Report Describes Far-Flung Chinese Cyber Espionage Against U.S. Government

The massive campaign of cyber intrusions of U.S. government Web sites by China’s People’s Liberation Army (PLA) now has a name: “Byzantine Hades,” according to a report Thursday by Reuters.

The massive campaign of cyber intrusions of U.S. government Web sites by China’s People’s Liberation Army (PLA) now has a name: “Byzantine Hades,” according to a report Thursday by Reuters.

The report says that China has gained the upper hand over the U.S. in the arena of cyberwarfare, developing an advanced offensive capability that has already netted the country terabytes of classified and unclassified data from government and military Web sites. The web of compromises is still under investigation by U.S. authorities and has been dubbed “Byzantine Hades,” Reuters reports, citing U.S. State Department sources and “secret U.S. State Department cables” that were obtained by Wikileaks and made available to Reuters by a third party.

The report largely recounts previous reports about the extent of China’s spying against the U.S., Great Britain and other western targets, including the so-called “Aurora” attacks against Google. However, the cables cited by Reuters – some made public by Wikileaks, others not – provide some intriguing details about the extent of Chinese espionage against the U.S.

Among other things, the report notes that while spear phishing attacks are the most common element of the Byzantine Hades program, the full project is categorized into at least three specific parts known as “Byzantine Anchor,” “Byzantine Candor,” and “Byzantine Foothold,” which describe common tactics and malware used in the various attacks to control systems and extract data.

The report also cites a 2009 State Department cable that makes a connection between command and control servers involved in Byzantine Hades, and servers identified in advanced persistent threat (APT) attacks dubbed “Ghostnet” that were documented by researchers at the University of Toronto that targeted the Tibetan government in exile. Servers used in the Ghostnet attacks were also used in some of the Byzantine Hades attacks in 2006, Reuters said.

The report paints a grim picture of government and private sector firms that are the target of waves of sophisticated and targeted attacks, many relying on in-depth research on intended targets by what are identified as “Chinese intelligence and military units, and affiliated private hacker groups.” That research involves “combing the Internet for details about U.S. government and commercial employees’ job descriptions, networks of associates, and even the way they sign their emails — such as U.S. military personnel’s use of “V/R,” which stands for “Very Respectfully” or “Virtual Regards.” Employees working for the U.S. Army, the Departments of Defense, State and Energy, other government entities and commercial companies were all targets.

Read more here.

Suggested articles

Discussion

  • Bazz on

    In the Technology Wars deception, fore-knowledge and access to the opponents info will be critical to success.

    The mere fact that China wants to know how you sign-off email is knowledge in setting up false trails and thus confusion.

    The Microsoft ubiquity with its vulnerabilities is a god sent to the opponent. (And why it uses Unix!)

    Its the core problem of USA today - companies first  - women, children and USA last! And the “Gods country' syndrome

    The Clinton Bush years were idle years in not preparing for the simple onslaught of a knowledgeable opponent caused by the end of the Cold War.

    Paranoia is the motive for defense and its preparation. Anonymous and Grey affair is the first skirmish by fifth columnists.

    But also USA training is so automated its can't think on the move!

    I have great fear for USA! The politics are local the danger offshore.

  • Anonymous on

    Bazz: "Its the core problem of USA today - companies first - women, children and USA last!"

    Precisely.

    And don't leave out men. Men in the USA aren't held in much regard either.

    Good comments, Bazz.

  • Brian Memphis on

    After spending more than 10 yrs serving in the armed forces and since then seeing what our Gorernment does to the returning vets, It is no supprise that foreign hackers are having no problem getting what ever information they want. Anonymous is right about what is important even today to our government. If you can't single-handedly put someone in the white house then you are not worth wasting time on. Maybe having wikileaks air their dirty laundry will give them a wakeup call, but I doubt even that had any lasting effect.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.