Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Building China’s Comac C919 airplane involved a lot of hacking, report says

October 15, 2019
in Internet Security
Building China’s Comac C919 airplane involved a lot of hacking, report says
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A report published today shines a light on one of China’s most ambitious hacking operations known to date, one that involved Ministry of State Security officers, the country’s underground hacking scene, legitimate security researchers, and insiders at companies all over the world.

The aim of this hacking operation was to acquire intellectual property to narrow China’s technological gap in the aviation industry, and especially to help Comac, a Chinese state-owned aerospace manufacturer, build its own airliner, the C919 airplane, to compete with industry rivals like Airbus and Boening.

You might also like

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

Google addresses customer data protection, security in Workspace

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

A Crowdstrike report published today shows how this coordinated multi-year hacking campaign systematically went after the foreign companies that supplied components for the C919 airplane.


Image credit: Aerotime

The end goal, Crowdstrike claims, was to acquire the needed intellectual property to manufacture all of the C919’s components inside China.

Crowdstrike claims that the Ministry of State Security (MSS) tasked the Jiangsu Bureau (MSS JSSD) to carry out these attacks.

The Jiangsu Bureau, in turn, tasked two lead officers to coordinate these efforts. One was in charge of the actual hacking team, while the second was tasked with recruiting insiders working at aviation and aerospace companies.

mss-jssd-gang.png

Image: Crowdstrike

The hacking team targeted companies between 2010 and 2015, and successfully breached C919 suppliers like Ametek, Honeywell, Safran, Capstone Turbine, GE, and others.

But unlike in other Chinese hacks, where China used cyber-operatives from military units, for these hacks, the MSS took another approach, recruiting local hackers and security researchers.

Special feature


Cyberwar and the Future of Cybersecurity


Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

According to Crowdstrike and a Department of Justice indictment, responsible for carrying out the actual intrusions were hackers that the MSS JSSD recruited from China’s local underground hacking scene. Crowdstrike says that some of the team members had a shady history going back as far as 2004.

These hackers were tasked with finding a way inside target networks, where they’d usually deploy malware such as Sakula, PlugX, and Winnti, which they’d use to search for proprietary information and exfiltrate it to remote servers.

In the vast majority of cases, the hackers used a custom piece of malware that was specifically developed for these intrusions. Named Sakula, this malware was developed by a legitimate security researcher named Yu Pingan.

In the rare occasions when the hacking team couldn’t find a way inside a target, a second MSS JSSD officer would intervene and recruit a Chinese national working for the target company, and use him to plant Sakula on the victim’s network, usually via USB drives.

The group, which Crowdstrike said it tracked as Turbine Panda, was extremely successful. The US cyber-security firm points out that in 2016, after almost six years of non-stop hacking of foreign aviation companies, the Aero Engine Corporation of China (AECC) launched the CJ-1000AX engine, which was set to be used in the upcoming C919 airplane, and replace an engine that had been previously manufactured by a foreign contractor.

Industry reporting points out that the CJ-1000AX displays multiple similarities [1, 2] to the LEAP-1C and LEAP-X engines produced by CFM International, a joint venture between US-based GE Aviation and French aerospace firm Safran, and the foreign contractor that supplied turbine engines for the C919.

US crackdown

But while the MSS JSSD’s hacking efforts might have gone unnoticed, hackers made a mistake when they overstepped and went after targets a little too big — such as healthcare provider Anthem and the US Office of Personnel Management.

Those intrusions yielded a lot of useful information for recruiting future insiders, but they also brought the full attention of the US government bearing down on their operation. It didn’t take too long after that for the US to start piecing the puzzle together.

The first ones to go were the insiders since they were the easiest ones to track down and had no protection from the Chinese government since they were operating on foreign soil.

After that came Yu, the creator of the Sakula malware, who was arrested while attending at a security conference in Los Angeles, and subsequently charged for his involvement in the Anthem and OPM hacks.

Yu’s arrest triggered a massive ripple in China’s infosec scene. The Chinese government responded by prohibiting Chinese researchers from participating at foreign security conferences, fearing that US authorities might get their hands on other “assets.”

