The cybersecurity group iDefense told the Journal that the hackers employed a complex plot to gain access to developing military technology. The Chinese operators attacked the schools in hopes of stealing secret Navy data. iDefense did not name the universities due to ongoing investigations. However, anonymous sources told the Journal that they included the Massachusetts Institute of Technology, the University of Washington, Penn State and Duke University.
Phishing for Maritime Secrets
The cyber attackers turned their attention to the universities that partner with the Navy on research for a very simple reason. The schools’ systems are less secure than those maintained by military installations.
Nearly all of the universities they targeted had some connection to the Woods Hole Oceanographic Institution. It is the largest independent oceanographic organization in America and was also likely compromised by the Chinese cyber infiltrators.
The hacking operation began with simple spearfishing emails which appear to be from partner universities. When opened, these emails released malicious software. The coordinated attack on the affected academies dates back to at least April 2017.
Navy spokesman Cmdr. J. Dorsey declined to speak specifically about the university hacks. But he told Fox News, “The Department of the Navy recognizes the serious nature of evolving cyber threats and continuously bolsters the department’s cybersecurity culture and awareness, along with our cyber defenses and information technology capabilities.”
Enemy of Many Names
The group behind the unauthorized intrusion is known by many names in cybersecurity circles. The organization’s aliases include Mudcarp, Leviathan, APT40, and Temp.Periscope. According to the Washington Post, the same group was responsible for last year’s hack of a naval contractor. There, the hackers made off with “614 gigabytes of material relating to a closely held project known as Sea Dragon.”
The data breach also saw the theft of sensitive signal, sensor, cryptographic and submarine data.
ZDNet has reported the group has been active since at least 2013. The cyber intruders previously used phishing schemes in which fake résumés delivered malware payloads via Microsoft Word and Excel documents.
A State-sponsored Attack?
The Chinese government’s possible sponsorship of the group that committed the hack is still the big question. Beijing did not comment on the latest report. But Chinese officials have strenuously denied any involvement in cyber espionage in the past.
The Asian superpower’s denials seem suspicious at best. As the Washington Post notes, the Chinese operators are responsible for several high profile hacks. The outfit has stolen designs for the Army’s Terminal High Altitude Area Defense antiballistic missile system, the F 35 joint strike fighter, and the Patriot PAC-13 missile system.
In other cases, Chinese copycat technologies, like unmanned drones, have serendipitously appeared post-data breach. And in 2014 and 2015, Chinese spies breached the personal data of over four million Office of Personnel Management employees.
With President Trump’s Chinese trade war and rising tensions between the nations due to the detainment of Huawei CFO Meng Wanzhou, we shouldn’t expect groups like Mudcarp to give up on their hacking efforts.
“They are a full-fledged operation,” said Ben Read, senior manager for cyber espionage analysis at the cybersecurity firm FireEye. “And they are not going anywhere.”