Night Dragon used a SQL injection attack to enable the installation of malware and remote access Trojans on web servers, which were then used to …
Tag: Cyberwarfare in China
Gallmaker: New Attack Group Eschews Malware to Live off the Land
A new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign.
Related:
Cyberthreats loom large over Pyeongchang and beyond
Behind the security measures to protect participants at the upcoming Winter Olympics in Pyeongchang, South Korea, lies a second layer of defense aimed at safeguarding critical infrastructure from a more clandestine threat: cyberattacks.
South Korea has been beefing up a specialist cyberwarfare agency for the past year in readiness for the games, with 1,000 personnel added to a response team that now numbers 6,000.
Must-reads from across Asia – directly to your inbox
Japan has taken similar action as it builds toward the 2020 Tokyo Olympic Games, bolstering the Ministry of Defense’s Cyber Defense Unit by an additional 1,000 backroom technicians.
A breakthrough on North Korean participation in the Pyeongchang games may have lowered the threat status a few notches, but the rogue state is still perceived as the most likely source of an attack on power, transport, water, healthcare, telecommunications and other essential services.
Responding to a surge in cyberattacks from the North in the past year, the South Korean government allocated US$218 million to the National Cyber Security Center, the agency responsible for identifying threats, in its mid-term defense plan.
North Korean leader Kim Jong-un visits the newly-refurbished Pyongyang Teacher Training College in Pyongyang on January 17, 2018. Photo: KCNA via Reuters
The Korea Internet & Security Agency and the Cyber Terror Response Center handle prevention and retaliatory actions. There is also a school specializing in cyberwarfare constantly training experts.
North Koreans were blamed for a successful cyberattack on the Korea Hydro and Nuclear Power plant in December 2014 that used malware to steal blueprints, details of support systems and the personal records of more than 3,000 employees. Several subsequent raids appear to have failed.
In late 2016, North Korean hackers managed to gain access to a “secure” South Korean military computer network, extracting a large volume of highly sensitive documents and data. These included contingency plans for a strike against the North’s leaders in the event of a border war.
Cyber-experts say that the intranets of large installations are generally well-shielded from targeted attacks, but hackers have found a back door through their suppliers and other companies providing support services.
An official inquiry into the infiltration of the nuclear plant found that the hackers avoided security firewalls by sending “phishing” to employees of third parties, including the company’s subsidiaries and corporate partners. Criminal gangs, already active in Gangwon province where the Pyeongchang games will be staged, use similar techniques.
Security company McAfee reported on January 6 that hackers operating from Singapore had been sending out emails infected with malware since late December to companies providing infrastructure and other support at the Winter Olympics, with hockey so far getting most of the attention.
Concept of a computer virus. Illustration: iStock/Getty Images
The games aside, online security agencies say that “exploratory” attacks are being launched constantly on infrastructure networks in Asia, mostly to test automated control systems that operate essential services. About 40% of systems are thought to be vulnerable, putting millions at risk.
ABI Research has forecast that Asia-Pacific countries will spend US$22 billion on critical infrastructure security by 2020. Much of this will occur in Southeast Asia, where recent rapid internet growth has exposed it to attacks.
Yet a study of cyberwarfare governance frameworks in 25 Asia-Pacific nations by the International Cyber Policy Center (ICPC) suggests that not all comprehend the risks.
The center, which is run by the Australian Strategic Policy Institute, found that only China, Japan, South Korea, Singapore, Taiwan, Australia and New Zealand had adequate safeguards. These countries are also most at risk, as they have the highest levels of internet penetration and rely most on digital control systems.
It is also more likely those systems will be in the hands of private firms, which are vulnerable to both external and internal attacks: Australia, with 90% of essential infrastructure controlled by private firms, is particularly exposed.
Myanmar, Pakistan, Cambodia, Bangladesh and Laos, the least-developed nations in the ICPC index, have the worst organizational structures for cyber-matters, including infrastructure and security, scoring 3-4 out of 10.
A Myanmar woman online at an internet cafe in Yangon. Photo: AFP/Soe Than Win
North Korea did equally poorly in this category; although the country has minimal internet penetration, it has a widely used intranet. Still, North Korea rated an “8” for its cyberwarfare, conducted through its Reconnaissance General Bureau, an asymmetric warfare command which bundles the North’s spies and commandos with its online warriors.
India, Malaysia, Thailand, Brunei, Vietnam and the Philippines were rated in the middle of the index, with a strong recognition of cyber-threats but inadequate responses. Poor coordination of agencies was one criticism.
