In the wake of the government’s indictment against members of Unit 61398, the Shanghai-based cyberunit of the People’s Liberation Army, economic cybertheft against private industries continues to rise. Last week, the FBI issued a private warning to industries that another high-level group of Chinese hackers were executing long-term operations to steal data from both government agencies as well as private U.S. companies.

FBI has described this group as “exceedingly stealthy and agile by comparison with the People’s Liberation Army Unit 61398” and the “flash” warning described signature methods that this group of Chinese hackers use and asked companies to contact federal authorities if they believe they have either fallen or lack the security measures to prevent such attacks.

The FBI’s alert was accompanied by the release of a report created by a coalition of private security firms. The report names the group “Axiom” and found that the only organizations that could have this type of skill and security would be those that are extremely well funded, staffed, organized and could dedicate a significant amount of time towards carrying out these operations. Further, the hacking patterns appear to support Chinese national interests. Ultimately, the report concluded, the group is likely to be associated with the Chinese national government.

The Chinese embassy in Washington has publically called for “the U.S. side to stop this kind of unfounded accusation,” echoing past responses to U.S. allegations of government-backed cyber security breaches.

Meanwhile, the FBI and security coalition believe that this group may be the same one behind other massive espionage plots, including one that targeted Google in 2009—known as Operation Aurora. Because of plots such as these, the NSA has been working with victims of cyberespionage, including Goggle, to rebuild and strengthen their communications security.

Even wholly domestic agencies are struggling to keep up with the technological threats facing both private subsidiary and governmental entities. The FDA recently issued a guidance document to help assist industry by identifying cybersecurity issues that may arise in the design and development of medical devices and preparation of premarket submission for those devices.

An industry coalition—including: Microsoft, Cisco, FireEye, F-Secure, iSight Partners, Symantec, Tenable, ThreatConnect, ThreatTrack Security, and Volexity—is launching a two week study to gather information and further analyze Axiom’s tactics. The study, which will be released on October 28, plans to definitively identify trademark characteristics of the group, link them to even more attacks, and potentially provide further insight to companies and international law firms on how to better secure their data from attack.


— Christine M. Carletta

Image Source

Comments are closed.