China Steps Up US Cyberattacks As Trade Tensions Worsen

Despite signing a "digital truce" with the US in 2015 that banned the hacking of private companies, China has been green-lighting plenty of cyberattacks on US defense contractors, along with other targets, lately. And given the rising trade tensions with the US, these types of attacks are only expected to increase, according to Wired. To wit, one state-funded group recently infiltrated a Navy contractor and stole hundreds of gigabytes of information about submarines and undersea weapons, that have by now likely been handed over to the Chinese military.


As one source told Wired, China has backed off on intellectual property theft, as it promised to do when it signed the treaty. But it has more than compensated for this by redoubling its efforts to acquire US military intelligence.

"China’s actually backed off quite a bit on intellectual property theft, but when it comes to military trade secrets, military preparedness, military readiness, satellite communications, anything that involves the US’s ability to keep a cyber or military edge, China has been very heavily focused on those targets," says David Kennedy, CEO of the threat tracking firm Binary Defense Systems, who formerly worked at the NSA and with the Marine Corps' signal intelligence unit. "And the US does the same thing, by the way."

Earlier this week, analysts from Symantec published their research tracking a series of attacks carried out by suspected Chinese hackers  between November 2017 and April. The researchers dubbed the group "Thrip" - and what they have discovered is deeply troubling. The group, which the Symantec analysts have monitored since 2013, has learned to "hide in plain site" by using prefab malware to infiltrate networks, and then manipulate administrative controls to press further without tripping any alarms. Using off-the-shelf tools makes the group harder to identify. Still, the Symantec team found evidence of intrusions at some telecoms firms in southeast Asia, a US geospatial imagery company, a couple of private satellite companies including one US firm, and a US defense contractor.

And in what was probably Symantec's most alarming discovery,  the researchers learned that the hackers had managed to obtain operational control of orbiting satellite, giving them the ability to "disrupt data flows" or the satellite's trajectory.

The researchers found evidence of intrusions at some southeast Asian telecom firms, a US geospatial imagery company, a couple of private satellite companies including one from the US, and a US defense contractor. The breaches were all deliberate and targeted, and in the case of the satellite firms the hackers moved all the way through to reach the control systems of actual orbiting satellites, where they could have impacted a satellite's trajectory or disrupted data flow.

"It is scary," says Jon DiMaggio, a senior threat intelligence analyst at Symantec who leads the research into Thrip.

"We looked at which systems they were interested in, where they spent the most time, and on the satellites it was command and control. And then they were also on the operational side for both the geospatial imagery and the telecom attacks."

We should all be concerned about the increase in hacking of defense contractors because, as one of Wired's sources explains, sometimes an escalation of digital attacks can precede an armed conflict.

"Hacking can be used as a sign of force in a lot of cases to say 'hey, we’re not happy and we’re going to make you feel some pain,'" Kennedy notes. "They'll use that as a first step instead of having to send fighter jets or something."


"All of these pieces fit together," Symantec's DiMaggio says of Thrip. "It’s not targets of opportunity; it’s definitely a planned operation."

Of course, China has many options for retaliating against the US as the trade war with President Donald Trump worsens, including the so-called nuclear option: Dumping its US Treasury holdings. China's military still lags the US in terms of firepower, but the government is quickly closing that gap, and its provocations in the South China Sea could cause the already tenuous relationship between the two countries to further deteriorate.


vato poco brianshell Sat, 06/23/2018 - 15:01 Permalink

wang chung not happy at having Golden Mountain vault door locked, after all these years, so he is of course acting out. 

perhaps another $300MMM in punishing tariffs will get his mind right

c'mon, wang, you guys are supposed to be smart: extrapolate to economic terminal end game, who remains standing? Rich Big Dog or poor little dragon? hmmm?? you boys keep this chickenshit up, you're gonna lose Much Face! whole world will laugh at you!! ah hahahahahahahahahaaaaaa

like that

In reply to by brianshell

beemasters SilverRhino Sat, 06/23/2018 - 18:44 Permalink

"In its release, WikiLeaks described the primary purpose of "Marble" as to insert foreign language text into the malware to mask viruses, trojans and hacking attacks, making it more difficult for them to be tracked to the CIA and to cause forensic investigators to falsely attribute code to the wrong nation.[67] The source code revealed that Marble had examples in Chinese, Russian, Korean, Arabic and Persian.[68] These were the languages of the US's main cyber-adversaries – China, Russia, North Korea and historically, at least Iran.[69]"

If the CIA could do that, China would be one to use similar technique to cover their tracks. Why would they want to expose themselves? I'd be highly skeptical of news like this.

In reply to by SilverRhino

harrybrown Sat, 06/23/2018 - 13:09 Permalink

WTF so... JEW-S-A isnt doing any hacking of anyone then! 

Tyler how do you allow such zio cabal crap to infest & stain ZH....



