The United Stated Federal Bureau of Investigation (FBI) warned U.S. based businesses on Wednesday that they believe a team of highly skilled government backed hackers have launched recent attacks towards the U.S. with intent to steal corporate secrets.
“These state-sponsored hackers are exceedingly stealthy and agile by comparison with the People’s Liberation Army Unit 61398 . . . whose activity was publicly disclosed and attributed by security researchers in February 2013,” said the FBI in its alert, which references a case where a Chinese military hacker unit was exposed.
The “flash” warning the FBI issued describes tools and techniques that Chinese hackers may use and asked companies to contact federal authorities if they believe they may fall victim to such attacks.
After the public release of the document, FBI spokesman Josh Campell confirmed to Reuters the FBI did issue the warning.
“The FBI has recently observed online intrusions that we attribute to Chinese government affiliated actors,” he said. “Private sector security firms have also identified similar intrusions and have released defensive information related to those intrusions.”
The document the FBI released to these providers said that the agency recently obtained information regarding “a group of Chinese Government affiliated cyber actors who routinely steal high-value information from U.S. commercial and government networks through cyber espionage.”
The United States government and FBI director have dawned on the Chinese government numerous times, publicly calling on them to cease the large cybertheft of corporate trade secrets and sensitive documents. Back in May, five high ranking Chinese military officials were arrested on charges of commercial espionage, shortly after, the government responded by trying to resolve the issue between the two nations over ‘cyber’ based lawsuits.
As no resolution was made, a coalition of security firms have teamed together to take on the advanced persistent threat (APT) hacker group. The heavy-weight firms have targeted Axiom, a group of Chinese state hackers and the malware they use.
“The Axiom threat group is a well-resourced and sophisticated cyber espionage group that has been operating unfettered for at least four years, and most likely more,” said the report, issued by Novetta Solutions (PDF), a Northern Virginia cybersecurity firm that heads the coalition.
Axiom hackers generally target high-profile organizations that have strategic financial and economic interest, influence energy and environmental policy and develop high-tech equipment such as microprocessors, the Novetta report said.
Axiom’s sophistication is demonstrated less on how the group hacks into the system and more on how they move “laterally” once inside the system, enabling them to disguise their behavior to appear normal and go undetected, said Peter B. LaMontagne, Novetta Solutions chief executive officer.
“It suggests a threat actor that is well-funded, organized, patient — all characteristics associated with a government organization,” he told the Washington Post.
The Novetta report ties the Axiom group to a number of APT campaigns identified by security researchers in the past, including Operation Aurora, HiddenLynx, DeputyDog and Ephemeral Hydra.
The FBI said Axiom has deployed at least four zero-day exploits that the group is actively using to target and hack into high-profile institutions.
The industry coalition targeting Axiom includes Microsoft, Cisco, FireEye, F-Secure, iSight Partners, Symantec, Tenable, ThreatConnect, ThreatTrack Security, Volexity and numerous other researchers that chose to not be publicly identified.
The coalition said Wednesday they were launching a two-week investigation to gather information on Axiom’s tactics and techniques from organizations that have been targeted in the past. The firms hope to identity the group and possible ties to other cyberespionage campaigns. The firms will issue a report on October 28.