The U.S. Attorney General's office unsealed an indictment today against two Chinese citizens believed to be part of the APT10 hacking group, which is linked to the Chinese government.
The indictment reveals key steps Chinese hackers used to steal intellectual property. Information security teams should know about these:
- "First, after the APT10 Group gained unauthorized access into the computers of an MSP, the APT10 Group installed multiple variants of malware on MSP computers around the world. To avoid antivirus detection, the malware was installed using malicious files that masqueraded as legitimate files associated with the victim computer’s operating system. Such malware enabled members of the APT10 Group to monitor victims’ computers remotely and steal user credentials."
- "Second, after stealing administrative credentials from computers of an MSP, the APT10 Group used those stolen credentials to connect to other systems within an MSP and its clients’ networks. This enabled the APT10 Group to move laterally through an MSP’s network and its clients’ networks and to compromise victim computers that were not yet infected with malware."
- "Third, after identifying data of interest on a compromised computer and packaging it for exfiltration using encrypted archives, the APT10 Group used stolen credentials to move the data of an MSP client to one or more other compromised computers of the MSP or its other clients’ networks before exfiltrating the data to other computers controlled by the APT10 Group."
Companies and government agencies in 12 countries were victims in this effort, including those in Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States.
How successful were these Chinese hacking group strategies? Incredibly successful, says the U.S. Department of Justice:
"... the APT10 Group successfully obtained unauthorized access to the computers of more than 45 technology companies and U.S. Government agencies based in at least 12 states, including Arizona, California, Connecticut, Florida, Maryland, New York, Ohio, Pennsylvania, Texas, Utah, Virginia and Wisconsin. The APT10 Group stole hundreds of gigabytes of sensitive data and information from the victims’ computer systems, including from at least the following victims: seven companies involved in aviation, space and/or satellite technology; three companies involved in communications technology; three companies involved in manufacturing advanced electronic systems and/or laboratory analytical instruments; a company involved in maritime technology; a company involved in oil and gas drilling, production, and processing; and the NASA Goddard Space Center and Jet Propulsion Laboratory."
[RESOURCE: 2019 regional cybersecurity conference calendar]