Hackers were “pursuing development of capabilities that could disrupt critical communications between the United States and Asia” in a crisis; using legitimate credentials to gain access to the systems, getting inside and then using small-office routers to disguise where the intrusion is coming from. Cybersecurity experts call this approach “living off the land.” They obtained initial access by targeting Fortinet cybersecurity devices, taking advantage of a flaw in the system to gain credentials.
The Chinese government has denied the allegations, calling them a “collective disinformation campaign” by the countries that make up the Five Eyes intelligence sharing organization, the United States, United Kingdom, Canada, Australia and New Zealand.
Secretary of the Navy Carlos Del Toro told CNBC on Thursday, May 25 that the Navy “has been impacted” by the hackers, but did not specify what areas were targeted or what it means for the Navy’s operational readiness. He did however say that it was “no surprise” that China initiated such a cyber attack.
Microsoft said that it had contacted all groups affected by the hack.
In response to the news, the cybersecurity agencies of the Five Eyes member nations issued a joint advisory on the hack and how to detect similar ones. The new report identifies several steps governments can take to prevent “living off the land” style intrusions.
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency said in a statement. “Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity.”
