Wu Yingzhuo, Dong Hao and Xia Lei indictment (2017): Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
(hiding the example because it's not finished) |
No edit summary |
||
| Line 1: | Line 1: | ||
{| class="wikitable" |
|||
''[This page is under construction. Sources to include: https://www.justice.gov/opa/pr/us-charges-three-chinese-hackers-who-work-internet-security-firm-hacking-three-corporations]'' |
|||
! scope="row"|Date |
|||
|The attacks were carried out between 2011 and 2017. An indictment against the actors was issued on 13 September 2017.<ref>[https://www.justice.gov/opa/press-release/file/1013866/download. “Criminal Indictment No. 17-247 in the United States District Court for the Western District of Pennsylvania”]. </ref> |
|||
|- |
|||
! scope="row"|Suspected actor |
|||
|Wu Yingzhuo, Dong Hao and Xia Lei who formed a China-based Internet security company Guangzhou Bo Yu Information Technology Company Limited (aka Boyusec). Boyusec is believed to be APT3 (also known as UPS Team, Pirpi, Buckeye, Gothic Panda or TG-0110), acting as a contractor of Chinese Ministry of State Security.<ref>[https://intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/ “APT3 is Boyusec, a Chinese Intelligence Contractor”], (9 May 2017), intrusiontruth.</ref><ref>Insikt Group, [https://www.recordedfuture.com/chinese-mss-behind-apt3/ “Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3”], (17 May 2017), Recorded Future.</ref> |
|||
|- |
|||
! scope="row"|Target |
|||
|The group hacked corporates Moody’s Analytics, Siemens AG and Trimble, Inc.<ref>T Brewster[https://www.forbes.com/sites/thomasbrewster/2017/11/27/chinese-hackers-accused-of-siemens-moodys-trimble-hacks/ , “Chinese Trio Linked To Dangerous APT3 Hackers Charged With Stealing 407GB Of Data From Siemens”], (27 November 2017), Forbes. </ref> On the basis of these attacks, the actors were investigated and charged by the United States authorities.<ref>United States Department of Justice, [https://www.justice.gov/opa/pr/us-charges-three-chinese-hackers-who-work-internet-security-firm-hacking-three-corporations “U.S. Charges Three Chinese Hackers Who Work at Internet Security Firm for Hacking Three Corporations for Commercial Advantage”], (27 November 2017).</ref> |
|||
Moreover, the group is behind many other attacks on companies in the aerospace, defense, telecommunications, transportation, construction or advanced technology sectors as well as on government departments in Hong Kong, United States and other States.<ref>Insikt Group, [https://www.recordedfuture.com/chinese-mss-behind-apt3/ “Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3”], (17 May 2017), Recorded Future.</ref> |
|||
|- |
|||
! scope="row"|Method |
|||
|The group is one of the most sophisticated APT groups ever known and has used a wide range of tools and techniques.<ref>[https://attack.mitre.org/groups/G0022/ “APT3”], Mitre.</ref><ref>[https://www.fireeye.com/current-threats/apt-groups.html “Advanced Persistent Threat Groups”], FireEye.</ref> |
|||
As concerns the attacks on the three corporates on which basis the indictment was imposed, to access to the victims’ networks, the group used either spearphishing emails or a backdoor designed to bypass the victims' security systems and firewalls. The actors attempted to hide their true identities and location by using aliases and intermediary computer servers known as "hop points."<ref>[https://www.justice.gov/opa/press-release/file/1013866/download “Criminal Indictment No. 17-247 in the United States District Court for the Western District of Pennsylvania”].</ref> |
|||
|- |
|||
! scope="row"|Purpose |
|||
|Economic cyber espionage. |
|||
|- |
|||
! scope="row"|Result |
|||
|Compromising emails and identity data of employees, theft of confidential business information, including trade secrets, and damage to victims’ computer systems.<ref>Ibid.</ref> |
|||
|- |
|||
! scope="row"|Aftermath |
|||
