Every defense or intelligence contractor falling under the National Industrial Security Program (NISP) or Director Central Intelligence Directives (DCID) has the requirement to protect the information and the relationship entrusted to them by virtue of their contract.
Those who use the services of a Managed Service Provider (MSP) should be having an intimate conversation with their provider sooner rather than later.
Department of Justice – Indictments re Chinese cyberespionage group Advanced Persistent Threat 10 (the APT10 Group)
The DOJ recently announced the indictment of two Chinese citizens operating under the direction of the Chinese Ministry of State Security (MSS) the Chinese intelligence entity from 2006-2018. During these 12 years of service, these individuals, associated with the APT10 Group, worked under the commercial cover mechanism of Huaying Haitai Science and Technology Development Company (Huaying Haitai). They targeted companies and governments. In the last four years of the timeframe they specifically targeted MSPs which supported both government entities and their contractors.
The DOJ indictment details how the MSPs “remotely manage the information technology infrastructure of businesses and governments around the world, more than 45 technology companies in at least a dozen U.S. states, and U.S. government agencies.”
Was your MSP one of those targeted?
The indictment identifies those targeted to be located in Arizona, California, Connecticut, Florida, Maryland, New York, Ohio, Pennsylvania, Texas, Utah, Virginia and Wisconsin. Their swath was wide, their tenure long, and the damage assessment that awaits those affected may be unfathomable. Hundreds of gigabytes of information was successfully stolen from companies within the aviation, space and satellite technology, communications technology, maritime technology and others.
The breach includes:
- At least 40 U.S. Navy computers were compromised, resulting in the loss of personal identifying information for more than 100,000 Naval personnel.
- At least 90 computers used by U.S. defense technology companies and U.S. government agencies, which included
- 7 companies in aviation, space and satellite technology
- 3 companies in communications technologies
- 3 involved in advance electronic instrumentation and laboratory analytic sciences
- NASA; and
- NASA’s Jet Propulsion Laboratory
- At least 25 other computers associated with other sciences and industries, which included the U.S. Department of Energy’s Lawrence Berkeley National Laboratory (where a portion of the U.S. research into nuclear technologies occurs).
Access to MSP clients allowed for remote access through the compromised connection between the service provider and their clients. Once data of interest was found, it was moved from the targeted entity to the provider and then onward to the Chinese MSS-directed team.
We shared previously how the Chinese are actively targeting and engaging the U.S. aviation industry for Human Intelligence (HUMINT) collection. A recent attack on the aerospace industry resulted in ten individuals being identified as working on behalf of Chinese intelligence.
Additionally, China’s use of the LinkedIn social network has been well documented, most recently by the government of France. France joined the United States, United Kingdom and Germany warning their defense and intelligence sectors to be wary of Chinese approaches via the social network.
China’s not letting up on their intelligence collection of U.S. intelligence and defense information. Facility Security Officers and their superiors must invest the time and effort to address both this cybersecurity threat and the insider threat, as they are no longer hypothetical, they are a reality.
China is coming after your personnel and information.