Historically, state-sponsored IP thieves have used legitimate-looking domains and email addresses to trick victims into opening an email and link that gives the thief access to the infrastructure of an institution’s network.
We call that trick “impersonation.”
But what if the email or domain is legitimate?
In other words, what if the IP thieves have gained the cooperation of insiders of that institution, thereby permitting the thieves to use that institution’s credentials to convince you of its legitimacy?
That we call something else. That we call “conspiracy.”
Well, that’s one of many things the Chinese state-sponsored IP thieves did (along with their co-conspirators) as detailed in a July 19, 2021, U.S. Department of Justice (DOJ) announcement:
“Four Chinese Nationals Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information… Alleges Three Defendants Were Officers in the Hainan State Security Department (HSSD), a provincial arm of China’s Ministry of State Security (MSS).
Typical of “impersonation” is what the IP thieves in this indictment did over the years:
“Members of the conspiracy registered and used malicious and deceptive web domains to store malware until it was used on a particular system, to send spear-phishing emails to intended victims, to store data stolen from victims, and as command and control domains for the purpose of controlling malware.”
But the IP thieves did not just rely on deceptive web domains:
“As alleged, the charged MSS officers coordinated with staff and professors at various universities in Hainan and elsewhere in China to further the conspiracy’s goals.
“Not only did such universities assist the MSS in identifying and recruiting hackers and linguists to penetrate and steal from the computer networks of targeted entities, including peers at many foreign universities, but personnel at one identified Hainan-based university also helped support and manage Hainan Xiandun as a front company, including through payroll, benefits and a mailing address.”
Chinese state hackers conspiring with Chinese educational institutions to steal.
Let that sink in.
Of course, none of this surprises us.
Disclaimer: IPProbe.Global is a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and not intended to provide legal or other professional advice.