Arrest of top Chinese intelligence officer sparks fears of new Chinese hacking efforts

Source: Vsoftsystems, 12/10/2018

Suspect is a top official in one of China`s intelligence agencies,
accused of controlling China`s state hacking operations.
Top figures in the infosec industry fear that the recent arrest of a
top Chinese intelligence officer will spark an increase in
cyber-attacks from Chinese hacking groups in the coming months.
These fears were expressed today after the US Department of Justice
announced the arrest and extradition of Yanjun Xu, a high-ranking
director in China`s Ministry of State Security (MSS), the country`s
counter-intelligence and foreign intelligence agency.
Xu was not arrested on hacking charges, but for attempting to commit
economic espionage and steal trade secrets after trying to recruit
several insiders from multiple US aviation and aerospace companies.
But reports from US cyber-security firm Recorded Future, and from
shadowy group Intrusion Truth, have pegged the MSS as the Chinese
agency in control of China`s cyber-espionage operations.
`Currently, the Ministry of State Security (MSS) is the primary
government agency engaged in the majority of cyber attacks with
Chinese-government nexus, and CrowdStrike has observed multiple
intrusions demonstrating their sophisticated tradecraft,` Dmitri
Alperovitch, Co-Founder and CTO of US cyber-intelligence firm
CrowdStrike, told ZDNet today.
Alperovitch now fears that this arrest might trigger a retaliatory
action from Chinese hackers, an opinion also shared by former Facebook
Chief Security Officer, Alex Stamos, and others.
For years, Chinese state-sponsored hackers have breached US companies
and pilfered proprietary technology that mysteriously made its way
into the hands of Chinese companies.
The two nations agreed to cease all hacking operations aimed at
intellectual property (IP) theft in the autumn of 2015, when the
countries` two presidents, US President Obama and Chinese President
Xi, signed a political agreement on the matter.
A FireEye report released in June 2016 found that China`s IP theft
cyber operations had considerably wound down following the pact, and
the country appeared to have stopped all major operations.
But this pact appears to have unofficially dissolved during the Trump
presidency, as diplomatic relations broke down between the two
countries, and a trade war is slowly unraveling today.
The Trump administration accused China in March of breaking the
Obama-Xi hacking agreement. A US Department of the Treasury
investigation detailed in a 215-page report listed several Chinese
hacking operations that took place after the pact`s signing.
In a report published today, CrowdStrike confirmed the US Treasury`s
findings. The company said it detected an uptick in Chinese hacking
operations during the past year, uptick that placed China above Russia
in terms of number of attacks.
`CrowdStrike can now confirm that China is back (after a big dropoff
in activity in 2016) to being the predominant nation-state intrusion
threat in terms of volume of activity against Western industry,`
Alperovitch said in a tweet today, an opinion he also shared in an
interview on Bloomberg TV.
`MSS is now their [number one] cyber actor,` he added.
Even if there is no evidence Xu was involved in China`s cyber
operations, it is now a general opinion among many infosec pundits
that China does not abide by the terms of the Obama-Xi agreement
anymore and the arrest of one of its top MSS directors would unleash
hacking efforts on the same level as they were before the pact.
In comments provided to ZDNet, Alperovitch also hoped today`s arrest
would also serve as a deterrent.
Nonetheless, that might not be the case as the indictment of three
Chinese nationals believed to be MSS hacking contractors last year,
who were also involved in IP theft, didn`t appear to stop Chinese
cyber-espionage operations at all.
The Washington Post has more details on Xu`s indictment and insider
recruitment tactics, as well as how federal agents lured the top MSS
official in Belgium, where they arrested him on April 1, this year.