New data shows China has “taken the gloves off” in hacking attacks on US

Enlarge / Well, that whole thing clearly worked out well, didn’t it? (credit: JASON LEE/AFP/Getty Images)

Remember the good old days, when the US and China were supposedly working out new norms for the cybers, and China was going to stop all that hacking of US companies to steal intellectual property? It turns out the Chinese were just upping their hacking game, improving their operational security and penetration skills—learning from the methods of their Russian counterparts.

A recent example of that “island hopping” tactic is the “Cloud Hopper” hacking campaign, active since at least May of 2016. In October, DHS issued a new alert on the campaign, warning of a surge in activity by the campaign over the past few months. Cloud Hopper has been attributed to the threat group known as APT 10, aka Stone Panda—a hacking group that has been tied to the Chinese Ministry of State Security’s Tianjin Bureau.

Based on data from incident response companies gathered by the security software vendor Carbon Black, China is now the leading source of cyber-attacks. Of 113 investigations conducted by Carbon Black’s incident response partners in the third quarter of 2018, nearly half—47 in total—came from China or Russia.