- V3 Apps
A Chinese hacking team responsible for attacks on numerous US companies has resumed its harmful cyber campaign.
A number of unnamed government security experts and officials confirmed that the hackers had restarted their attacks on Sunday, following a three-month period of inactivity, the New York Times (NYT) reported. The team is reportedly the same one detailed in a report from security firm Mandiant earlier this year.
Mandiant claimed to have linked a branch of the Chinese military codenamed Unit 61398 to the APT1 cyber-espionage campaign in February. The unit is based in Shanghai and is estimated to have mounted attacks on over 141 companies.
The identity of the campaign's victims remains unknown, though the NYT claims the attacks are hitting a number of US companies and are designed both for basic espionage and intellectual property theft. At the time of publishing Mandiant, the US Embassy in London and the White House had not responded to V3's request for comment on the report.
The US Department of Defense reported detecting several attacks on businesses involved in critical infrastructure areas stemming from China in its Military and Security Developments Involving the People's Republic of China 2013 report to Congress earlier in May. The Chinese government has always denied the allegations, saying cyber attacks are a global issue facing all countries.
Sophos security expert, Graham Cluley, told V3 that while news that the team has resumed its activities is troubling, firms should not overreact, as attacks of this nature are now an everyday occurrence, with nearly every government in the world mounting similar campaigns.
"Government departments, military contractors and international companies working on sensitive deals need to be aware that cyber espionage is a reality, and there may be remote hackers interested in breaking into your systems and snooping on your data and communications," he said.
"It would be wrong to assume that Chinese hackers were the only ones involved in attacks like this, of course. They're all at it. I would be surprised if any developed nation wasn't involved in some level of internet espionage. After all, it's relatively easy to do and a low risk compared to having spies on the ground. Of course, the problem is always proving a particular attack was state-sponsored rather than being done by lone hackers of their own choosing."
Cluley said that the number of government-funded cyber attacks will undoubtedly increase in the coming years and that firms must update their defences to address the growing threat.
"As more and more data is entrusted to computers, it becomes ever more attractive for those interested in accessing the data to target those networks," he said.
"In fact, I'd be disappointed if our security services were wasting budget parachuting in spies with James Bond gadgets to steal info when they could just write some spyware and email it to our enemies.
"The best defence? A mixture of training your staff, layer protection at desktops, gateways and servers, keeping up to date with patches to reduce exposure to potential exploits."
F-Secure researcher, Sean Sullivan mirrored Cluley's sentiment, saying IT managers should not overreact to the threat.
"I wouldn't say that firms should be worried to the point of panic - but I would advise that they listen to their IT managers' concerns. IT security has always been a bit of a budget battle. Good IT management often requires good 'political' skills in order to convince upper management to pay for what's needed," he said.
The comments echo those of numerous other security experts. McAfee vice president, Ross Allen and Symantec chief technology officer Darren Thomson urged businesses to take a measured approach to the cyber threat they face during a panel discussion at the Trustmarque conference in London.