The U.S. Attorney General's office unsealed an indictment today against two Chinese citizens believed to be part of the APT10 hacking group, which is linked to the Chinese government.
The indictment reveals key steps Chinese hackers used to steal intellectual property. Information security teams should know about these:
Companies and government agencies in 12 countries were victims in this effort, including those in Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States.
How successful were these Chinese hacking group strategies? Incredibly successful, says the U.S. Department of Justice:
"... the APT10 Group successfully obtained unauthorized access to the computers of more than 45 technology companies and U.S. Government agencies based in at least 12 states, including Arizona, California, Connecticut, Florida, Maryland, New York, Ohio, Pennsylvania, Texas, Utah, Virginia and Wisconsin. The APT10 Group stole hundreds of gigabytes of sensitive data and information from the victims’ computer systems, including from at least the following victims: seven companies involved in aviation, space and/or satellite technology; three companies involved in communications technology; three companies involved in manufacturing advanced electronic systems and/or laboratory analytical instruments; a company involved in maritime technology; a company involved in oil and gas drilling, production, and processing; and the NASA Goddard Space Center and Jet Propulsion Laboratory."
[RELATED: 4 Strategies for Global CISOs and their Security Teams]
[RESOURCE: 2019 regional cybersecurity conference calendar]