There are 12 groups behind the bulk of China-based cyber attacks stealing critical data from U.S. companies and government agencies, said U.S. cyber security analysts and experts.
The U.S. often gives the attackers unique names or numbers and can tell where the hackers are, and even who they are, the analysts said.
Targets have broadened from the U.S. government to private industry defense companies to critical infrastructure in the last ten to 15 years, said Jon Ramsey, head of the counter-threat unit at Dell SecureWorks. Hackers in China have different digital fingerprints often visible through the computer code they use, or the command and control computers through which they route their malicious software.
The report said U.S. government officials have been reluctant to tie the attacks directly to the Chinese government, but analysts and officials quietly said they have tracked enough intrusions to specific locations to link them with confidence to Beijing. One of the analysts said investigations show the dozen or so Chinese teams appear to have orders to go after specific technologies or companies.
Experts and analysts also said the malware and tools have not gotten much more sophisticated in recent years, instead relying on burying malware deep in computer networks so they can use it again over the course of months or even years.
A report last month by the U.S. National Counterintelligence Executive openly named China and Russia as key cyber threats, saying “the governments of China and Russia will remain aggressive and capable collectors of sensitive U.S. economic information and technologies, particularly in cyberspace.”
However, cyber security analyst Jeffrey Carr disputed the claims, saying the researchers quoted in the article (from research firms Mandiant and Dell SecureWorks) have a vested interest in painting China as the bad guy since the bulk of their marketing is advanced persistent threat-centric, with APT being ‘code’ for China.
“There’s been no proven reliable way to assign attribution,” Carr said in his blog post. “Digital DNA is a marketing ploy, not a fact. It conflicts with our own research on state and non-state actors involved in cyber espionage.
“Senators and Congressmen unfortunately don’t have enough knowledge about cyber security to discern truth from fiction so what starts off as highly questionable analysis soon becomes terrible U.S. government policies; especially when it is advocating for permission for civilian U.S. companies to counterattack a specific nation’s network,” he said. “There has never been a worse idea in the history of bad ideas than that one.”