Chinese hackers exploited vulnerabilities in an American company's systems stemming from outdated and forgotten equipment, and were able to linger undetected for four months.
Breitbart News reports:
John Dwyer, research director for cybersecurity firm Binary Defense, said in an interview on Wednesday that Chinese state-sponsored hackers were able to infiltrate the network of a U.S.-based global engineering firm and linger for months before they were discovered.
Dwyer did not name the targeted engineering firm in his interview with The Register, or name the Chinese cyber-espionage team that penetrated its system. He said the company in question “makes components for public and private aerospace organizations and other critical sectors, including oil and gas.”
The Register inferred from Dwyer's comments that the targeted company essentially forgot about the three old servers connected to its corporate network, creating a vulnerability for the Chinese hackers to exploit. All three of the servers were exposed to the Internet without adequate protection. One of them reportedly gave full administrator powers to remote users by default, a hideous security flaw.
The AIX servers were also allegedly comfortable nests for the intruders, who lurked in the network for four months before the company detected them and called in federal law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). Binary Defense also consulted on the response, which is how Dwyer learned the details of the intrusion.
It hasn't been confirmed whether or not the spies succeeded in stealing valuable information or sabotaging their supply chain.
Dwyer said, “The scary side of it is: With our supply chain, we have an assumed risk chain, where whoever is consuming the final product – whether it is the government, the US Department of the Defense, school systems – assumes all of the risks of all the interconnected pieces of the supply chain.”
He identified the key takeaway from the fiasco being that older computers embedded in sprawling networks create massive security risks — particularly when they couldn't be updated with the same technology as the rest of the computers in the network.
When the hackers tried to steal login information from another computer on the network, they finally tipped off the firm to their presence.
China seems to have escalated its spying efforts under the current administration.
Early last year, the Chinese government flew a white balloon across the United States, that many speculated was capable of “collecting communications” based on its antennae. They faced no repercussions for the brazen act of defiance.