Three Pivotal APT Cyberattacks
Titan Rain (2003)
China launched this cyberattack against the United States with the goal of stealing state secrets. The APT compromised networks for NASA, FBI and other federal organizations and departments with an additional goal of stealing military data. This was a sophisticated, state-sponsored APT cyberattack. Diplomatic international relations between the United States and China changed when it had been discovered that Titan Rain was deployed by hackers within the People’s Liberation Army.
Prior to this pre-meditated attack, the Chinese government had to go through a foot printing process in which they gathered as much intelligence as possible on American networks and systems, this process likely included port scanning in order to observe communication. Titan Rain found several vulnerabilities in Federal government networks and exploited them with a series of cyberattacks.
Titan Rain was not designed to degrade and destroy information systems, it was designed to collect data and remain unnoticed on networks long enough to collect intelligence or strike the adversary with additional cyberattacks if necessary.
User education is significant as it would give technology user’s that work for the Federal government the tools and training needed to identify and report the existence of threat agents like Titan Rain.
The Chinese military was able to scan American networks and find vulnerabilities to exploit, in this particular case the cyberattacks did not occur through social engineering, but rather through network security that should have been updated to the current levels possible during that time.
Sykipot (2006)
Chinese hackers discovered vulnerabilities in the Adobe Reader and Acrobat software and exploited them on Federal systems in the United States and United Kingdom. Sykipot aimed to gather intelligence on military and critical infrastructure (CI): defense systems, telecommunications and other CIs. This APT used spear-fishing tactics on Federal networks to gain information that would lead to its unauthorized ability to connect to networks in order to gather information and conduct espionage.
The Chinese hackers needed to observe the system architecture of Federal networks in order to complete the foot printing process and gain a strategy on how to compromise systems and networks. They probably used port scanning as a part of the fingerprinting process in order to identify vulnerabilities. They also used a social engineering tactic, spear-phishing, to send malicious links to targeted individuals within the Federal government.
Sykipot was not deployed to degrade and destroy information systems, but instead had the objective of gathering intelligence and conducting espionage.
User education regarding how to respond when there is a strange email with a malicious link can help prevent these types of APTs from affecting networks.
GhostNet (2009)
GhostNet was a Chinese government operated espionage campaign that affected networks and systems in the United States and in more than 100 other countries around the world to collect intelligence on government operations. Infected systems were listened to, hackers also had the ability use the computer’s camera and audio recording programs.
The designers of the APT needed to observe hundreds of system architectures in order to figure out if this virus could be deployed on a large scale. They probably used port scanning to find vulnerabilities and exploit them using a trojan horse virus that has the ability to replicate itself. The hackers also used social engineering by spoofing emails to staff that looked legitimate; however, when employees click on the attachment it loaded the trojan horse on their system.
This APT was not designed to destroy any system or network, but install a trojan horse that would allow the Chinese government to conduct espionage.
User education and training on how to avoid clicking on malicious links even when they appear to be legitimate can assist entities from being compromised by GhostNet and similar cyberattacks.