Initially, this seemed an odd thing to do, but a subsequent Recorded Future investigation showed how the MSS had deep ties to the Chinese cyber-security research scene, and how the agency was secretly hoarding and delaying vulnerabilities found by Chinese security researchers, many of which were being weaponized by its hackers before being publicly disclosed.

But the biggest hit to Turbine Panda came in late 2018 when western officials arrested Xu Yanjun, the MSS JSSD officer in charge of recruiting insiders at foreign companies.

The arrest of a high-ranking Chinese intelligence officer was the first of its kind, and the biggest intelligence asset transfer since the Cold War, besides Snowden’s flight to Russia. Now, US officials are hoping that Xu collaborates for a reduced sentence.

However, Crowdstrike points out that “the reality is that many of the other cyber operators that made up Turbine Panda operations will likely never see a jail cell.”

China has yet to extradite any citizen charged with cyber-related crimes.

Hackers have continued to target the aviation industry

In the meantime, Turbine Panda appears to have seized most of its operations, most likely crippled due to the arrests, but other Chinese cyber-espionage groups have taken over, such as Emissary Panda, Nightshade Panda, Sneaky Panda, Gothic Panda, Anchor Panda, and many more.

Attacks on foreign aviation firms are expected to continue for the foreseeable future, mainly because Comac’s C919 jet isn’t the success that the Chinese government expected (see 07:20 mark in the video below), and a fully Chinese airliner is still years away. Efforts are currently underway for building the airliner’s next iteration, the C929 model.

For years it’s been reported that China has been building its economical might on the back of other countries and its foreign competitors.

The full Crowdstrike report gives a glimpse at how China has been using hackers to do so, although they are not the only component.

The Beijing government itself has played even a bigger role. Historically, they’ve dangled carrots in the face of foreign companies, promising access to China’s booming internal market. Foreign companies have seen themselves forced into joint ventures, only to be forced out later by their former partners after local companies grew with the help of state subsidies and the know-how acquired from the partnership.

In this process, Chinese hackers often helped with “forced technology transfer,” breaching business partners and stealing their intellectual property, allowing the Chinese state-owned companies to put out high-end competing products in record time and at very low prices.

And in all of this, the aviation industry has been only one part of the puzzle. Similar hacking efforts have also targeted many other industry verticals, from the maritime industry to hardware manufacturing, and from academic research to biotechnology.

Credit: Zdnet

Previous Post

SAP Teched Postmortem: SAP HANA Cloud’s potential impact on S/4HANA

Next Post

Scrape the Web with scrapestack

Related Posts

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
Internet Security

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

March 3, 2021
Google addresses customer data protection, security in Workspace
Internet Security

Google addresses customer data protection, security in Workspace

March 2, 2021
Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC
Internet Security

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

March 2, 2021
Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
SolarWinds security fiasco may have started with simple password blunders
Internet Security

SolarWinds security fiasco may have started with simple password blunders

March 2, 2021
Next Post
How to Change the WordPress Admin Login Logo

Scrape the Web with scrapestack

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

An open-source machine learning framework to carry out systematic reviews
Machine Learning

An open-source machine learning framework to carry out systematic reviews

March 3, 2021
The Ways in Which Big Data can Transform Talent Management and Human Resources | by Amelia Jackson | Feb, 2021
Neural Networks

The Ways in Which Big Data can Transform Talent Management and Human Resources | by Amelia Jackson | Feb, 2021

March 3, 2021
Introducing Research Tuesdays: Tuesday’s daily brief
Digital Marketing

Introducing Research Tuesdays: Tuesday’s daily brief

March 3, 2021
Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
Internet Security

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

March 3, 2021
Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware
Internet Privacy

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

March 3, 2021
The Effect IoT Has Had on Software Testing
Data Science

The Effect IoT Has Had on Software Testing

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • An open-source machine learning framework to carry out systematic reviews March 3, 2021
  • The Ways in Which Big Data can Transform Talent Management and Human Resources | by Amelia Jackson | Feb, 2021 March 3, 2021
  • Introducing Research Tuesdays: Tuesday’s daily brief March 3, 2021
  • Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates