Chinese cyber-espionage syndicate unveiled: report

PanARMENIAN.Net - A coalition of cyber security companies said Tuesday, Oct 28, that a Chinese cyber-espionage syndicate is responsible for planting malicious software (malware) on computers owned by Western government agencies, private companies and human rights groups over the past six years, including the high-profile 2010 Aurora attack on Google, according to Al Jazeera America.

The Axiom hacking group is believed to have ties to the Chinese government and be the most sophisticated cyber-espionage operation emanating from China, the coalition, which includes tech giants Microsoft and Cisco, said in a report.

“This is a great example of the capabilities of a well-funded adversary,” said Morgan Marquis-Boire, a senior researcher at the University of Toronto’s Citizen Lab, who worked at Google during the Aurora attack. “You see what is clearly a very professional group of people who are changing their tools, using sophisticated attacks, and being highly successful against a range of targets.”

A spokesman for the Chinese embassy in Washington, Geng Shuang, said Tuesday that while he had not read the coalition’s report, “judging from past experience, [these kinds] of reports or allegations are usually fictitious.”

He also pointed to the National Security Agency’s extensive surveillance of both U.S. citizens and foreign governments – China included – as revealed by former intelligence contractor Edward Snowden in a series of leaks. "The Chinese government has done whatever it can to combat such activities,” Geng said. “And China is a victim of these kinds of attacks, according to the Snowden revelations.”

Novetta, a Virginia-based cyber-security firm, spearheads the U.S. coalition, which includes several companies that do contract work for both private industry and U.S. intelligence agencies. The coalition launched the project, called the “Coordinated Malware Eradication” program, after Microsoft called in January for private companies to join resources to better detect and combat malware threats. As competitors, the firms had been previously reluctant to collaborate.

The coalition found that during the past six years, Axiom’s “Hikit” malware program, which opens a backdoor for hackers to probe computer systems, has infected everything from government agencies, human rights NGOs, media outlets, Cloud computing companies, and U.S. universities and think tanks. Their hackers have distinguished themselves by remaining remarkably well disguised, the report said. That, in part, is why they have operated “unfettered” for so long.

“Normally the process would be to set up infrastructure on the Internet somewhere and leverage that,” said Andre Ludwig, the senior technical director for Novetta. “These guys will know who you are, who you’re friends with, who you talk with,” and compromise one of those channels.

Whereas an organization’s security team would normally be tipped off by an unusual interaction with a server in Pakistan, for instance, it is less likely to be alarmed by contact with a friend's infected computer. “It’s not your typical cybercrime drive-by attacks,” Ludwig said. “They’re definitely playing the long game.”

Researchers say they have no way of knowing how much information has been compromised, but they have inferred that Axiom's targets seem to reflect China’s shifting global priorities. They suggested that Beijing is interested in pilfering trade secrets from U.S. tech companies and government agencies to wean China off American technology and software – a priority underlined in Beijing’s latest Five Year Plan of 2011 – as its rivalry with the U.S. heats up.

In its report, the cyber-security coalition said that stealing this technology from Western companies, especially those based in China, would be the “fastest” way to further their goals. “If you have a big enough scope of visibility, you can start to see these narratives emerge,” said Ludwig.

Security analysts said the Novetta-led coalition demonstrated how private security firms could better share intelligence with the rest of the industry, synthesizing their expertise when the threat posed by armies of hackers encompasses the gamut of cutting-edge cyber-espionage tactics. Most significantly, the researchers have created so-called signatures, which allow companies to detect known malware, and shared them with the cyber security industry instead of keeping them secret.