Wray's Warning: Chinese Malign Cyber Activity Targeting US Corporations and Critical Infrastructure

Chinese malign cyber activity targeting US corporations and critical infrastructure has been a rising concern for officials.

FBI Director Christopher Wray’s January 2024 address to the House Select Committee on the Chinese Communist Party (CCP) highlighted the relentless pursuit by the CCP to target the US economy and critical infrastructure sectors nationwide. The CCP’s dedicated network of hackers focuses on infrastructure as well as private sector companies, especially in the fields of finance, artificial intelligence, quantum computing, and biotechnology. CCP hackers target these areas to achieve two primary goals:

‍

• Establish backdoors into critical infrastructure and economic entities to facilitate access in the event of military action between the US and China.
  Pre-established access would provide the CCP with the ability to shut down electric grids, open dams, cut off water and natural gas pipelines, cut off internet and cell towers, etc. Any combination of these actions would cause extreme panic and immense damage to the US economic system. 

• Infiltrate private sector corporations to steal intellectual property (IP) and data on Americans.
  This information provides the CCP with valuable intelligence on technological advancements used in both the private and public sector. CCP actors are responsible for the theft of hundreds of billions of dollars worth of IP and trade secrets in the United States. In particular, the CCP seeks out American medical and genome data due to the extremely diverse gene pool of the American population.

‍

CCP hackers have access to data and resources that non-state sponsored hacking groups do not, which allows for them to be more effective in targeting and accessing unauthorized networks.‍

The CCP supports the groups with intelligence, funding, and training, but their hackers infiltrate networks using the same techniques as other trained and committed hackers. 

‍

Hackers employ several techniques to gain unauthorized network access, one of the most popular is phishing or spear-phishing. These methods are attempts to social-engineer access to a network by creating an illegitimate, but believable, way of targeting an individual with legitimate credentials to unwittingly reveal their login information. Phishing most often takes the form of emails designed to look like they have been sent by a bank or boss asking the recipient to provide their account login information. 

‍

However, more targeted and thoughtfully designed phishing attempts, known as spear-phishing, are much harder to spot. Bad actors may spend a significant amount of time collecting relevant open-source information on an individual in order to impersonate them to gain unauthorized access.

Information about an individual's:

• address history
• phone numbers
• email addresses
• voting history
• political donations
• religious affiliation
• school their children attend
• and much more can often be readily found in open-source mediums

Bad actors use this data to impersonate their target to gain access to email accounts and cell phone provider accounts to gain access to other accounts associated with the phone number or email address, including sensitive corporate accounts. 

‍

This is the preferred method for bad actors targeting private sector companies. If the bad actor is able to successfully impersonate and illicitly gain access to a C-Suite executive’s credentials, they gain nearly unfettered access to highly confidential material on the company’s IP, trade secrets, and finances. 

‍

Hackers monitor for and take advantage of major data leaks on the dark web. Data leaks often contain login credentials for the breached sites, including passwords that individuals may use across multiple platforms. Malign cyber actors may use what Personally Identifiable Information (PII) they have access to in order to match commonly used passwords to individuals to use your login credentials across multiple sites. 

Red5 Recommendation

• Ongoing dark web monitoring is necessary to mitigate the threat posed by dark web data leaks.
• The information on the dark web is never fully removed, but monitoring for and identifying leaks enables individuals and corporate IT departments to change passwords and add account security measures before the leaked information can be successfully utilized by bad actors. 

‍

Another method used particularly by state-sponsored hackers to gain unauthorized access to a network is exploiting zero-day vulnerabilities. Zero-day vulnerabilities are unknown security gaps that often occur as a result of a coding error, allowing unauthorized access to a network. As long as the vulnerability goes unnoticed by the company or system user, hackers can take advantage. Once discovered, zero-days are typically closely held secrets, and can be sold for large sums of money on the dark web. 

Red5 Recommendation

• Companies can mitigate the risk of being targeted in a zero-day attack by researching the status of major operating system updates before installing them on devices.
• On some occasions, it may be worth waiting for the first security update post-launch of the new OS to ensure any initial vulnerabilities are patched. After that, be sure to routinely check for new security updates. 

‍

The threat posed by the CCP’s cyber actors necessitates US corporate entities go beyond traditional cybersecurity practices. Malign cyber actors are consistently developing more creative methods to gain unauthorized access to a network. This threat will only continue to grow with advances in artificial intelligence and quantum computing.

Understanding and mitigating vulnerabilities stemming from your digital footprint, dark web leaks, and zero-days drastically reduce the ability for a hacker to gain access to a corporate network, which enhances the security of US economic and corporate interests as a whole.

‍

‍

To learn more about your digital footprint and how it can impact your security book a call with Red5