The UK has been the target of a systemic global hacking operation
China-based have been breaching a variety of UK firms in a systemic global hacking operation, according to a report by National Cyber Security Centre (NCSC), PwC and BAE Systems.
A cyber criminal gang operating out of China known as APT10 was claimed to have been responsible for the attacks by PwC, which noted that customer malware and ‘spear phishing’ techniques were used against British firms to steal private data and intellectual properties.
“PwC UK and BAE Systems assess it is highly likely that APT10 is a China-based threat actor with a focus on espionage and wide ranging information collection,” the report said.
“It has been in operation since at least 2009, and has evolved its targeting from an early focus on the US defence industrial base (DIB) and the technology and telecommunications sector, to a widespread compromise of multiple industries and sectors across the globe, most recently with a focus on MSPs (managed service providers).”
China cyber attacks
The firm’s research, which involved an ‘unmasking operation’ dubbed Cloud Hopper, identified that APT10 benefits from having significant staffing and logistics resources and would appear to be constructed of multiple teams.
Though PwC and BAE have not worked out who or what is behind the hacker group, access to such resources would suggest that the APT10 could be a state-sponsored group, or could have the becking of large Chinese enterprises looking to steal intellectual properties from companies and rivals working the same business sector. However, at the time of writing this is merely speculation on our part.
What is particularly noteworthy of APT10’s hacking techniques is that they attack MSPs in order to gain access to network infrastructure and systems being provided to target companies, using connections to infiltrate a target’s network then ex-filtrate desired data in a stealthy fashion.
Japanese organisation were also a significant target for APT10, with the report noting that the hacker group systemically targeted government and commercial organisations by masquerading as legitimate public sector entities.
The attacks were said to be consistent with previous hacking operations that have been traced back to China-based threat actors.
While targeted attacks were found to be aimed at Japan and the UK, operations were alos targetead against companies in 14 nations, including France and the US.
With such attacks appearing to be growing in profile and occurrence, it is no wonder the UK government is putting solid support around the nations’ with its National Cyber Security Centres, setup to combat such large scale cyber-security threats.