Espionage Group Hunts for Advanced Technology

Wednesday, October 29, 2014 @ 04:10 PM gHale

While it may not seem a big surprise, but a group from China has been in operation since 2008 going around and stealing technology information that could help foster faster development in that country, said a group of private security companies.

This security task force, coordinated by advanced analytics technology solutions company Novetta, put together threat intelligence from their systems and managed to make the connection between different cyber espionage incidents occurring over the years and targeting a wide set of the entities from a diverse range of sectors.

Targeted Attacks Increasing
DDoS Attacks Surge in Q3
Security Training Means Less Incidents
Breach Alert: Critical Infrastructure at 70%

Dubbed Operation SMN, the action included data from security heavy hitters Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Tenable, ThreatConnect, ThreatTrack Security, Volexity, Novetta, and Symantec.

What started as a partnership between Novetta and Microsoft for creating signatures for the Hikit malware family turned into a larger operation that revealed malicious tools, all linked to a single organization, now referred to as Axiom Group.

The group’s sophistication level exceeds that of Unit 61398 of the People’s Liberation Army (PLA), that had five of their members indicted this year in the U.S.

According to the final report from Novetta released on Thursday, Axiom targeted players in industries fitting “particularly well with China’s strategic interests and with their most recent Five Year Plans accepted in 2006 and 2011.”

Moreover, the document reported the actions of the group align to China’s goal to minimize dependence of foreign technology, especially that coming from the U.S.

As far as targets go, telemetry data from the coalition shows a wide geographical area, most of the victims being in the U.S., Europe, South Korea, Taiwan and Japan.

The group focused on government agencies in the sectors of communications, law enforcement, environmental policy, personnel management, space and aerospace exploration and research as well as government auditing and internal affairs.

However, the list of entities of interest expands to private areas, such as manufacturers of electronics and integrated circuits, of networking equipment, Internet-based services, software vendors, journalism and media organizations, law firms, telecommunication companies, organizations in the energy sector or pharmaceutical companies. Attacks on highly regarded U.S. academic institutions were also on the list.

It appears the group does not aim only at entities outside China, but also at domestic elements viewed as a potential threat for internal stability due to multiple issues, from wage disparity, unemployment, environmental problems or territorial disputes.

According to Operation SMN findings, Hikit malicious software used by Axiom ended up detected on machines in China and Hong Kong, indicating that the group set their sight on Chinese citizens as well as universities and research institutions.

The report admits there is a possibility that multiple Chinese threat groups could end up connected to Axiom, and part of a larger organization. Symantec, which uses a different the Hidden Lynx nomenclature Axiom, said the group has between 50 and 100 hackers.

Leave a Reply

You must be logged in to post a comment.