China’s spies blamed over mass data theft

China’s spies blamed over mass data theft, by Paul Malley.

Chinese intelligence services have been blamed for the most audacious, widespread data theft in history, after state-directed hackers used invasive techniques to steal commercially sensitive data from nine of the world’s largest managed service providers and scores of their smaller clients.

Australia yesterday joined ­allies including the US and Britain in condemning China over the operation, which authorities said had been under way for more than a decade and involved a mix of freelance hackers and professional cyber spies employed by the Ministry of State Security. …

In a first for Australia, Foreign Minister Marise Payne and Home Affairs Minister Peter Dutton named China as the ­architect of the operation and expressed “serious concern’’ over China’s violation of a 2017 agreement in which Beijing pledged to refrain from stealing sensitive Australian intellectual property. …

In the US, at least 45 firms were hit and more than 100,000 US Navy personnel targeted. It was not clear how many firms in Australia had been hit. …

The operation relied heavily on “spear phishing’’ techniques that target specific employees with relevant or interesting emails that appear to hail from legitimate senders. The emails contain executable files that once downloaded, install spyware on the computer.

The APT-10 operation is said to have used key-stroke loggers to steal usernames and passwords as well as Trojans, malicious software providing a backdoor into a network.

hat-tip Stephen Neil