As per four security firms investigating the attack on U.S. companies have said that the recent ransomware attack bears the distinct marks of tactics and tools which were previously associated with hackers who have support from the Chinese government.
Although typical ransomware attacks are linked to run of the mill criminals, security experts say that the level of sophistication in at least half a dozen cases, over the last three months, are akin to those used by hackers who have the backing of the Chinese state. This includes intrusion techniques and ways to move around the network, as well as software used to manage these intrusions.
“It is obviously a group of skilled of operators that have some amount of experience conducting intrusions,” said Phil Burdette, the head of the incident response team at Dell SecureWorks.
In the last 3 months, Burdette was called in thrice to oversee cases wherein hackers had spread ransomware after exploiting known vulnerabilities in the application servers. Once the hackers gained access to the servers, they tricked more than 100 computers in each of the companies into installing the ransomware.
InGuardians, Attack Research and G-C Partners, all security firms, said they had investigated three similar cases of ransomware since December 2015.
Although they are not 100% sure, since it is almost impossible to have that kind of accuracy given the expertise of the hackers, they were nonetheless positive that all of these threats came from China, said Val Smith, CEO of Attack Research.
With the victims of the attacks not willing to be identified publicly, the ransomware attacks have previously not been reported.
Although the security companies investigating the attacks have theories regarding the reasons for what was behind the attack, they have yet to arrive at any firm conclusions.
In 2015, the Chinese government had committed to reducing support for economic espionage with the United States. In the result, some government hackers or private contractors, who are faced with reduced work or no work at all, are using ransomware to supplement their income, said Smith.
Burdette said there is always the possibility that hackers penetrated these systems while hunting for trade secrets. With China supposedly backing away, its spies and associates have now the advantage.
Cyber security experts have all ruled out the prosaic explanation that ordinary criminals have improved their skills and bought tools which are mostly used by governments.
Although typical ransomware attacks are linked to run of the mill criminals, security experts say that the level of sophistication in at least half a dozen cases, over the last three months, are akin to those used by hackers who have the backing of the Chinese state. This includes intrusion techniques and ways to move around the network, as well as software used to manage these intrusions.
“It is obviously a group of skilled of operators that have some amount of experience conducting intrusions,” said Phil Burdette, the head of the incident response team at Dell SecureWorks.
In the last 3 months, Burdette was called in thrice to oversee cases wherein hackers had spread ransomware after exploiting known vulnerabilities in the application servers. Once the hackers gained access to the servers, they tricked more than 100 computers in each of the companies into installing the ransomware.
InGuardians, Attack Research and G-C Partners, all security firms, said they had investigated three similar cases of ransomware since December 2015.
Although they are not 100% sure, since it is almost impossible to have that kind of accuracy given the expertise of the hackers, they were nonetheless positive that all of these threats came from China, said Val Smith, CEO of Attack Research.
With the victims of the attacks not willing to be identified publicly, the ransomware attacks have previously not been reported.
Although the security companies investigating the attacks have theories regarding the reasons for what was behind the attack, they have yet to arrive at any firm conclusions.
In 2015, the Chinese government had committed to reducing support for economic espionage with the United States. In the result, some government hackers or private contractors, who are faced with reduced work or no work at all, are using ransomware to supplement their income, said Smith.
Burdette said there is always the possibility that hackers penetrated these systems while hunting for trade secrets. With China supposedly backing away, its spies and associates have now the advantage.
Cyber security experts have all ruled out the prosaic explanation that ordinary criminals have improved their skills and bought tools which are mostly used by governments.