Chinese Threat Actors Indicted For Stealing Aviation Trade Secrets

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Hot on the heels of the Carbon Black Quarterly IR Threat Report, specifically calling out increased cybercrime activity from China, the US Department of Justice has indicted ten Chinese Nationals for perpetrating attacks against U.S. and French aviation companies in a stunning display of state sponsored economic espionage.

The accused worked for Jiangsu Province Ministry of State Security (JSSD), a foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (MSS). Of the ten indicted, it is reported that two are Chinese intelligence officers, two were insiders at a French aerospace manufacturer, and six were behind the scenes hackers.

This team of Chinese hackers was after designs for a proprietary turbofan engine technology used in commercial airliners. The attacks were reportedly perpetrated between 2010-2015. The engine was being developed via a partnership between a French aerospace manufacturer and a company based in the U.S. The French company operated out of an office in Suzhou, Jiangsu province, China – where the two Chinese insiders were based.

However, the scope was much greater than first thought. This group was accused of leading assaults on companies that manufacture parts for the turbofan engine – companies based out of Oregon, Arizona, and Massachusetts. The exposed global supply chain in the Aviation industry must be examined.

Among one of the key findings in the Carbon Black Quarterly IR Threat Report is that half of today’s attacks are leveraging “island hopping,” whereby attackers target organizations along the supply chain in order to infiltrate an affiliate network. This means that the addressable attack surface for bad actors extends well beyond the four walls.

According to the Department of Justice, the attackers used a variety of methods in order to steal information from these companies:

“The hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars.”

This particular attack strategy is state-of-the-art with advanced, multi-year campaigns that hide in plain sight and have many points of compromise. While these attacks may have occurred in the past, it is a fine example of the ingenuity and maturity Chinese hacker groups have displayed for years. It also serves as a stark example of why we need to evolve with the adversary – ourselves as practitioners as well as the tools we rely on in order to find evil doers.

This is the third time since September that the United States National Security Division has brought charges against Chinese intelligence officers from the JSSD. Carbon Black data corroborates that trend – 68% of those surveyed say they’re seeing cyberattacks stem from China more than any other country:

One thing is clear: this trend is not slowing down. The digitalization of our society means that these problems will only become more pervasive. As our data, workforce, and supply chain partners become more and more distributed, the threat deepens.

Contact your local Carbon Black team to discuss what we’re doing to increase visibility, discover emerging threats, and use the power of community to fight evil.

Grab a copy of the Carbon Black Quarterly IR Threat Report here.

Happy #Howlloween, I hope this wasn’t too scary.

The post Chinese Threat Actors Indicted For Stealing Aviation Trade Secrets appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?