Google researchers have discovered that state-backed hackers from China have devised methods to evade standard cybersecurity measures, allowing them to infiltrate government and corporate networks and conduct espionage on unsuspecting targets for extended periods without being detected.
In the last year, analysts at Google’s Mandiant division have observed cyberattacks targeting systems that are not typically the focus of espionage, the Wall Street Journal reported.
Rather than breaching systems located behind the corporate firewall, hackers are gaining access to devices on the network’s edge, such as firewalls, and targeting software produced by companies like Citrix Systems Inc. or VMware Inc.
These applications are usually installed on computers without antivirus or endpoint detection software, as reported by the Wall Street Journal.
According to Charles Carmakal, Mandiant’s Chief Technology Officer, the attacks frequently take advantage of previously unknown vulnerabilities and showcase a new level of resourcefulness and sophistication from Chinese hackers.
Researchers have attributed the activity to a suspected China-based hacking group based on the characteristics of the targets, which include repeat victims, the complexity and novelty of the tactics employed, the level of resources involved, and the use of obscure malware code previously attributed only to Chinese threat actors, among other factors.
Written by staff