Chinese Threat Actors Indicted For Stealing Aviation Trade Secrets

2018-10-31T21:08:47
ID CARBONBLACK:7F2877EC4C8F7308776D807920D2D136
Type carbonblack
Reporter Sean Blanton
Modified 2018-10-31T21:08:47

Description

Hot on the heels of the Carbon Black Quarterly IR Threat Report, specifically calling out increased cybercrime activity from China, the US Department of Justice has indicted ten Chinese Nationals for perpetrating attacks against U.S. and French aviation companies in a stunning display of state sponsored economic espionage.

The accused worked for Jiangsu Province Ministry of State Security (JSSD), a foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (MSS). Of the ten indicted, it is reported that two are Chinese intelligence officers, two were insiders at a French aerospace manufacturer, and six were behind the scenes hackers.

This team of Chinese hackers was after designs for a proprietary turbofan engine technology used in commercial airliners. The attacks were reportedly perpetrated between 2010-2015. The engine was being developed via a partnership between a French aerospace manufacturer and a company based in the U.S. The French company operated out of an office in Suzhou, Jiangsu province, China - where the two Chinese insiders were based.

However, the scope was much greater than first thought. This group was accused of leading assaults on companies that manufacture parts for the turbofan engine - companies based out of Oregon, Arizona, and Massachusetts. The exposed global supply chain in the Aviation industry must be examined.

Among one of the key findings in the Carbon Black Quarterly IR Threat Report is that half of today’s attacks are leveraging “island hopping,” whereby attackers target organizations along the supply chain in order to infiltrate an affiliate network. This means that the addressable attack surface for bad actors extends well beyond the four walls.

According to the Department of Justice, the attackers used a variety of methods in order to steal information from these companies:

“The hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars.”

This particular attack strategy is state-of-the-art with advanced, multi-year campaigns that hide in plain sight and have many points of compromise. While these attacks may have occurred in the past, it is a fine example of the ingenuity and maturity Chinese hacker groups have displayed for years. It also serves as a stark example of why we need to evolve with the adversary - ourselves as practitioners as well as the tools we rely on in order to find evil doers.

This is the third time since September that the United States National Security Division has brought charges against Chinese intelligence officers from the JSSD. Carbon Black data corroborates that trend - 68% of those surveyed say they’re seeing cyberattacks stem from China more than any other country:

One thing is clear: this trend is not slowing down. The digitalization of our society means that these problems will only become more pervasive. As our data, workforce, and supply chain partners become more and more distributed, the threat deepens.

Contact your local Carbon Black team to discuss what we’re doing to increase visibility, discover emerging threats, and use the power of community to fight evil.

Grab a copy of the Carbon Black Quarterly IR Threat Report here.

Happy #Howlloween, I hope this wasn’t too scary.

The post Chinese Threat Actors Indicted For Stealing Aviation Trade Secrets appeared first on Carbon Black.