FBI opens China-related counterintelligence case every 10 hours


FBI Director Christopher Wray today offered the House Homeland Security Committee some sobering news about China: the FBI opens a new China-related counterintelligence case roughly every 10 hours.

Wray said of the nearly 5,000 active FBI counterintelligence cases underway across the U.S., almost half are related to China. He said China aims to compromise American health care organizations, pharmaceutical companies and academic institutions conducing important COVID-19 research.

“They are going after cost and pricing information, internal strategy documents, personally identifiable information – anything that can give them a competitive advantage,” Wray told House members this morning.

Wray also said the FBI has become worried about a “wider-than-ever” range of threat actors – from multinational cyber syndicates to nation-state adversaries. And they are concerned that these threat actors are targeting managed service providers (MSPs) as a way of attacking multiple victims by hacking just one provider.

The FBI Director added that China’s Ministry of State Security (MSS) pioneered the MSP attack technique and said in July the FBI indicted two Chinese hackers who worked with the Guangdong State Security Department of the MSS.

The Chinese hackers conducted a hacking campaign that lasted more than 10 years, targeting countries with high technology industries. The sectors they hit included solar energy, pharmaceuticals and defense. 

“Cybercrimes like these, directed by the Chinese government’s intelligence services, threaten not only the United States, but also every other country that supports fair play, international norms, and the rule of law, and they also seriously undermine China’s desire to become a respected leader in world affairs,” Wray said in his written testimony.

Kennan Skelly, CEO at shyftED, said there’s really nothing new about the Chinese MSPs, adding that DHS has been picking up activity by Red Apollo (Advanced Persistent Threat 10) since 2014 with the Cloud Hopper campaign.   

“MSPs are a rich target as they service many companies that fit into the 10 sectors of Chinese interest,” Skelly said.

Skelly said while MSPs aim to relieve the strain on organizations that cannot or do not want to manage their security in-house, they are equally at risk. For example, having dedicated teams and tools to protect customer organizations doesn’t mean they can lock everything down at a customer.

“Even with the right security detection and mitigation in place it only takes one employee to click on a phishing or spear phishing email to allow threat actors in,” Skelly said. “Red Apollo has had great success using both of those tactics over many years. The most crucial defense we have is still the human line of defense, and sadly that still needs a lot of work.  Until organizations begin to take security awareness seriously these threat actors will continue to prevail.”

Bob VanKirk, chief revenue officer at SonicWall, added that MSPs also need a single, centralized dashboard to more effectively manage customer networks.

“With 62 percent of Americans still working remotely, many MSPs are challenged to manage multiple customer networks from afar,” VanKirk said. “Through a single platform that tracks all its customers at once, MSPs can simplify operations and identify the new types of threat vectors to help their customers be proactive rather than reactive about a cyberattack.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.