In a significant development, China's National Computer Network Emergency Response Technical Team (CNCERT) released a detailed report on Friday highlighting two cyberattacks orchestrated by the United States against a prominent Chinese technology enterprise.
Understanding the Cyberattack
The first breach occurred on August 19, 2024, when attackers exploited a vulnerability in the company's electronic document management system. This intrusion allowed them to steal the system administrator's credentials, which were then used on August 21 to access the backend of the compromised system.
Subsequently, at noon on August 21, the attackers deployed a backdoor and a customized Trojan program within the system. These malicious programs operated solely in memory to avoid detection, collecting and transmitting stolen data overseas through specific access paths.
Furthermore, between November 6 and 16, 2024, the attackers exploited the system's software upgrade feature to infiltrate 276 personal computers within the enterprise. These Trojans were designed to scan for and steal sensitive files and login credentials before self-deleting to eliminate traces of the breach.
Massive Theft of Trade Secrets
The report details a coordinated effort to scan and compromise the internal network of the victim enterprise. Over the period of November 6 to 16, the attackers used three different proxy IP addresses to implant Trojans programmed with specific keywords related to the company's operations. This targeted approach resulted in the theft of approximately 4.98 GB of critical commercial information and intellectual property.
Attack Characteristics
The majority of the attacks were timed between 10 p.m. and 8 a.m. Beijing Time, aligning with daytime hours in the United States. The use of proxy IPs from Germany and Romania indicates a high level of sophistication and resourcefulness. Additionally, the attackers utilized widely available open-source tools, making detection more challenging. The strategic manipulation of the software client upgrade function showcases the attackers' advanced techniques in facilitating large-scale information theft.
This revelation underscores the ongoing cyber tensions between China and the United States, highlighting the need for enhanced cybersecurity measures and international cooperation to safeguard sensitive information.
Reference(s):
China releases report on U.S. cyberattacks targeting a tech enterprise
cgtn.com
