Cybersecurity threats from China are not garnering the media attention they deserve. This may be giving business leaders a false sense of network security.
It’s difficult for everyday people to discern imminent threats from abstract ones because the mainstream media follows a narrative that instills click-bait fear and wonder. The Russian election meddling and Wikileaks hacks took up much of the bandwidth for years. That has been sidelines by the recent outbreak of Novel Coronavirus in China that has turned into a global threat. While these and other media stories capture our attention, the imminent cybersecurity threats U.S. organizations face coming from China and others tend to go grossly underreported. The question industry leaders need to be asking their cybersecurity teams is whether or not they are ready for China’s next wave of attacks.
There is plenty of fact-based data available, proving the Asian communists have engaged in repeated state-sponsored hacks. Cybersecurity experts are on heightened alert further attacks are imminent. China has a long history of penetrating cyber-defenses in nations that include Myanmar, Taiwan, Vietnam, and Indonesia, among others. It’s no coincidence they have ongoing disputes with these countries. And given the U.S. and China have been embroiled in a tariff war and disputes over intellectual property rights, attacks on U.S. private-sector businesses and organizations in the federal government’s supply chain appear to be primary targets.
According to The Next Web, “Researchers have revealed a previously undocumented threat actor of Chinese origin. This group has run at least six different cyber-espionage campaigns in the Southeast Asian region since 2013.”
The hackers have been dubbed PKPLUG due to their success at delivering PlugX malware inside ZIP files under the moniker “PK.”
“This group (or groups) has a long history and series of creating custom tools which imply they are persistent and well-resourced,” Palo Alto Unit 42’s Alex Hinchliffe reportedly said. “For example, the creation and use of a custom Android malware may indicate their targets require individual attention based on prevalent operating systems used or that they need that capability generally. This group is patient in what they work toward.”
The report indicates that PKPLUG has been on the move since 2013 infecting organizations in countries with strained Chinese relations. It started out hitting Mongolian individuals, and by 2016 the group was using a Poison Ivy malware attack on Myanmar, among others. By 2018, the China-based cybercriminals penetrated devices with “HenBox” malware to secure information about outgoing calls to China from other nations. The malware was concealed as a seemingly legit Android app that covertly accessed microphones and device cameras. If none of this is ringing a bell, that’s a scary thought because Chinese hackers appear to be well-funded and have the full support of the communist government.
While much of the network and device penetrations by PKPLUG have been restricted to China’s neighboring Southeast Asian countries, the spread of creative threats appears imminent. In many ways, hackers are the digital equivalent of a virus that infects vulnerable networks rather than people. That being said, concerns about China and others are so prevalent that even mainstream media outlets such as The Hill are rolling out warnings. According to an opinion piece published in The Hill, these rank among the most vulnerable areas Chinese and other state-sponsored hackers could exploit.
It’s essential to understand that state-sponsored cyber-criminals are unlikely ever to be brought to justice. They operate with impunity half-way around the globe, and it’s up to business leaders to take preventative measures to avoid data breaches and cyber-theft. You may not be uniquely impacted by Russian election meddling and be able to get a flu vaccine. But are you fully prepared for the spread of Chinese hacks?