The tense fallout following President Trump’s threats to impose tariffs on Chinese made goods has allegedly led to more than just counter threats by the Chinese leadership.
According to Stealthcare CEO Jeremy Samide, the situation has led China to initiate a series of cyber attacks against the United States. Stealthcare, according to Samide, identified and attributed attacks made via the LuckyMouse group, who are commonly known as Emissary Panda, APT27.
Samide indicated that this was worrying from an American perspective, given that the attacks were spearheaded by a new malware strain which is based on the HyperBro Remote Access Trojan (RAT). There was also another series of attacks known to the company, which were dubbed MirageFox, attributed to APT15, also known as Vixen Panda, Ke3chang, Royal APT and Playful Dragon.
It appears that a high number of the attacks in question derive from established Chinese sources and/or state-sponsored groups. It is clear from a statement made by Samide that not all of the cyberattacks could be traced to China:
“We are seeing an increase in more targeted espionage-style attacks towards government agencies, geospatial imaging, satellite communications and other defense contractors with the particular interest in infiltrating their networks and infecting their computer systems that control key communication and other geospatial data collection systems,” Samide told SC Media.
Samide also surmised that some of the attacks were launched with the intention of being not just identified, but with the obvious origin of coming from China. These attacks are notable ‘decoys’ which are designed to ‘lay the foundation’ for more complex attacks further down the line, according to the Stealthcare CEO. It is not just China who have engaged in such practices, with both North Korea and Iran having previous form, Samide said:
“However, there are other motives, tactics and tradecraft that are surreptitiously taking place as part of their sophisticated covert cyber espionage campaigns. Many of these attacks are designed as decoys which lay the foundation to the more highly sophisticated, complex yet efficient attacks,” Samide said.
Samide has urged for the tightening of defensive capabilities, both private and public, in the wake of the attacks.
According to a survey conducted by Tripwire of 416 attendees at recent European industry event, the majority questioned stated that they agreed with Samide and were proactive in bolstering defensive measures. Sixty-nine percent of those surveyed also claimed that their organizations have upped their defense of nation-state attacks over the past year.
“When asked how prepared they felt in defending against nation-state attacks, 60 percent said fairly prepared, 22 percent said very prepared and only 18 percent said not prepared,” the report said.
Tripwire’s survey also claimed that 93 percent of those who were part of the survey expect similar attacks to become more common over the next 12 months. 83 percent believed targets for attacks will include private and non-government organizations in the next 12 months with the same number of respondents expecting significant attacks on critical infrastructure within that period.