|The United States Department of Justice and the FBI issued an indictment against the group for computer hacking, theft of trade secrets, conspiracy and identity theft directed at employees and computers of the three corporate victims. The indictment does not mention anything about a link to the Chinese government.<ref>Ibid.</ref> Shortly after the publication of the indictment, Boyusec was disbanded.<ref>J Chin, [https://www.wsj.com/articles/chinese-firm-behind-alleged-hacking-was-disbanded-this-month-1511881494 “Chinese Firm Behind Alleged Hacking Was Disbanded This Month”], (27 November 2017), The Wall Street Journal.</ref> All members of the group remain at large. |
|||
|- |
|||
! scope="row"|Analysed in |
|||
|[[Scenario 09: Economic cyber espionage]] |
|||
|} |
|||
[[Category:Example]] |
|||
[[Category:2017]] |
|||
Revision as of 19:21, 6 October 2019
| Date | The attacks were carried out between 2011 and 2017. An indictment against the actors was issued on 13 September 2017.[1] |
|---|---|
| Suspected actor | Wu Yingzhuo, Dong Hao and Xia Lei who formed a China-based Internet security company Guangzhou Bo Yu Information Technology Company Limited (aka Boyusec). Boyusec is believed to be APT3 (also known as UPS Team, Pirpi, Buckeye, Gothic Panda or TG-0110), acting as a contractor of Chinese Ministry of State Security.[2][3] |
| Target | The group hacked corporates Moody’s Analytics, Siemens AG and Trimble, Inc.[4] On the basis of these attacks, the actors were investigated and charged by the United States authorities.[5]
Moreover, the group is behind many other attacks on companies in the aerospace, defense, telecommunications, transportation, construction or advanced technology sectors as well as on government departments in Hong Kong, United States and other States.[6] |
| Method | The group is one of the most sophisticated APT groups ever known and has used a wide range of tools and techniques.[7][8]
As concerns the attacks on the three corporates on which basis the indictment was imposed, to access to the victims’ networks, the group used either spearphishing emails or a backdoor designed to bypass the victims' security systems and firewalls. The actors attempted to hide their true identities and location by using aliases and intermediary computer servers known as "hop points."[9] |
| Purpose | Economic cyber espionage. |
| Result | Compromising emails and identity data of employees, theft of confidential business information, including trade secrets, and damage to victims’ computer systems.[10] |
| Aftermath | The United States Department of Justice and the FBI issued an indictment against the group for computer hacking, theft of trade secrets, conspiracy and identity theft directed at employees and computers of the three corporate victims. The indictment does not mention anything about a link to the Chinese government.[11] Shortly after the publication of the indictment, Boyusec was disbanded.[12] All members of the group remain at large. |
| Analysed in | Scenario 09: Economic cyber espionage |
- ↑ “Criminal Indictment No. 17-247 in the United States District Court for the Western District of Pennsylvania”.
- ↑ “APT3 is Boyusec, a Chinese Intelligence Contractor”, (9 May 2017), intrusiontruth.
- ↑ Insikt Group, “Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3”, (17 May 2017), Recorded Future.
- ↑ T Brewster, “Chinese Trio Linked To Dangerous APT3 Hackers Charged With Stealing 407GB Of Data From Siemens”, (27 November 2017), Forbes.
- ↑ United States Department of Justice, “U.S. Charges Three Chinese Hackers Who Work at Internet Security Firm for Hacking Three Corporations for Commercial Advantage”, (27 November 2017).
- ↑ Insikt Group, “Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3”, (17 May 2017), Recorded Future.
- ↑ “APT3”, Mitre.
- ↑ “Advanced Persistent Threat Groups”, FireEye.
- ↑ “Criminal Indictment No. 17-247 in the United States District Court for the Western District of Pennsylvania”.
- ↑ Ibid.
- ↑ Ibid.
- ↑ J Chin, “Chinese Firm Behind Alleged Hacking Was Disbanded This Month”, (27 November 2017), The Wall Street Journal.