Chinese cyber spies change tactics

At least four large American research centers were attacked in the last months as part of the Chinese cyber espionage campaign. Crowdstrike published a report about this. All of the attacks were conducted using one scheme: hackers were trying to infect servers with malware and launch Mimikatz and China Chopper afterwards. At the same time two non-governmental organizations suffered similar attacks.

Research centers that became hackers’ targets are Think Tanks. This is how organizations that are developing decisions on key strategic issues of economy, defense, international relations, etc. are called in the USA. Quite often the government contracts them or their work becomes the basis for future decision-making at the highest state level. Therefore, the importance of the information that cyber spies were after couldn’t be overemphasized.

Obviously, the attackers were predominantly interested in the US plans on the East: specially created malware searched for documents and emails containing key words china, japan, korea, chinese and eager lion (codename for the US military exercise that take place annually in the Middle East). Crowdstrike specialists point out that the current cyber espionage campaign is very different from the ones China conducted previously. Former actions were usually called “smash-and-grab” because hackers tried to hack and steal everything they possibly can. This time they are very selective.

source:  Technical Center of Internet

Back to the list