This morning’s paper told of a massive cyber-espionage network being uncovered, with most of it leading back to China. The report, called Shadows in the Cloud: An investigation into cyber espionage 2.0 is quite revealing:
Complex cyber espionage network – Documented evidence of a cyber espionage network that compromised government, business, and academic computer systems in India, the Office of the Dalai Lama, and the United Nations. Numerous other institutions, including the Embassy of Pakistan in the United States, were also compromised. Some of these institutions can be positively identified, while others cannot.
Theft of classified and sensitive documents – Recovery and analysis of exfiltrated data, including one document that appears to be encrypted diplomatic correspondence, two documents marked “SECRET”, six as “RESTRICTED”, and five as “CONFIDENTIAL”.
Evidence of Collateral Compromise – A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan.
Command-and-control infrastructure that leverages cloud-based social media services – Documentation of a complex and tiered command and control infrastructure, designed to maintain persistence. The infrastructure made use of freely available social media systems that include Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! Mail.
Links to Chinese hacking community – Evidence of links between the Shadow network and two individuals living in Chengdu, PRC to the underground hacking community in the PRC.
Read more of the report here.