On the second day of the 2019 International Conference on Cyber Security, three U.S. officials—Justin Lee, special agent at the FBI’s Sacramento field office; Orin Paliwoda, special agent at the FBI’s New York office; and Sagar K. Ravi, assistant U.S. attorney for the Southern District of New York—gathered in a crowded Fordham Law School room and rehashed the case.
From around 2006 to 2018, a hacking group called APT10, short for Advanced Persistent Threat 10, stole sensitive data from computers belonging to the U.S. government and more than 45 commercial and defense companies worldwide. Acting in association with the Chinese Ministry of State Security, APT10 exfiltrated confidential data related to aviation technology, satellite technology, advanced electronic systems, laboratory analytical instruments, maritime technology, oil/gas drilling, and even NASA Goddard Space Center. In December 2018, two APT10 members were indicted in the U.S.
“The fundamental question is, what does China want when it hacks? What is it looking for?” said FBI special agent Paliwoda.
Among China’s strategic intelligence priorities—aligned with some targeting priorities of APT10—are political power and stability, military power, and economic development, the agents explained. Another is much bigger.
“One of China’s goals is to replace the United States as a leading superpower, both in the cyber realm, and in space. They want to be a leading dominant force in the military. Specifically, China wants to surpass the United States in each of these categories,” said FBI special agent Lee.
There are several protective strategies for companies facing cyber threats like APT10, said Paliwoda. One of them is to assume the hackers already have access to your prime method of communication, and instead use out-of-bound communications. Another is to ensure that your communication traffic logging is as complete as possible.
“You want to make sure that you have all your tools in place to find the communication traffic that could be outside the scope of what is normal to your system, and then narrow it down to find the actual server that is possibly infected,” Paliwoda said.
What also helps, said Ravi, is teamwork, like the one shared among U.S. federal agencies to combat the China cyber threat.
“The private government partnership is so vitally important to combating these threats,” Ravi concluded. “We certainly want to work with any victims out there, to work together to continue to be able to take actions like this.”