Total Tests:

UK and US Blame China’s State-Sponsored Hackers for Parliament Cyber Espionage, Cyber Attacks on Energy Industry

By Scott Ikeda for CPO Magazine
Wednesday, March 27, 2024

A known state-sponsored hacking group from China has been sanctioned by the US Treasury Department for a campaign of cyber attacks over the past decade, and has been named by the UK’s National Cyber Security Centre (NCSC) as the culprit in a 2021 cyber espionage campaign against parliamentarians.

Dr Ilia Kolochenko, CEO at ImmuniWeb, notes that increasing attention needs to be paid to the public-private fusion of cyber espionage groups such as these: “Reliable cyberattack attribution remains a complex and time-consuming task in 2024, being a mix of art and science. The most complicated part is to expose who is actually procuring the attack. First, many cybercrime groups are mercenaries motivated by money: they may have one major client for a long period of time and then switch to another one. After establishing or inferring some nexuses between the group and its client, investigators may automatically and incorrectly attribute upcoming attacks – procured by another client – to the first one. Second, individual cybercrime group members may change their “employer” quite frequently. If such an individual was, for example, responsible for malware development at his former group, he would likely reuse his code, as well as some tactics, techniques and procedures (TTPs) for upcoming projects at the new group, once again leading to incorrect attribution of the attacks. Third, numerous databases and other excellent resources by cybersecurity companies exist with detailed technical descriptions of TTPs used by (in)famous hacking groups. Both newcomers and well-established threat actors frequently utilize this information to impersonate or frame another threat actor, perfidiously misleading the investigators. In sum, without a frictionless collaboration between law enforcement agencies (LEAs) from all countries, attack attribution, prosecution and just punishment of attackers remain highly problematic.” Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential