Report Describes Far-Flung Chinese Cyber Espionage Against U.S. Government

The massive campaign of cyber intrusions of U.S. government Web sites by China’s People’s Liberation Army (PLA) now has a name: “Byzantine Hades,” according to a report Thursday by Reuters.

The massive campaign of cyber intrusions of U.S. government Web sites by China’s People’s Liberation Army (PLA) now has a name: “Byzantine Hades,” according to a report Thursday by Reuters.

The report says that China has gained the upper hand over the U.S. in the arena of cyberwarfare, developing an advanced offensive capability that has already netted the country terabytes of classified and unclassified data from government and military Web sites. The web of compromises is still under investigation by U.S. authorities and has been dubbed “Byzantine Hades,” Reuters reports, citing U.S. State Department sources and “secret U.S. State Department cables” that were obtained by Wikileaks and made available to Reuters by a third party.

The report largely recounts previous reports about the extent of China’s spying against the U.S., Great Britain and other western targets, including the so-called “Aurora” attacks against Google. However, the cables cited by Reuters – some made public by Wikileaks, others not – provide some intriguing details about the extent of Chinese espionage against the U.S.

Among other things, the report notes that while spear phishing attacks are the most common element of the Byzantine Hades program, the full project is categorized into at least three specific parts known as “Byzantine Anchor,” “Byzantine Candor,” and “Byzantine Foothold,” which describe common tactics and malware used in the various attacks to control systems and extract data.

The report also cites a 2009 State Department cable that makes a connection between command and control servers involved in Byzantine Hades, and servers identified in advanced persistent threat (APT) attacks dubbed “Ghostnet” that were documented by researchers at the University of Toronto that targeted the Tibetan government in exile. Servers used in the Ghostnet attacks were also used in some of the Byzantine Hades attacks in 2006, Reuters said.

The report paints a grim picture of government and private sector firms that are the target of waves of sophisticated and targeted attacks, many relying on in-depth research on intended targets by what are identified as “Chinese intelligence and military units, and affiliated private hacker groups.” That research involves “combing the Internet for details about U.S. government and commercial employees’ job descriptions, networks of associates, and even the way they sign their emails — such as U.S. military personnel’s use of “V/R,” which stands for “Very Respectfully” or “Virtual Regards.” Employees working for the U.S. Army, the Departments of Defense, State and Energy, other government entities and commercial companies were all targets.

Read more here.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business