Novelty 2024 Sino-Russian Cyber Threat: "Grand Strategy" Hidden Persistent Access
In case of Article 5 invokation or gray zone escalation, a new viper lies in the waits. It may already have infected our most critical infrastructure.
An emergent phenomenon in cyberspace has been occurring over the past year. Groups like PLA VOLT TYPHOON, or the FSB and its proxies such as ALLANITE, EMBER BEAR, SANDWORM conduct cyber espionage campaigns on a massive scale, only for us to see the destruction before we get a chance to realize we are under virtual attack. Using infected domains, portals, terminals, IoT devices, spyware, keyloggers, China and Russia are combining tools such as Sandworm to hide in and destroy critical infrastructure, for as long as it takes.
China’s “Grand Strategy”, mixed with Russia’s “Tundra Resilience” implies operations that don’t deploy a direct cause-effect mechanism. The lapse in between each can be prolapsed into years, decades, centuries, lying in wait. Apply the Grand Resilience with Tik Tok and Huawei dominance, university, Apple and Microsoft PLA research collaboration, far-reaching cyber espionage, China is building the empire of hackers it accuses the US of having, with Russia’s help.
And, they have nothing but time.
According to a report by The Washington Post, hackers associated with China’s People’s Liberation Army have infiltrated over 25 crucial systems across the world.
Joint cybersecurity advisories between CISA, NSA, FBI, Japan’s NPA Canada’s Center for Cybersecurity, and FiveEyes allies disclose the following:
People's Republic of China-Linked Cyber Actors Hide in Router Firmware
The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) (hereafter referred to as the “authoring agencies”) are releasing this joint cybersecurity advisory (CSA) to detail activity of the People’s Republic of China (PRC)-linked cyber actors known as BlackTech. BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships for pivoting from international subsidiaries to headquarters in Japan and the U.S. — the primary targets. (CISA/FBI/NSA)
CSE’s Canadian Centre for Cyber Security joined cyber security partners from the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC-UK), New Zealand’s National Cyber Security Centre (NCSC-NZ) and the Computer Emergency Response Team New Zealand (CERT NZ), to assess that there is an increased risk to critical infrastructure organizations globally from Russian state-sponsored advanced persistent threat (APT) actors, their proxies, and independent cybercriminal groups. These actors and criminal groups may conduct cyber operations, such as deploying ransomware or distributed denial of service (DDoS ) attacks, against U.S., Australian, Canadian, New Zealand, or UK organizations to disrupt or harm critical industrial control system (ICS)/operational technology (OT) functions.
Russia hacking: 'FSB in years-long cyber attacks on UK', says government
The UK is accusing Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life.
The government said one group stole data through cyber-attacks, which was later made public, including material linked to the 2019 election.
The group is accused of carrying out hundreds of highly targeted hacks against politicians, civil servants, those working for think-tanks, journalists, academics and others in public life. These mainly targeted the private emails of individuals following extensive research and the creation of false accounts impersonating their trusted contacts.
Chinese hackers are positioning themselves inside critical US infrastructure by targeting careless office workers in a bid to cause 'societal chaos' from within should war break out.
Beijing's military have burrowed into more than 20 major suppliers in the last year alone including a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline, analysts have revealed.
They have bypassed elaborate cyber security systems by intercepting passwords and log-ins unguarded by junior employees, leaving China 'sitting on a stockpile of strategic' vulnerabilities.
Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor
Chinese hacker groups are sharing destructive cyber weapons with the FSB. Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) out of Russia called Sandman and a China-based threat cluster that's known to use a backdoor referred to as KEYPLUG.
The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary's Lua-based malware LuaDream and KEYPLUG have been determined to cohabit in the same victim networks.
The convergence of Russia's sophisticated cyber capabilities with China's extensive technological prowess has birthed a new era of clandestine cyber operations. Among the most alarming manifestations are the covert, long-term cyber threats perpetrated through stealthy tactics such as man-in-the-middle attacks.
A man-in-the-middle attack occurs when an unauthorized entity secretly intercepts and possibly alters the communication between two parties. The combined expertise of Russian and Chinese APTs has led to the development of highly advanced tools and techniques, interwoven servers and command/control nodes, enabling them to execute undetectable and persistent intrusions into critical systems worldwide.
These threats are so intricate, carefully crafted and concealed, they pose severe risks to national security, economic stability, and individual privacy. By infiltrating communication channels, IoT systems, cloud collaboration portals, these clandestine operatives can eavesdrop on confidential exchanges, manipulate data, and even sabotage vital infrastructure without leaving a trace.
The implications of such covert activities are far-reaching. They undermine trust between nations, exacerbate tensions in already strained international relations, and perpetuate an atmosphere of uncertainty and vulnerability in the digital realm. Critical sectors such as finance, healthcare, energy, and defense become susceptible to prolonged, subtle attacks that could disrupt essential services, compromise sensitive information, and inflict significant harm.
The collateral damage resulting from these concealed cyber threats extends beyond immediate security concerns. It erodes confidence in digital systems, impeding technological advancements and hindering global progress. The constant fear of undetected intrusions stifles innovation and impedes the free flow of information, ultimately impinging on the fundamental principles of an open and connected world.