Researchers identify Chinese military hacker

25 Sep 2015 | Author: | No comments yet »

Asia-focussed Chinese PLA hacking crew surfaces.

It is growing far more difficult for China’s leaders to deny that a computer hacking campaign against U.S. business and interests has ties to China’s government. “Cyber theft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offences and should be punished according to law and relevant international conventions,” China president Xi Jinping told the Wall Street Journal in a written interview before his visit to the U.S. this week. Since then, a new report has drawn direct connections between China’s People’s Liberation Army and a hacking operation of U.S. allies in the South China Sea. Analysis of historic command and control (C&C) infrastructure used consistently within Naikon malware for espionage operations against Southeast Asian targets has revealed a strong nexus to the city of Kunming, capital of Yunnan Province in southwestern China. The C&C domain “greensky27.vicp[.]net” consistently appeared within unique Naikon malware, where the moniker “greensky27” is the personification of the entity who owns and operates the malicious domain.

The reseachers say that PLA unit 78020 targets military, diplomatic and economic targets throughout Southeast Asia and governments including Cambodia, Indonesia, Malaysia, the Philippines, Thailand and Singapore. Further research shows many social media accounts with the “greensky27” username are maintained by a People’s Republic of China (PRC) national named Ge Xing (葛星), who is physically located in Kunming. Ge Xing, aka “GreenSky27”, has been identified as a member of the PLA specializing in Southeast Asian politics, specifically Thailand, according to ThreatConnect. The strategic implications for the United States include not only military alliances and security partnerships in the region, but also risks to a major artery of international commerce through which trillions of dollars in global trade traverse annually. The study combines a “data-driven statistical analysis of malicious infrastructure on the internet” with a “human-focused view into the social media activities of the adversary to arrive at its conclusions”, using a metrology explained in greater depth here.

Almost five years of exploitation activity were accessed, but ThreatConnect is careful to say that the report is “one chapter of a larger story” and by no means even a comprehensive listing of all malware and infrastructure leveraged by Naikon globally. The institution is one of China’s principal centers for electronic intelligence, where professors train junior officers to serve in operations throughout China, says Mark Stokes of the Project 2049 Institute, a think tank in Washington.

Here you can write a commentary on the recording "Researchers identify Chinese military hacker".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site