ThanksIwillHav… Heros Sat, 06/23/2018 - 14:31 Permalink

"ZOG was an early hypertext system developed at Carnegie Mellon University during the 1970s by Donald McCracken and Robert Akscyn. ZOG was first developed by Allen Newell and George G. Robertson to serve as the front end for AI and Cognitive Science programs brought together at CMU for a summer workshop. The ZOG project was as an outgrowth of long-term artificial intelligence research led by Allen Newell and funded by the Office of Naval Research." -- Siri

In reply to by Heros

DavidFL Sat, 06/23/2018 - 13:11 Permalink

Amazing - we already know all security agencies have the ability to leave digital imprints which point in any direction. For all we know, it is likely a US agency intrusion; creating the case so they can go to Congress for more money! That seems plausible.

Regarding Symantec - well that company can't even develop an anti-virus which keeps a PC clean! Why the f.uck would we care about any research results they create!! And here comes the sales pitch -"It is scary," says Jon DiMaggio, a senior threat intelligence analyst at Symantec...". Thats the best this hack can come up with??

naiverealist Sat, 06/23/2018 - 13:25 Permalink

This is what adversarial countries do.   I do not hear much in the way of the government/contractor's obligation to aggressively defend against these attacks.  To lose that much "secure" information either shows the ineffectiveness of the digital defense ("security") or the failure to protect against these attacks.  Then again, these might be false flags designed to whip up the populace. . . .

Slaytheist Sat, 06/23/2018 - 13:26 Permalink

What this article won't tell you is that most of those 'off-the-shelf' hacking tools were authored by the NSA, and made highly available to anyone that wanted them.  Just like the other ABC actors, they had to help create the boogeymen, in order to expand their already illegal operations.  Hiding in plain sight, just means that they are using our own software against us.  Like the Russians have been doing.  And our own ABCs.  Don't get me started on Goog or Stasibook.

RagnarRedux Sat, 06/23/2018 - 13:32 Permalink

China doesn't need all that, it just goes shopping in Israel to get all the latest info and tech.

(1993) New York Times: C.I.A. Chief Says Israel Has Been Selling Advanced Military Technology To China For Over A Decade…

(2013) U.S. Furious With Israel For Selling Advanced Military Technology To China…

(2007) Israel Flagged As Top Spy Threat To U.S. In New NSA/Snowden Document…

Sayanim Everywhere

“Israeli spies have done more harm and have damaged the United States more than the intelligence agents of all other countries on earth combined... They are the gravest threat to our national security.”

— Admiral Bobby Inman 
    Former Deputy Director of the CIA…

Chief Joesph Sat, 06/23/2018 - 13:48 Permalink

Some of this is total garbage.  Most of the Cyber-attacks originate in this country, not China.  And if the Chinese "steal" anything, the source of the theft is somewhere in America.  This has been proven time and again.   Why they keep pumping out this nonsense is in part to bolster the trade war.  Its nothing more than propaganda, plain and simple.  But, Americans are stupid enough, and gullible enough, to believe this nonsense. 

not-me---it-wa… Sat, 06/23/2018 - 13:49 Permalink

baseless allegations, but they serve the narrative.

"...analysts from Symantec...suspected Chinese hackers....found evidence of intrusions at some telecoms firms in southeast Asia..."

sounds a lot like crowdsource finding "evidence" of russia hacking dnc servers.


ThanksIwillHav… Sat, 06/23/2018 - 14:27 Permalink

Think about it...You put your company you keep your home door open?   Ergo, assume constant hacking and build defenses...but then NSA complains that TPTB are not doing a good enough job at dumbing down the actors.  Segment/layer firewalls, honeypots, doors closed policy, no Windows.   It ain't that hard.


What if the Internet was invented in the hood???

Davidduke2000 Sat, 06/23/2018 - 14:58 Permalink

The trade is not the issue, we see trump going after anybody buying from Russia, the us has no gas no oil to sell but trump wishes he had but if he can ruin the sales for Russia maybe he can put his hands on the country and grab the resources.

The same is going on with China, China is the new lion king and the old king is fighting a losing battle.

PitBullsRule Sat, 06/23/2018 - 15:37 Permalink

I figured the Chinks were the ones slowing down my computer last month. Those fuckers are making it hard for me to keep up with the news on the web. Fortunately for us, there's nothing worse stealing.

BetterRalph Sat, 06/23/2018 - 15:53 Permalink

Who's passing out these security clearances still? 

Has anyone bothered to dismantle the Awan SpyRing Infrastructure or just blind eyes still.... 
By the FBI and DOJ actions I would have to vote Treasonous BLIND EYES still.   (even if they have five eyes, still BLIND to TREASON or domestic terrorism)

Call me when the GREEN light for hunting domestic terrorists is on.

i poop pink ic… Sun, 06/24/2018 - 00:58 Permalink

Another source told Zerohedge "now that it's legal for the U.S. government to propagandize the U.S. population, the story about "Chinese hackers" was actually planted by the U.S. 'deep state' to justify their demands for continuing increases in their own budget".