The U.S. government has been focused on protecting critical infrastructure this week with a push by CISA, the EPA and FBI to educate the water and wastewater systems sector on how to better secure their facilities from cyberattacks – and the Feb. 21 Biden administration executive order (EO) to further bolster the maritime sector and offer improved security requirements for the nation’s ports.
All of this comes in the wake of Thursday’s news that at least 500 documents posted on GitHub last week exposed that a Chinese hacking group linked to Beijing – i-SOON – has launched attacks over the past decade on at least 14 governments worldwide as well as critical infrastructure.
“The I-Soon leaks show a company competing for low-value contracts coming from many parts of China’s government to conduct hacking campaigns,” said Dakota Cary, strategic advisory consultant at SentinelOne, who co-authored a Feb. 21 blog on i-SOON with Aleksandar Milenkoski. “The price point of these operations, like hacking into the Vietnamese Ministry of the Economy for $55,000, suggests a mature hack-for-hire market in China. As FBI Director Christopher Wray has testified to the number of hackers China’s government employs in comparison to the U.S., we can now see the evidence of their maturity in the fees on offer to hackers.”
A time to go on the offensive
It’s not like the U.S. government has been sitting around. The FBI was part of an international effort from 11 countries this week to take down the LockBit ransomware gang. And the State Department issued a public announcement yesterday offering up to $15 million for any information leading the to the arrest or conviction of a member of the LockBit gang.
Also, on Jan. 31, the FBI took down the KV botnet tied to China-backed Volt Typhoon. A joint advisory issued by the Cybersecurity and Infrastructure Agency (CISA) and other global security agencies found that Volt Typhoon lurked in victim networks for up to five years seeking to take down critical infrastructure.
“There’s no stopping China, or any adversary, from attacking us,” said Morgan Wright, chief security advisor at SentinelOne, and an SC Media columnist. “This is about building a wall to defend our critical infrastructure brick-by-brick. The higher we can build the wall, the higher the cost to our adversaries. The federal government needs to maintain its increased operational tempo. Hitting our adversaries from many different angles is tough, costly, and time-consuming. But the alternative is even more tough, costly, and time-consuming if we leave ourselves defenseless.”
The People’s Republic of China (PRC) has been systematically conducting cyber operations against the U.S., its citizens and its businesses for over a decade, said Pat Arvidson, chief strategy officer at Interpres Security. While the United States was focused on the global war on terrorism, the PRC used this opportunity to infiltrate and steal intellectual property to boost its industrial and military power to rival the U.S.
“Now that the PRC believes its military can rival the U.S., it’s pivoting to a counter value strategy of holding U.S. critical infrastructure hostage,” said Arvidson. “The PRC views U.S. relations with countries that surround China as a political hegemony, so the PRC is responding by creating a cyber hegemony of the U.S. critical infrastructure. This activity, just below the threshold of war, is a grave concern.”
John Gallagher, vice president of Viakoo Labs, added that large hacker organizations are corporations. Over the last decade, threat actors broadly have taken on the trappings of normal corporations: a board of directors, quarterly financial statements, and competitive threat analysis. That’s why on the dark web we see price lists for DDoS attacks and public actions like exploits performed to advertise services, said Gallagher.
“That this exists in China is no surprise,” said Gallagher. “What is surprising is that the depth and breadth of these organizations in China has not been have revealed earlier. “Throughout history the military objectives of countries have driven the development of science and technology. Will there be a ‘wartime’ coalition between the U.S. government and private industry? As cyber conflict increases between the U.S. and China that becomes more likely.”