With little modification to their malicious code, Chinese hackers are back in business and U.S. companies need to assume this code is already on their IT networks.
As the information security industry is well aware, the cyber security company, Mandiant, published a paper in February detailing cyber-espionage involving the compromise and intellectual property theft of hundreds of U.S.-based companies.
Not only did the report disclose the origin of the attacks as originating from China, but actually pinpointed the Peoples Liberation Army (PLA), in detail, as the culprit. The Chinese government, with very careful wording, disputed these accusations.
Is there additional information supporting these claims of Chinese cyber-espionage on U.S. companies? As an organization that provides incident response services, our answer is, “Yes.”
When the Mandiant report was published on the heels of President Barack Obama’s executive order for “Improving Critical infrastructure Cybersecurity”,” incident responders applauded the disclosure of what was common knowledge in the incident response community.
This report brought to light to what incident response organizations have been reporting to their clients for years: China is infiltrating your computer networks for long durations of time and obtaining your valued intellectual property. The report also did a great job of simplifying the situation for the needed executive understanding from a business impact perspective.
Once the admiration of the needed disclosure was realized, the incident response community then became somewhat concerned. Over time, incident response organizations had developed successful tools and techniques for identifying this specific threat for our clients. Now that the adversary has been “ousted”, will they raise their game and change their methods making the identification more difficult?