversaries. That unit has targeted Taiwan, Kozy said, and “is the main area for China’s disinformation operations.”
The FBI and Justice Department prosecutors have used private researcher revelations in their investigations of foreign hackers.
At least one FBI agent, as well as representatives from the National Security Agency and the US Cybersecurity and Infrastructure Security Agency, attended the conference, demonstrating how reliant government officials are on data held by tech firms to track down spies and cybercriminals. Sometimes that work is done in the halls of a luxury hotel rather than a classified facility.
NSA Morgan Adamski, a senior NSA official, told conference attendees that the coronavirus pandemic changed how her agency worked with private firms to guard sensitive data targeted by hackers.
“The pandemic actually helped because it no longer revolved around big government meetings in a room, in a SCIF [Sensitive Compartmentalized Information Facility], where you couldn’t use any of the information,” said Adamski, who heads the NSA’s Cybersecurity Collaboration Center, which works with defense contractors to blunt the impact of foreign hacking.
After US defense contractors began working from home during the pandemic, she said, Chinese government hackers exploited the virtual private networking (VPN) software the contractors were using. One hacked contractor, which she didn’t name, shared data with federal agencies so they could build a clearer picture of what was going on.
Asked by CNN whether the NSA and other federal agencies responding to the hacks were able to evict the Chinese hackers, Adamski said it’s an iterative process.
“When you talk about nation-state actors, you kick them out, but they’re going to come back,” Adamski said, “especially if you’re a defense industrial base company that is producing critical military intelligence for the Department of Defense.”
Till Then, keep yourself updated with all the latest news from our website dailyrealtime.com.
