Trending News
Home / Cyber / US’s greatest cyber threat is cyber espionage and intellectual property theft from Russia, China, North Korea, and Iran

US’s greatest cyber threat is cyber espionage and intellectual property theft from Russia, China, North Korea, and Iran

America’s greatest vulnerability is its continued inability to acknowledge the extent of its adversaries’ capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group.  The adversarial states in question are what U.S. intelligence agencies call the “big four”: Russia, China, North Korea, and Iran.”


“We’re vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea — no one in the U.S. cybersecurity services believed the North Koreans could actually do that,” Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.


The United States is closely monitoring cyberattack risks from North Korea and other countries on global supply chains amid the novel coronavirus pandemic, US Acting Secretary of Homeland Security Chad Wolf said in May 2020. “I talked a lot about nation state threats, and how those manifest different ways whether it’s China, Iran, or everything in between, North Korea. From a cyber perspective, we’re very concerned about that,” he said at a US Chamber of Commerce event.


US Representative James Langevin, who serves on the Committee of Armed Services, voiced similar concerns, saying North Korea was one of the top four countries posing a cyberthreat, with Russia, China and Iran being the other three. “North Korea has invested heavily in disruptive and mine and offensive cyber capabilities as of Russia, China, Iran as well as other nations,” he told the Voice of America at a forum hosted by the Center for Strategic and International Studies in May 2020.


According to the National Counterintelligence and Security Center  annual report ‘Foreign Economic Espionage in Cyber,’  Foreign economic and industrial espionage against the United States continues to represent a significant threat to America’s prosperity, security, and competitive advantage. China, Russia, and Iran stand out as three of the most capable and active cyber actors tied to economic espionage and the potential theft of U.S. trade secrets and proprietary information,it said .


“Despite advances in cybersecurity, cyber espionage continues to offer threat actors a relatively low-cost, high-yield avenue of approach to a wide spectrum of intellectual property,” it said. “We anticipate that China, Russia, and Iran will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace. All will almost certainly continue to deploy significant resources and a wide array of tactics to acquire intellectual proper .


Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. “It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data.”


Employees at both small companies and defense giants like Lockheed Martin Corp., Raytheon Co., Boeing Co., Airbus Group and General Atomics were targeted by the hackers. The hackers known as Fancy Bear, who also intruded in the U.S. election, went after at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms or other sensitive activities, the AP found.


The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies,” said Charles Sowell, a former senior adviser to the U.S. Office of the Director of National Intelligence. “And if those programs are compromised in any way, then our competitive advantage and our defense is compromised.”


Cloud networks and the Next-generation technologies, such as Artificial Intelligence (AI) and the Internet-of-Things (IoT) will introduce new vulnerabilities to U.S. networks for which the cybersecurity community remains largely unprepared. Building an effective response will require understanding economic espionage as a worldwide, multi-vector threat to the integrity of the U.S. economy and global trade.

Cyber Espionage Threat

China is alleged to be carrying out widespread efforts to acquire U.S. military technology and classified information and the trade secrets of U.S. companies. The Chinese government is accused of stealing trade secrets and technology, often from companies in the United States, to help support its long-term military and commercial development. China has been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities and a network of scientific, academic and business contacts.


China and its proxies have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments and testing from networks and personnel affiliated with COVID-19-related research, which could jeopardize the delivery of secure, effective and efficient treatment options, the FBI and CISA warned in May 2020 .


In Nov 2017,  US  charged three Chinese nationals for hacking Moody’s Analytics, Siemens and GPS maker Trimble, accusing them of stealing sensitive information including emails of a prominent employee at Moody’s and intellectual property. The accused allegedly entered company networks using spear phishing emails with attachments and links to malicious software. When employees clicked on the links, the hackers would gain access to the computers, and search for  confidential commercial information.  The U.S. Justice Department in Jan 2016 charged six Chinese scientists for stealing trade secrets and engaging in industrial espionage on behalf of China.


Defense Department’s annual report to Congress on China’s capabilities, asserts that China’s military conducted cyber probes and intrusions against U.S. computer networks to support intelligence collection and electronic warfare. “China is using its cyber capabilities to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs,” the defense department said in the report.


Highlighting what the Pentagon describes as China’s focus on improving cyber capabilities to counter a “stronger foe,” the report said information gleaned by hackers “could inform Chinese military planners’ work to build a picture of U.S. defense networks, logistics, and related military capabilities that could be exploited during a crisis.” “The accesses and skills required for these intrusions are similar to those necessary to conduct cyber attacks,” according to the report. The intelligence gathering could also provide the ruling Communist Party “insights into U.S. leadership perspectives on key China issues.”


