WHAT YOU NEED TO KNOW!
- Google’s cybersecurity researchers found state-sponsored Chinese hackers are using sophisticated techniques to spy on government and business networks undetected.
- The hackers are targeting devices on the edge of networks, compromising software by companies such as VMware and Citrix, which don’t typically have antivirus or endpoint detection software.
- Researchers suspect a China-nexus hacking group due to the profile of victims, the degree of ingenuity, sophistication, and the level of resources required.
Google’s Mandiant division has discovered that state-sponsored Chinese hackers are using sophisticated techniques to evade common cybersecurity tools and spy on government and business networks without detection for years. Analysts found hacks of systems that aren’t typically targeted by cyber espionage, and they compromise devices on the edge of the network, including firewalls.
They are also targeting software by companies such as VMware Inc. and Citrix Systems Inc., which don’t typically include antivirus or endpoint detection software. Researchers suspect that the hackers are from a China-nexus hacking group because of the profile of victims, including some who have been hit repeatedly, the high degree of novel tradecraft and sophistication observed, and the level of resources required.
The Chinese Embassy in Washington has routinely denied hacking into businesses or governments in other countries and accused the U.S. and its allies of the practice. China’s attacks are typically aimed, often hitting only a handful of high-value government and business victims.
The tactics deployed are so stealthy that Mandiant believes the scope of Chinese intrusion into U.S. and Western targets is likely far broader than currently known. Defense contractors, government agencies, and technology and telecommunications firms appeared to be bearing the brunt of the newly discovered Beijing-linked attacks.
While the relative quantity of identified victims may be small, the impact is significant because of the importance of what is being stolen.