Several security experts claim that recent attacks on three U.S. defense contractors could yet again be tied to cyber attack campaigns from China, reports ZDNet Asia.
Lockheed Martin, L-3 Communications, and Northrop Grumman were all compromised using data related to RSA’s SecurID two-factor authentication that were stolen during a breach at the U.S. encryption and network security company back in March, which appeared to originate in China.
The attacks were conducted using a series of sophisticated attacks on a specific target, designed to steal credentials in order to get into the network to access critical data, known as Advanced Persistent Threats, or APT.
Rich Mogull, chief executive of Securosis, comments:
“APT is a euphemism for China. There is a massive espionage campaign being waged by a country. It’s been going on for years, and it’s going to continue.”
Chinese government officials denied any responsibility in the recent phishing attacks targeting Gmail accounts announced last week. Turning the tables around, China accused the U.S. of vilifying the Chinese government and launching an Internet war against other countries.
“I think the attacks on the contractors are completely related to the RSA intrusion, but not necessarily by the same group. ” said Chris Wysopal, chief technology officer at Veracode. He adds:
“If it’s any kind of military espionage, military adversaries are going to be high on the list. The question then is who in China–is it government agents or independent contractors selling to the Chinese government?”