Less is known about Central Asian cyber-defenses, as their activities are mostly shrouded in secrecy. However, it is believed that Saudi Arabia was the location of a critical infrastructure facility owned by Schneider Electric SE that was infiltrated in December by hackers, reportedly from Iran.
The French firm, which supplies management and automation systems to the power sector, including nuclear plants, said the hackers gained entry by breaching software that affects plant safety.
The first incident of this type, it revealed how easily hackers could take remote control of critical infrastructure and modify its operations, with potentially deadly results.
securityCyberattacksNorth KoreaPyeongchang OlympicsPhishingHackingKorea Hydro and Nuclear Power PlantMcAfeeABI ResearchInternational Cyber Policy Center
Comments
continue reading
Related:
Street Prophets Coffee Hour: Is cyber warfare equivalent of kinetic warfare?
Cyberwarfare involves the battlespace use and targeting of computers and networks in warfare. It involves both offensive and defensive operations pertaining to the threat of cyberattacks, espionage and sabotage. There has been controversy over whether such operations can duly be called “war”. Nevertheless, nations have been developing their capabilities and engaged in cyberwarfare either as an aggressor, defendant, or both. — From Wikipedia: Cyber Warfare
Related:
FireEye : Chinas Cyberwarfare Finds New Targets
With the massive media coverage of Russian cyber interference in recent Western elections, the time is ripe to examine the issue of cyberwarfare in China. China discusses its own emphasis on cyberwar capabilities in several official documents, including the 2015 Chinas Military Strategy white paper:
Cyberspace has become a new pillar of economic and social development, and a new domain of national security. As cyberspace weighs more in military security, China will expedite the development of a cyber force, and enhance its capabilities of cyberspace situation awareness, cyber defense, support for the countrys endeavors in cyberspace and participation in international cyber cooperation, so as to stem major cyber crises, ensure national network and information security, and maintain national security and social stability.
Moreover, in the wake of the massive worldwide WannaCry ransomware attack, China was hit hard. The malicious backdoor software that hackers relied on to develop the ransomware attack was created by the US National Security Agency (NSA) and later stolen by a secretive group known as the Shadow Brokers; NSA whistleblower
Edward Snowden wrote that the circumstantial evidence and conventional wisdom suggested Russia was behind the hack. With the largest online population in the world, surpassing 649 million users, China is more openly declaring its place as a cyber power among the US, Russia, Israel and North Korea the cyber five. The question is whether China will fully assume a leadership role.
The iSight intelligence unit of FireEye a company that manages large network breaches conducted a study that came to the conclusion that Chinese attacks are decreasing in volume and increasing in sophistication. China picks targets more carefully and covers tracks more expertly. Unit 61398 the notorious military-run cyber center appears to be largely out of business, with its hackers dispersed to other military, private and intelligence units. The Chinese cyberattacks have focused on the US, Russia, South Korea and Vietnam and have sometimes aimed at the South China Sea disputes. The report states that the change is part of Chinese President Xi Jinpings broad effort to bring the Chinese military, which is one of the main sponsors of the attacks, further under his control.
A REVOLUTION IN CYBER AFFAIRS
The Chinese approach has clearly shifted in the past three years. For instance, The Science of Military Strategy a study of the Peoples Liberation Armys (PLA) strategic thinking, published by Chinas Academy of Military Sciences released in 2015, both acknowledges for the first time that China has built up network attack forces and divides them into specialized military network warfare forces, teams of network warfare specialists in government civilian organizations and entities outside of the government that engage in network attack and defense, including its civilian IT industry. Similarly, the 2015 Chinas Military Strategy asserts that China will devote more efforts to science and technology in national defense mobilization, be more readily prepared for the requisition of information resources, and build specialized support forces. China aims to build a national defense mobilization system that can meet the requirements of winning informationized wars and responding to both emergencies and wars. This new openness about the need for strong cyber forces and the integration of civilian specialties into national defense is a definite shift.
The previous two decades were a steady buildup to this perspective. Beginning as early as 2000, Chinas Central Military Commission called for a study of peoples war under conditions of informationalization. The Chinese strategy called Integrated Network Electronic Warfare consolidated the offensive mission for both computer network attack and electronic warfare under the PLAs General Staff Department. The originator of the strategy, now retired Major General Dai Qingmin, a prolific and outspoken supporter of modernizing the PLAs information warfare capabilities, first described the combined use of network and electronic warfare as early as 1999 in articles and a book entitled An Introduction to Information Warfare, written while on faculty at the militarys Electronic Engineering Academy.
General Dai was promoted in 2000 to lead the General Staffs 4th Department.