Moscow has used cyber operations to collect intellectual property data from U.S. energy, healthcare, and technology  companies. Moscow’s military modernization efforts also likely will be a motivating factor for Russia to steal U.S. intellectual property. An aggressive and capable collector of sensitive U.S. technologies, Russia uses cyberspace as one of many methods for obtaining the necessary know-how and technology to grow and modernize its economy. Obtaining sensitive U.S. defense industry data could provide Moscow with economic (e.g. in foreign military sales) and security advantages as Russia continues to strengthen and modernize its military forces. Indeed, Russian cyber actors are continuing to develop their cyber tradecraft—such as using open-source hacking tools that minimize forensic connections to Russia.


Iranian cyber activities are often focused on Middle Eastern adversaries, such as Saudi Arabia and Israel; however, in 2017 Iran also targeted U.S. networks. A subset of this Iranian cyber activity aggressively targeted U.S. technologies with high value to the Iranian government. The loss of sensitive information and technologies not only presents a significant threat to U.S. national security. It also enables Tehran to develop advanced technologies to boost domestic economic growth, modernize its military forces, and increase its foreign sales.


The report also points fingers at countries with closer ties to the United States to have conducted cyber espionage and other forms of intelligence collection to obtain U.S. technology, intellectual property, trade secrets, and proprietary information. U.S. allies or partners often take advantage of the access they enjoy to collect sensitive military and civilian technologies and to acquire know-how in priority sectors.


Emerging threat: Software Supply Chain Operations

2017  represented a watershed in the reporting of software supply chain operations. In 2017, seven significant events were reported in the public domain compared to only four between 2014 and 2016. As the number of events grows, so too are the potential impacts.Hackers are clearly targeting software supply chains to achieve a range of potential effects to include cyber espionage, organizational disruption, or demonstrable financial impact.


Floxif infected 2.2 million worldwide CCleaner customers with a backdoor. The hackers specifically targeted 18 companies and infected 40 computers to conduct espionage to gain access to Samsung, Sony, Asus, Intel, VMWare, O2, Singtel, Gauselmann, Dyn, Chunghwa and Fujitsu. Hackers corrupted software distributed by the South Korea-based firm Netsarang, which sells enterprise and network management tools. The backdoor enabled downloading of further malware or theft of information from hundreds of companies in energy, financial services, manufacturing, pharmaceuticals, telecommunications, and transportation industries.


US accuses China for carrying widespread economic espionage and intellectual property theft

Chinese hackers have targeted more than two dozen universities in the U.S. and around the globe as part of an elaborate scheme to steal research about maritime technology being developed for military use, according to cybersecurity experts and current and former U.S. officials. The University of Hawaii, the University of Washington and Massachusetts Institute of Technology are among at least 27 universities in the U.S., Canada and Southeast Asia that Beijing has targeted, according to iDefense, a cybersecurity intelligence unit of Accenture Security.


iDefense said it identified targeted universities by observing that their networks were pinging servers located in China and controlled by a Chinese hacking group known to researchers interchangeably as Temp.Periscope, Leviathan or Mudcarp. Researchers at the U.S. cyber firm FireEye , who have studied the same group, said the iDefense findings were generally consistent with their own intelligence.


The majority of the universities targeted either house research hubs focused on undersea technology or have faculty on staff with extensive experience in a relevant field, and nearly all have links to a Massachusetts oceanographic institute that also was likely compromised in the cyber campaign, iDefense said. Some have been awarded contracts by the Navy. Others, including Sahmyook University in South Korea, appeared to be targeted due to their proximity to China, and relevance to the South China Sea, the analysts said.


The Chinese hacking group, which multiple security firms and officials have linked to Beijing, is the same one that has been linked to breaches of Navy contractors and subcontractors that have resulted in the theft of sensitive military information, such as submarine missile plans and ship-maintenance data.


The Obama administration in May 2015, indicted a Chinese professor Zhang Hao, 36, of Tianjin University, and the five other Chinese citizens of stealing microelectronics designs from American companies on behalf of the Chinese government.Mr. Zhang and six others took jobs at two small American technology companies, Avago Technologies and Skyworks Solutions that make a type of chip critical to cellphones.


