Multiple arms of the US government issued warnings this week to private companies and contractors about a prolonged cyber espionage campaign which has centered around the theft of sensitive business information, according to documents obtained by Motherboard.
The hackers have been in some systems for over a year before being detected and have deployed a wide range of different types of malware, using infrastructure originating from China, according to an FBI document.
“The FBI has obtained information regarding multiple malicious cyber actor groups that have compromised sensitive business information from US commercial and government networks through cyber espionage,” reads a May 2 FBI alert from the agency's cyber division. In what is potentially a sign of how serious the attacks are, the Department of Homeland Security (DHS) released a related Joint Analysis Report, and the Defense Security Service (DSS), which is part of the Department of Defense (DoD), distributed its own Cyber Alert.
“For all three to do anything coordinated is usually interesting,” Robert M. Lee, a former US Air Force cyber warfare operations officer and founder and CEO of Dragos Security, told Motherboard in a Twitter message. However, Lee said this sort of coordination all depends on the subject matter and what prompted the agencies to publish together, which is not immediately clear. The DSS did not respond to a request for comment on this point.
“The reports provide validated malicious domains associated with command and control functions of customized malicious software or that have been identified hosting malicious files,” reads the DSS alert, also obtained by Motherboard.