The Problem with Unemployed Chinese Hackers
A recent rash of ransomware attacks, involving more sophisticated techniques associate with Chinese government supported hackers have experts wondering if they are being perpetrated by cyber spies that were formerly working for the Chinese government. Faced with a loss of income, they may have turned to large scale ransomware attacks, where they infect a company’s network and lock them out until they are paid a ransom, as a way to make money.
Over the course of three months, Dell SecureWorks has investigated at least three different attacks on American companies. By attacking and exploiting vulnerabilities in application servers, the hackers were able to spread ransomware. The type of attacks, and that they are against companies, imply that the hackers may be using techniques and entry points they learned while spying.
Though typically companies refuse to be identified, we know this particular attack was against a transportation company and that Dell SecureWorks is not the only security firm investigating large scale ransomware attacks on businesses. Since December, InGuardians, Attack Research, and G-C Partners have all looked into possible instances of ransomware being found on a company’s system.
Though China denies any involvement in the recent attacks, it is possible they are being carried out by hackers who formerly worked for the Chinese government, but now find themselves out of work thanks to last year’s China-US anti-hacking agreement. Rather than using their skills for spying, they’ve turned criminal and are using them for a quick cash grab.