Over time China is becoming more sophisticated in its cyber espionage activities, making them more difficult to detect and to able to hit multiple targets using force multiplier effects, cyber security officials with the Department of Homeland Security said on Wednesday.
China continues to invest in its cyber espionage activities, which are distributed throughout "numerous" government agencies and society, Rex Booth, an official with the Cyber Threat Risk Analysis team at DHS, said during webinar hosted by the department's full-time cyber watch center, the National Cybersecurity and Communications Integration Center (NCCIC).
Booth highlighted three successful advanced persistent threat (APT) attacks conducted by China, APT 1, APT 10 and APT 3, which were carried out the by the People's Liberation Army, the Ministry of State Security (MSS), and a team of contractors hired by the MSS. He noted that other major nation-states also distribute cyber-attack groups throughout their governments.
Part of the sophistication shown by Chinese cyber attackers is that they're being more selective in their targets, the use of tactics that are more difficult to detect, and shift away from "labor intensive, one-off compromises of individual targets to the use of force multiplier effects that enable them to compromise" multiple target from a single attack," he said.
Booth cited the APT-10 group as an example of the kind of single attack vector that resulted in multiple targets being compromised. Last December U.S. Department of Justice charged two Chinese individuals that are part of APT-10 for hacking into a managed service provider that targeted sensitive information and intellectual property from more than 45 technology companies, including ones in the U.S., and U.S. agencies.
APT-10 targeted the aviation, satellite and maritime technology industrial factory automation, banking and finance, computer processer technology, information technology services, and other industries.
"This is a risk in a landscape that's continuing to see pressure from this nation state and these adversaries," Christopher Krebs, director of the DHS Cybersecurity and Infrastructure Security Agency (CISA), said at the outset of the webinar. He said the type of activity associated with APT-10 could be used more widely to "affect millions more Internet users around the globe."
Following the disclosure and charges against the APT-10 members last year, the group has "decreased" its activity but hasn't "gone away," Booth said. This type of response has happened before and no one should drop its cyber defenses as a result, he said, noting that "they're still active."
Moreover, China remains committed to its cyber espionage activities, which are aimed at improving the country's capabilities in high technology sectors and industries, as outlined in their Five-year and Made in China 2025 plans, which are "blueprints for targets of Chinese espionage," Booth said.
"Generally speaking, if there's a Chinese compromise, it aligns with a priority in one of these plans," he said.
President Trump, in his State of the Union address on Tuesday night, pointed to his administration's efforts to stop China's thieving of data.
"We are now making it clear to China that, after years of targeting our industries and stealing our intellectual property, the theft of American jobs and wealth has come to an end," Trump said. "Therefore, we recently imposed tariffs on $250 billion of Chinese goods, and now our Treasury is receiving billions and billions of dollars."
The purpose of the webinar was to help cloud computer, managed service providers and users of these service to be better prepared for the types of threats posed by APT-10. DHS titled the webinar, Awareness Briefing: Chinese Cyber Activity Targeting Managed Service Providers.
Cyber remains the top threat to the U.S., according to the intelligence community's annual global threat analysis. In late January Director of National Intelligence Dan Coats testified before the Senate Intelligence Committee in an open session and said that China and Russia present the biggest cyber threats to the U.S.
"China presents a persistent cyber espionage threat and a growing attack threat to our core military and critical infrastructure systems," Coats said in his Jan. 29 prepared statement to the committee. "China remains the most active strategic competitor responsible for cyber espionage against the US government, corporations, and allies. It is improving its cyber attack capabilities and altering information online, shaping Chinese views and potentially the views of U.S. citizens."