Chinas National Defense in 2004 white paper stated that informationalization has become the key factor in enhancing the warfighting capability of the armed forces and that the military takes informationalization as its orientation and strategic focus. Chinese military doctrine advocates a combination of cyber and electronic warfare capabilities in the early stages of conflict. Both the 2004 white paper and the noted expert on the PLA, You Ji, identify the PLA Air Force as responsible for information operations and information countermeasures. Other cyber responsibilities lie with the PLA General Staffs 4th and 3rd Departments that conduct advanced research on information security. The 4th Department oversees electronic counter-measures and research institutes developing information warfare technologies. The 3rd Department is responsible for signals intelligence and focuses on collection, analysis and exploitation of electronic information. The military also maintains ties with research universities and the public sector.
The Chinese military maintains a network of universities and research institutes that support information warfare-related education either in advanced degree granting programs or specialized courses. Military universities supporting this approach include the National University of Defense Technology, the PLA Science and Engineering University and the PLA Information Engineering University.
China, like many countries, initially turned to its civilian computer programmer subculture and information technology workforce, but this strategy too has modified as Chinese cyberwarfare strategy matures. In the early days of 1999 to 2004, Chinas civilian computer programmer subculture gained notoriety for its willingness to engage in large-scale politically motivated denial of service attacks, data destruction and defacements of foreign networks. While initially encouraged, this sentiment changed and official party media sources published editorials suggesting that civilian computer attack activities would not be tolerated.
Nonetheless, the traditional computer programmer subculture may still offer unique skill sets and may have a niche role for military or state intelligence collection. Some evidence suggests a relationship exists between Chinese malicious civilian computer programmer subculture and Chinese government operators responsible for network intrusions, and there has been limited recruiting from this community, similar to what occurs in the US and Russia.
INFORMATIONIZATION
How is China integrating the military strategy for cyberwarfare into overall planning efforts and implementing it? The FireEye study concluded that as early as 2014, around the time of the indictment of the PLAs officers and hackers in the US for economic cyber theft, the Chinese government was modifying its approach to cyber operations. Central to this new posture is the previous decades scheme of informationization. The guiding doctrine, Local War Under Informationized Conditions, outlines the effort to develop a fully networked architecture capable of coordinating military operations on land, in air, at sea, in space and in cyber realms. The goal is to establish control of a rivals information flow and maintain dominance in the early stages of a conflict.
Chinese military strategists early on viewed information dominance as a key goal at the strategic and campaign level, according to The Science of Military Strategy in 2005 and The Science of Campaigns in 2006. The strategy relies on applying electronic warfare and computer network operations against an adversarys command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) networks and other essential information systems. The strategy requires that these cyber tools should be widely employed in the earliest phases of a conflict and possibly preemptively against an adversarys information systems and C4ISR systems. Additional to the core military objective, other goals have emerged.
The primary objective of the strategy is to deny an enemy access to information essential for continued combat operations, ideally before other forces engage in combat. A secondary objective is to attack peoples perception and belief systems through information deception and psychological attack. A third objective is strategic deterrence, which some Chinese military strategists see as comparable to nuclear weapons but possessing greater precision, leaving far fewer casualties and possessing longer range as most other weapons.
Another early objective of cyber strategy in China, a strategy that has been greatly modified since the 2014 shift, was cyberespionage. Most countries engage in some sort of espionage of each others governments. However, in the initial stages from 2006 to 2014, China was very active in cyberespionage of commercial interests as opposed to government secrets; some scholars argue that commercial espionage was seen as necessary to build the Chinese economy. A massive commercial cyberespionage campaign was conducted by APT1, a single organization of operators. Since 2006, Mandiant another FireEye company observed APT1 compromised 141 companies spanning 20 major industries, a long-running and extensive cyberespionage campaign made possible, in large part, through direct government support it received from the militarys Unit 61398. As late as 2011, at least 17 new victims operating in 10 different industries. However, by 2017, Unit 61398 is mostly d
(c) Sabanews.net 1999 – 2017 Provided by SyndiGate Media Inc. (Syndigate.info)., source Middle East & North African Newspapers
Related:
APT1 REPORT 2013 #CHINA
On 18 February 2013, Mandiant released a report documenting evidence of cyber attacks by the People’s Liberation Army (specifically Pudong-based PLA Unit 61398) targeting at least 141 organizations in the United States and other English-speaking countries extending as far back as 2006. In the report, Mandiant refers to the espionage unit as APT1. The report states that it is likely that Unit 61398 is the source of the attacks.