22 July 21, 12:20
Quote:The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a “naming-and-shaming” approach — but researchers aren’t convinced the efforts will come to much in terms of deterring future activity.
On Monday, the White House released an official statement announcing its attempt to push back against “irresponsible and destabilizing behavior in cyberspace.” The European Union, the United Kingdom, and NATO countries also announced it will join the U.S. in “exposing and criticizing [China’s] malicious cyber-activities,” the White House statement added.
The statement also formally attributed the widespread Microsoft Exchange zero-day exploitation to the China’s Ministry of State Security.
The U.S. Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Administration (NSA) released multiple advisories providing details about cybersecurity threats from the Chinese government, and announced the indictments of four Chinese nationals alleged to have been operating on behalf of the Chinese Hanian State Security Department.
The indictments allege the four Chinese Hainan State Security Department (HSSD officers), were behind the advanced persistent threat group APT40: Including Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin, as well as Wu Shurong, who allegedly wrote and targeted malware against universities, governments and companies across the globe between 2011 and 2018.
“This indictment alleges a worldwide hacking and economic espionage campaign led by the government of China,” said Acting U.S. Attorney Randy Grossman of the Southern District of California, in a statement. “The defendants include foreign intelligence officials who orchestrated the alleged offenses, and the indictment demonstrates how China’s government made a deliberate choice to cheat and steal instead of innovate.”
CISA and FBU have also released detailed APT40 tactics, techniques and procedures (TTPs) and mitigations.
Read more: Indictments, Attribution Unlikely to Deter Chinese Hacking | Threatpost