Despite signing a “digital truce” with the US in 2015 that banned the hacking of private companies, China has been green-lighting plenty of cyberattacks on US defense contractors, along with other targets, lately. And given the rising trade tensions with the US, these types of attacks are only expected to increase, according to Wired. To wit, one state-funded group recently infiltrated a Navy contractor and stole hundreds of gigabytes of information about submarines and undersea weapons, that have by now likely been handed over to the Chinese military.
As one source told Wired, China has backed off on intellectual property theft, as it promised to do when it signed the treaty. But it has more than compensated for this by redoubling its efforts to acquire US military intelligence.
“China’s actually backed off quite a bit on intellectual property theft, but when it comes to military trade secrets, military preparedness, military readiness, satellite communications, anything that involves the US’s ability to keep a cyber or military edge, China has been very heavily focused on those targets,” says David Kennedy, CEO of the threat tracking firm Binary Defense Systems, who formerly worked at the NSA and with the Marine Corps’ signal intelligence unit. “And the US does the same thing, by the way.”
Earlier this week, analysts from Symantec published their research tracking a series of attacks carried out by suspected Chinese hackers between November 2017 and April. The researchers dubbed the group “Thrip” – and what they have discovered is deeply troubling. The group, which the Symantec analysts have monitored since 2013, has learned to “hide in plain site” by using prefab malware to infiltrate networks, and then manipulate administrative controls to press further without tripping any alarms. Using off-the-shelf tools makes the group harder to identify. Still, the Symantec team found evidence of intrusions at some telecoms firms in southeast Asia, a US geospatial imagery company, a couple of private satellite companies including one US firm, and a US defense contractor.
And in what was probably Symantec’s most alarming discovery, the researchers learned that the hackers had managed to obtain operational control of orbiting satellite, giving them the ability to “disrupt data flows” or the satellite’s trajectory.
The researchers found evidence of intrusions at some southeast Asian telecom firms, a US geospatial imagery company, a couple of private satellite companies including one from the US, and a US defense contractor. The breaches were all deliberate and targeted, and in the case of the satellite firms the hackers moved all the way through to reach the control systems of actual orbiting satellites, where they could have impacted a satellite’s trajectory or disrupted data flow.
“It is scary,” says Jon DiMaggio, a senior threat intelligence analyst at Symantec who leads the research into Thrip.
“We looked at which systems they were interested in, where they spent the most time, and on the satellites it was command and control. And then they were also on the operational side for both the geospatial imagery and the telecom attacks.”
We should all be concerned about the increase in hacking of defense contractors because, as one of Wired‘s sources explains, sometimes an escalation of digital attacks can precede an armed conflict.
“Hacking can be used as a sign of force in a lot of cases to say ‘hey, we’re not happy and we’re going to make you feel some pain,'” Kennedy notes. “They’ll use that as a first step instead of having to send fighter jets or something.”
“All of these pieces fit together,” Symantec’s DiMaggio says of Thrip. “It’s not targets of opportunity; it’s definitely a planned operation.”
Of course, China has many options for retaliating against the US as the trade war with President Donald Trump worsens, including the so-called nuclear option: Dumping its US Treasury holdings. China’s military still lags the US in terms of firepower, but the government is quickly closing that gap, and its provocations in the South China Sea could cause the already tenuous relationship between the two countries to further deteriorate.