Infosec pros might have already noticed some familiar IP address ranges in their system logs – China has returned to the cyber-attack arena.
That's the conclusion of threat intel outfit CrowdStrike, which released its midyear threat report this week (downloadable here with free registration). The firm's Falcon OverWatch team said that from January to June, state actors were responsible for 48 per cent of intrusion cases, and China is climbing back up the charts.
CTO and co-founder Dmitri Alperovitch tweeted: "CrowdStrike can now confirm that China is back (after a big drop-off in activity in 2016) to being the predominant nation-state intrusion threat in terms of volume of activity against Western industry. MSS is now their #1 cyber actor."
MSS refers to the Ministry of State Security, which will likely be even more motivated to digitally disrupt the US since a deputy division director was arrested in Belgium in April and extradited to face charges in America.
Alperovitch said that the 2015 Obama-era non-hacking pact had led to a decline in hostile activity, at least at the state level.
Alex Stamos, formerly CSO at Facebook, concurred with Alperovitch: "Most IR professionals I have spoken to believed that there was a real drop in commercially-motivated hacking from the Chinese after the deal."
That was then. The increasing political hostility between China and the US (and countries like Australia which have followed the US's lead) is reflected in the online world, CrowdStrike reckoned. "OverWatch data identifies China as the most prolific nation-state threat actor during the first half of 2018."
Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?READ MORE
Intrusions were attempted against "biotech, defence, mining, pharmaceutical, professional services, transportation, and more", the report claimed.
The "Chinese threat" has been a CrowdStrike theme for some time: in September, Alperovitch made the same point to Fox Business in a TV interview. He said "every major sector of the economy is being targeted" by the Middle Kingdom.
"Primarily they're focused on stealing intellectual property... in order to counteract in part the trade tariffs we're putting into place on them."
By comparison to the rising Chinese attack traffic, the report's other key findings were relatively unremarkable: online crims are turning to crack networks to install cryptocurrency miners, with legal and insurance industries a favourite target; the biotech sector is a favoured target for industrial espionage; and criminal actors who once may have used less sophisticated tools are now adopting "tactics, techniques and procedures" learned from nation-state actors. ®
Sponsored: Ransomware has gone nuclear