A cybersecurity consulting firm has documented the existence of a China-based espionage operation that has infiltrated the computer systems of at least 22 organizations in the government and private sectors in the U.S., Europe and Asia.
But the biggest surprise was how the compromised entities reacted when notified of the breach by e-mails, which were followed up by phone calls.
"Not a single company actually responded. No one said 'thank you,' no one said give me more information, how did you do this, nothing," Adam Vincent, chief executive of Cyber Squared, said Tuesday. "Either we notified the wrong people or people didn't care. I'm not sure which."
Cyber Squared won't disclose the names of the organizations that seemed to ignore what the firm found to be a sophisticated attack, most likely sanctioned or sponsored by some entity within China.
The victims included U.S. public policy think tanks, North American technology companies, European food safety, environmental and maritime organizations, East Asian economic policy and diplomacy groups, and international mining organizations and law firms. What was stolen from these organizations is not known.
The reason Cyber Squared believes the attacks were state sanctioned or sponsored is because all the victims were tied to Chinese strategic interests. For example, one organization was involved with efforts in the U.S. government to sell F-16 fighter jets to Taiwan, an action China opposed. Another was involved with efforts in the United Nations to minimize greenhouse gas emissions within the international maritime industry.
In many ways, the operation was a classic example of what the security industry calls an advanced persistent threat, which means the attackers studied each organization closely in order to tailor the attack to specific people. The cyber criminals constantly updated the malware used in order to hide from antivirus software and other security technology found on most organizations' networks.
Cyber Squared was introduced to the espionage operation in September 2011, when an organization connected to the Taiwan discussions received e-mail with an address that closely resembled the name of a senior executive. The missive, sent from a popular U.S. Web mail service, contained a link to a Web site that directed the victim to download a malicious file.Ã'Â The e-mail was sent within 32 hours after Congress received a bill that would authorize the jet sale to Taiwan.
The simplicity of the original e-mail and malware masked a highly sophisticated operation that would subsequently download software tools and file-stealing applications that could spread through a corporate network in secrecy, Vincent said. Attackers often wait to launch their best malware after they've infiltrated a system. "They're not going to bring their A-game, if they only need C-players."
While Cyber Squared could only identify 22 organizations, it believes dozens more have been compromised by the cyber criminals, who are capable of managing spy operations in each compromised organization at the same time "like moving pieces on a chessboard," Vincent said.
The company believes on Chinese group is responsible for the attacks, which share a common infrastructure and a common attack method. "They [the attacks] all had strategic purpose for China, specifically."
For Vincent, the silence the company received after contacting affected organizations left him wondering how much security executives understand the risks. "If you admit that you're a target, that's the first step to knowing that you have a problem," he said. "So many organizations today, and so many CSOs, can't admit that China would be looking at them and potentially is already conducting cyberattack operations against their organizations."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.