INFOSEC

China Says Its Government Also Hit By A Major Data Breach

China announced a massive government data breach just last week

Jun 05, 2015 at 12:17 PM ET

A data breach exposing the personal details of as many as four million federal employees has highlighted America and China’s tit-for-tat cyber war with many analysts suggesting that the breach, which apparently originated in China in 2014, was likely state sponsored.

The White House announcement of the breach on Thursday followed a similar report from a Chinese ISP last week that detailed an enormous, persistent hacking attack on Chinese institutions by unknown actors. The report was released by the security arm of Qihoo 365, a multi-billion dollar internet provider, but largely ignored in western media. Analysts, again, thought that attack was large enough to be sponsored by a state.

The detailed Chinese-language report outlined how persistent attacks from an organization dubbed “OceanLotus”  targeted institutions in China, mostly in Beijing, over a three-year period. The attacks targeted maritime institutions, research and shipping institutes, and government departments, and come at a time when tensions between the U.S. and China over maritime activity are at an unprecedented high. 92 percent of all the targets were Chinese.

The report said that the most recent attacks were mostly “spearphishing” attacks, where emails appear to be from friendly sources, but contain malware that targets the user’s personal information.

A Xinhua report describe the attacks, which came from 35 server domains in six countries, and with IP addresses scattered across 13 countries, as requiring the kind of long term investment that indicates a state-sponsored attack:

“Generally, the OceanLotus attacks have lasted over three years. Its targets are clear and its technology and methods so accurate and sophisticated, indicating that it must be a highly-organized, professional national hacking organization sponsored by foreign government[s].”

Security writer Emilio Iasiello said that it was unusual for Chinese security company to go into such detail about their findings, but that it may be a veiled dig at U.S. companies which routinely detail attacks originating from China.

Read More:

An New Look At Persistent Threats – China As Victim (Threatgeek)
Chinese ISP: China Is Victim Of Foreign-Backed APT Group (Dark Reading)