During a visit in mid-September,
China’s Foreign Minister Wang Yi urged Australia to become “a bridge between
east and west.” He was Down Under to discuss progress on the free trade agreement between Australia and China that seems
likely by the end of the year. His comment referred to furthering the trade
relationship between the two countries, but he might as well have been
referring to hackers who hope to use the deepening alliance to steal information.
The Australian Financial Times
(AFR) did an in-depth article with FireEye regarding Chinese attacks
against Australian businesses, and this blog provides additional context.
Australia has experienced
unprecedented trade growth with China over the last decade, which has created a
double-edged sword. As Australian businesses partner with Chinese firms,
Chinese-based threat actors increasingly launch sophisticated and targeted
network attacks to obtain confidential information from Australian businesses.
In the U.S. and Europe, Chinese attacks on government and private industry have
become a routine in local newspapers. Australia, it seems, is the next
target.
The Numbers
First, let’s review the state of
Australian and Chinese economic interdependence. Averaging an annual
9.10% GDP growth rate over the last two decades, China’s unparalleled economic
expansion has protected Australia from theworst of the global financial crisis effects. Exports to China have increased tenfold, from $8.3b USD
in 2001 to $90b USD in 2013[i], with the most prominent commodities being iron ore and natural gas. Much of these
resources originate in Australia, which puts China’s government under
significant pressure to meet the skyrocketing demand for them. Despite the
ever-increasing co-dependence Australia and China share as regional partners,
Chinese authorities are likely supporting greater levels of monitoring and
intelligence gathering from the Australian economy – often conducted through
Chinese State-Owned Enterprises (SOEs) with domestic relationships in
Australia.
SOE direct investment into
Australia grew to 84% of all foreign investment inflows from China in 2014,
primarily directed into the Australian mining and resource sector;
demonstrating a further signal for control as China seeks to capture a level of
certainty in catering for its future internal growth. We suspect this to be government-commissioned
cyber threat actors targeting Australian firms with a specific agenda: to gain
advantage and control of assets both in physical infrastructure and
intellectual property.
The Impacts
How have these partnerships
impacted Australian networks? Mandiant has observed the strategic
operations of Chinese threat actors target companies involved in key economic
sectors, including data theft from an Australian firm. Chinese Advanced
Persistent Threats (APTs) are likely interested in compromising Australian
mining and natural resources firms, especially after spikes in commodity
prices. The upward trend in APT attacks from China is also aimed toward the
third parties in the mining and natural resources ecosystems. Mandiant believes
a significant increase in China-based APT intrusions focused on law firms that
hold confidential mergers and acquisitions information and sensitive
intellectual property. It is no coincidence these third-party firms are often
found lacking in network protections. The investigation also found that, at the
time of compromise, the majority of victim firms were in direct negotiations
with Chinese enterprises, highlighting attempts by the Chinese government to
gain advantage in targeted areas.
Due to its endemic pollution problems,
clean energy has evolved into a critical industry for China. The country has
now engaged a plan to develop Strategic Emerging Industries (SEIs) to address
this. Australian intellectual property and R&D have become prime data, and
has taken a major position in Chinese APT campaigns. Again, it is the third
parties like law firms that are coming under attack.
Furthermore, to reduce China’s
reliance on Australian iron ore exports, Beijing has initiated a plan to
develop an efficient, high-end steel production vertical through strategic
acquisitions in Australia and intervening to prevent unfavorable
alliances. For example, the SOE Chinalco bought into Australian mining
companies to presumablyprevent a merger that would have disadvantaged their
interests. Clearly, the confidential business information of Australian export
partners to China is becoming increasingly sought after.
Mandiant found that the majority
of compromised firms had either current negotiation with Chinese enterprises or
previous business engagements with Chinese enterprises. These attacks will
persist as trade and investment grows, though they will do so at the cost of
confidential Australian business information such as R&D and intellectual
property. As large Australian mining and resources firms themselves may partner
with the Australian Signals Directorate for security, the focus of the threat
actors shifts to associated parties with access to sensitive data, who may not
be pursuing partnerships with the Australian Signals Directorate. This
calls for greater awareness and protection against the increasingly determined
and advanced attacks launched.
The Bottom Line
Although this blog focuses on
acts against large Australian mining and resources sectors, Mandiant has
observed these APT actors often focusing their attention on other sectors such
as defence, telecommunications, agriculture, political organizations, high
technology, transportation, and aerospace, among others. But the broader lesson
and message—drawing from U.S. and European experience with Chinese attacks—is
that no one is or will be exempt. For all Australian businesses and
governments, it’s time to fortify defences for a new era of cyber security.
Source: fireeye.com
No comments:
Post a Comment