In 2003 hackers based in China began a series of far-ranging cyberattacks against U.S government targets with the aim of stealing sensitive state secrets, in an operation nicknamed Titan Rain by U.S investigators. The hackers’ focus was on military data and included Advanced Persistent Threat attacks on high-end systems of organisations such as NASA and the FBI. The level of sophistication used in the attacks led Adam Paller, SANS Institute research director, to state “no other organisation could do this if they were not a military”. The attacks caused some friction between the U.S and Chinese governments. Many security analysts pointed the finger at the Chinese military (People’s Liberation Army) as the source of the attacks.
In 2006, the Sykipot attacks leverage vulnerabilities in Adobe Reader and Acrobat and are part of a long-running series of cyberattack campaigns aimed primarily at U.S and U.K organisations including defense contractors, telecommunications companies and government departments. The attackers consistently used targeted emails containing either a link or malicious attachment containing zero-day exploits. This point of entry method to corporate and government systems, known as spear-phishing, is the most commonly used tactic in Advanced Persistent Threat attacks.
GhostNet is the name that researchers gave to a large scale cyber-espionage operation that was first detected in 2009. Carried out in China, the attacks were successful in compromising computers in over 100 different countries with a focus on infiltrating network devices associated with embassies and government ministries. The operations were largely viewed as China’s attempts to position itself as leaders of an emerging “information war”. These attacks were characterised by their frightening capability to control compromised devices, turning them into listening devices by remotely switching on their camera and audio-recording functions.
Considered at the time to be one of the most sophisticated pieces of Malware ever detected, the Stuxnet Worm was used in operations against Iran in 2010. Its complexity indicated that only nation state actors could have been involved in its development and deployment. A key differential with Stuxnet is that, unlike most viruses, the worm targets systems that are traditionally not connected to the internet for security reasons. It instead infects Windows machines via USB keys and then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC (programmable logic controllers). The operations were designed to provide the hackers with sensitive information on Iranian industrial infrastructure.
In 2015, security experts connected state-sponsored attackers working for the Chinese government to one of the most notable data breaches in U.S. history — the attack on the U.S. Office of Personnel Management (OPM). The attack on OPM compromised over 4 million records, including information on current, former and prospective federal government employees, as well as their family members, foreign contacts and even psychological information.
In the same year, 2015, an Advanced Persistent Threat attack affecting the US Government’s Office of Personnel Management has been attributed to what’s being described as on-going cyberwar between China and the U.S. The latest rounds of attacks have been referred to using a variety of different codenames, with Deep Panda being among the most common attribution. The attack on OPM in May 2015 was understood to have compromised over 4million US personnel records with fear that information pertaining to secret service staff may also have been stolen.