China shifts cyber-ops from espionage to infrastructure
It has been reported that cyber-ops against the US have shifted from espionage activities to targeting infrastructure and societal disruption, according to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA).
The U.S. Intelligence Community annual threat assessment contends that in the event of a major conflict with the US, Beijing would look to undertaking aggressive cyber operations against critical infrastructure and military assets — including pipelines and rail lines.
Commenting on this, Elliott Wilkes, chief technology officer at Advanced Cyber Defence Systems, said “On May 24th, members of the US, UK, Canadian and Australia cyber defence and intelligence agencies jointly released a report on the activities of Chinese State-sponsored cyber groups and how their techniques are changing. In the report, they describe a shift of attention away from conventional espionage targets to companies and systems involved in critical infrastructure. First of all, this is a notable report just by virtue of the number of agencies working in collaboration on it. Over the past few years this form of public attribution of malicious activities by state-sponsored cyber groups—a naming and shaming, so to speak—has been increasingly used by Western countries as a tool to unmask the previously shadowy work of foreign intelligence and military agencies. This is a kind of state-craft that is being used by the five eyes countries and others to effectively draw lines around unacceptable behaviour. By naming the techniques and tactics, and doing so, not just in specific highly technical circles, but very publicly via Twitter and media interviews, this signals to state-sponsored groups in China, and elsewhere, that these activities are being monitored and that aggression will not be tolerated.
Targets includes companies and infrastructure
“For these specific instances described by NSA, GCHQ, CISA and others, these Chinese state-sponsored groups have targeted companies and infrastructure in geopolitically strategic sites that would be critical if there were to be a conflict in Taiwan. One example is telecoms infrastructure in Guam, a US territory with US military personnel, and likely a key site for deploying any US counter to a possible Chinese offensive in Taiwan.
“There is also a point where the western agencies gain by alerting the wider business community that they are now also coming under attack from sophisticated state sponsored cyber groups. These public messages help western agencies reinforce the need for strong cyber security beyond the traditional state-on-state sector.”
Darren James, Senior Product Manager at Specops Software, added “Attacks on CNI are quite common across the board. Nationalised infrastructure is typically run on a very tight budget, low numbers of staff who are usually underpaid and undertrained for the role they perform. Any disruption can cause a large impact on the country’s population, undermines trust in the government, and can provoke unrest. It’s likely though, the stance hasn’t shifted per se as CNI has always been a target and will continue to be on a global level. Implementing strong 2fa/MFA wherever possible would be our advice as well as a strict patching regime, continuous pen testing, and regularly tested backups.
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