The chip is popularly known as a filter, which is used for acoustics in mobile telephones; while the parts are small, the market for them worldwide is worth well more than $1 billion a year. According to the charges, the men took the firms’ technology back to Tianjin University, created a joint venture company with the university to produce the chips and soon were selling them both to the Chinese military and to commercial customers.


In Sep 2014, a Chinese engineer was charged with stealing millions of files of trade secrets related to engineering designs, testing data, business strategy and source code for magnetic resonance systems from GE Healthcare, According to GE and the FBI. According to the criminal complaint, GE officials discovered in June that Xie had accessed and copied about 2.4 million files — about 1.4 terabytes of data — from the company’s secure network, starting in February 2013. Much of the information was of the type Xie was not authorized to use and was not necessary to his work writing source code for magnetic resonance technology.


China, however, has continually denied it’s involved in any cyberespionage. In the past, it’s also accused the U.S. of launching cyberattacks, and pointed to leaks from former national security contractor Edward Snowden as evidence. In May 2014, the Obama administration indicted five Chinese military hackers, linked to Beijing’s key cyber warfare and cyber spying Unit 61398, for cyber attacks against U.S. companies involved in nuclear energy, steel manufacturing and solar energy.


Instead of traditional phishing that is used by scammers to send out a mass email hoping for someone to bite- the hackers used “spear phishing” that utilizes messages designed to resemble e-mails from trustworthy senders, like colleagues, and encouraged the recipients to open attached files or click on hyperlinks in the messages.


This installed malware that gave the alleged Chinese conspirators backdoor access to the company’s computers and access to corporate secrets. The hackers then methodically stole key commercial secrets, such as technical design details for Westinghouse nuclear reactor sales and solar panel technology. Internal communications containing valuable economic data were also stolen and provided by the PLA to Chinese state-run competitors.


The activities began around 2006 and continued at least through April. The companies hit by the cyber attacks include Westinghouse Electric Co., SolarWorld AG, United State Steel Corp., Allegheny Technologies Inc., the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial, and Service Workers International Union, and Alcoa.


China’s foreign ministry had called the allegations preposterous and accused the US of double standards. The assistant foreign minister, Zheng Zeguang, summoned the US ambassador, Max Baucus, to lodge a formal complaint, according to state media. The authorities in Beijing also suspended China’s role in a joint anti-cyber theft group with Washington.


Top Chinese University linked to alleged Military Cybercrime Unit

According to Reuters, Shanghai Jiaotong’s School of Information Security Engineering (SISE) and the People’s Liberation Army Unit 61398 have worked in partnership on at least three papers in recent years. PLA Unit 61398 is well-known for its alleged links to cyberattacks on the West, after a report was released by security firm Mandiant which stated that an “overwhelming” number of cyberattacks originate from the single unit in Shanghai. However, it is important to note that there is no evidence to suggest that any of these academic parties are actively involved in cybercrime or military operations. Chinese officials have vigorously denied Mandiant’s claims, dismissing the report as “groundless,” reiterating China’s official stance that cybercrime is illegal, and stating that the Asian country has also been a target of such operations.


Mitigation measures

The FBI and CISA urge all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent
surreptitious review or theft of COVID-19-related material. It recommended:

  •   Assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity.
  • Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
  • Actively scan web applications for unauthorized access, modification, or anomalous activities.
  • Improve credential requirements and require multi-factor authentication.
  • Identify and suspend access of users exhibiting unusual activity.


Decreasing the Prevalence of Economic or Industrial Espionage in Cyberspace

The U.S. Government (USG) continues to undertake numerous actions to counter economic espionage in cyberspace. Perhaps most evident are current USG efforts to protect critical infrastructure and other sensitive computer networks from malicious cyber activities. The USG also continues to work with the private sector to address science and technology gaps through cyber research and development as a way of mitigating the malicious activities of threat actors in cyberspace.


The USG will continue to improve its efforts to disrupt, deny, exploit, or increase the costs of foreign cyber operations that are targeting the nation’s most critical economic assets. Examples of USG actions include the following:

• Sharing information about cyber threats, vulnerabilities, and other risks;
• Promoting best practices, risk assessments, and capability development;
• Improving our responses to cyber incidents;
• Building and driving the market towards a more secure cyber ecosystem; and
• Partnering with allies to address cyber issues.



References and Resources also include:







About Rajesh Uppal

Check Also

North Korea perfecting ICBM capable to deliver a nuclear weapon anywhere in the United States, driving US to enhance its Ground-Based Midcourse Missile Defense (GMD)

Throughout 2017, North Korea tested several missiles demonstrating the rapid advances in its military technology. …

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!