In a study of the life cycle of cyberespionage attacks, a group of researchers at a Taiwanese security startup have found that the nation’s major government agencies encounter a dozen such attacks each day and that the operators behind the attacks have virtual data centers that appear to be processing enormous workloads.
According to Dark Reading the research, which will be presented at the Black Hat Briefings later this summer, focuses on a part of the espionage life cycle that most incident responders do not see: the attackers sifting through their data caches and processing the stolen information in virtual “APT [advanced persistent threat] operation centers,” says Benson Wu, co-founder and lead security researcher at Taiwan-based Xecure Lab and one of the presenters.
“[We] will show that there are lots of people in these APT operation centers,” Wu says. “We can’t see [the] data that is being stolen, but there are a lot of operators. The workloads are so high that there must be tons of victims.”
Wu — along with researchers at Academia Sinica/Taiwan, a top research university — describes the life cycle ofcyberespionage attacks in five steps: the enemy creates their tools and infrastructure; they then get by their victim’s defenses; they search for and exfiltrate data using their command-and-control servers; they use a back-end console to gain access to the data; and they process the stolen information in an APT operations center. Their research focuses on the last two steps, he says.
The theft of intellectual property by the use of hacking, malware, and social engineering has become a point of contention between the U.S. and China, with companies and government agencies in the U.S. increasingly calling out China for the attacks on their systems.
Analysts at security giant RSA estimate that at least 80 percent of cyberespionage-related attacks appear to be coming out of the Far East, mainly China.