The U.S. Justice Department yesterday announced the indictments of three Chinese nationals, Wu Yingzhou, Dong Hao and Xia Lei, for conspiring to commit computer fraud and abuse, conspiring to commit trade secret theft, wire fraud, and aggravated identity theft.
The three were employees of the Chinese Internet security company Guangzhou Bo Yu Information Technology (Boyusec).
Earlier this year, an anonymous security researcher claimed that Boyusec is actually a contractor for China's intelligence services and a front for the APT3 hacker group. "There were reports last year that much of their activity had moved to focus on domestic targeting against residents of Hong Kong recently," AlienVault threat engineer Chris Doman told eSecurity Planet by email. "Historically, they targeted a number of western defense contractors and aerospace companies."
The indictment alleges that Wu, Dong and Xia used spear phishing attacks to breach U.S. companies between 2011 and 2017 in order to access and steal hundreds of gigabytes of sensitive data.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"The primary goal of the co-conspirators' unauthorized access to victim computers was to search for, identify, copy, package and steal data from those computers, including confidential business and commercial information, work product, and sensitive victim employee information, such as usernames and passwords that could be used to extend unauthorized access within the victim systems," the Justice Department stated.
Between December 2015 and March 2016, the hackers are alleged to have stolen at least 275 MB of data from the GPS company Trimble, including highly sensitive information on technology used to improve mobile device location data.
In 2014, hackers are alleged to have stolen about 407 GB of data from Siemens regarding the company's energy, technology and transportation businesses.
In 2011 or so, the hackers are alleged to have accessed a Moody's email server and placed a forwarding rule in a high-level employee's email account. In 2013 and 2014, the hackers then accessed the forwarded emails to view data including confidential economic analyses and findings.
Defending Against Attacks
Companies are struggling to fend off attacks like these. A recent Ponemon Institute survey of 665 IT and security leaders, sponsored by Barkly, found that 54 percent of respondents were hit by one or more successful cyber attacks in the past 12 months.
The average cost per successful attack, according to respondents, exceeds $5 million.
Seven out of 10 respondents said the endpoint security risk to their organization has increased significantly over the past year, and just a third of respondents say they have adequate resources to manage endpoint risk.
Less than a third of respondents believe their anti-virus solution can stop the threats they're seeing, and a third have either changed AV vendors or switched to a next-generation endpoint solution. Even with those changes, just 54 percent of respondents believe the attacks they're currently seeing can be stopped.
"Attacks are evolving," the report states. "As a result, today's organizations are struggling to secure their endpoints, and paying a steep cost for each successful attack."