A group of highly trained Chinese hackers have allegedly gained access to defense, commercial and political organizations worldwide and stole sensitive information, researchers from Dell SecureWorks Counter Threat Unit, a division of Dell Tech Company, said on Wednesday, July 5.
According to the researchers, the group, nicknamed Emissary Panda by another research firm, carried out sophisticated and specialized cyberattacks that were rarely seen before among Chinese hackers.
"In the instances we were able to observe them, they had very specific organizations and projects in mind that they were pursuing, and the broad spectrum of industry verticals they targeted indicated they were more of a surgical tool used to take specific things from specific organizations, rather than the smash and grab, take everything type," Aaron Hackworth, Dell SecureWorks senior distinguished engineer, said.
According to a CNN report, the research results showed a contradicting view of Chinese cyber thieves who would take everything they can get their hands on. But now, their actions were different.
FBI Director James Comey said in a "60 Minutes" interview that China's hacking groups were like a drunken thief.
"They're kicking in the front door, knocking over the vase, while they're walking out with your television set. They're just prolific. Their strategy seems to be: We'll just be everywhere all the time. And there's no way they can stop us," Comey said.
The researchers added that they have monitored the group back in 2013, when they attacked the Russian embassy in Washington and a Spanish defense firm into what was called a watering hole attack, where the hackers turned the website against visitors to spread malicious software.
Dell researchers have observed that since then, the hackers attacked several targets that included major U.S. defense contractors, aerospace firms, automakers, the energy sector, law firms handling sensitive business deals, and political targets that included Chinese ethnic minorities.
Dell said that they were able to identify the hackers due to their last target, the Chinese ethnic minorities, and also the hours that the group operates, the particular malicious software it uses, and the use of search engine Baidu. Although the hackers did not connect to the Chinese government, industry experts consider most Chinese cyber groups to be working for Beijing.
The CNN report said that the group were not able to break into the companies, but were able to steal sensitive data as well.
Hackworth said that the researchers have observed more than 100 watering hole traps on websites worldwide and identified 50 targets in the U.S. and the U.K., but did not disclose the names of the victims.
Hackworth added that once the group managed to enter into an organization's networks, they will access credentials within hours. He added that the hackers make detailed lists of everything for days or weeks, returning only to take a select few items.
The researchers said that they believe they are dealing with a group that is the best of the best because of the precision and sophisticated organizational structure through which the hackers conducted their operation.