Infosec 2013: BAE Systems Detica claims China hacking group has "restarted espionage campaigns"

Security group BAE Systems Detica has stuck its oar into the ongoing saga surrounding China’s alleged involvement in cyber attacks on foreign organisations, announcing at Infosec that the Shanghai hacking unit levelled with major accusations in February is active once again.

Having launched its new intelligence tool Detica CyberReveal and announced a security partnership with Formula 1 group McLaren here at Earls Court, London, the firm is continuing a busy week by releasing a statement reporting its research on the supposed Chinese hackers.

David Garfield, Managing Director of Cyber Security at BAE Systems Detica, refused to comment on the validity of the original claims made by US security company Mandiant against the Chinese military division, but said “we can state that the espionage group in question went immediately quiet on the day of this revelation and that neither we nor our contacts have seen activity since. Until now that is - when Detica researchers picked up the first signs that the group may be re-starting their espionage campaigns.”

The statement continues, “Detica researchers have obtained a copy of malware that has all the hallmarks of being crafted by this espionage group. This malware was created in the last week and contains a PDF (opened as a decoy when the recipient of a spear-phishing email clicks on it) which contains the agenda of an upcoming US defence conference which is consistent with the mode of operation of these particular attackers. The conference, taking place at the end of this month fits with the style of event which is commonly used as a 'lure' for this group, and others of its kind.

"The activity we have detected indicates that the espionage group was lying low until the attention around their activities died down before getting back to 'business-as-usual'.”

The claims appear to be an attempt from BAE Detica to make its presence felt at a ferociously busy Infosec, perhaps drawing attention to the announcements the group has made this week. But the move nevertheless adds to the cacophony of noise relating to China’s conduct in cyber space, in a year that has seen the New York Times, Wall Street Journal and other western organisations claim they were hacked by Chinese groups.

For its part, the People’s Republic has repeatedly denied the accusations, and indeed stated that the US has been behind cyber attacks on its own military websites.