China Hit by Rise of Attacks

China sees a major increase in infections on file-sharing sites and more targeted, localized malware threats.

Michael Standaertarchive page

January 25, 2016

China-based hackers are sometimes accused of being behind major external attacks like the one on the U.S. Office of Personnel Management, as well as acts of corporate espionage. But China has worsening internal problems, too.

In September, a counterfeit copy of Apple’s Xcode software development tool was offered on a local file-sharing site, leading to infections on iPhone apps created with the fake tool. The hack, which ended up affecting more than 100 million mostly China-based iPhone users, was Apple’s biggest security breach to date.

A possibly even larger hack was an October attack on NetEase, one of the top social-media and news platforms in China. A hack of its 163.com e-mail system, which is still under investigation, potentially exposed the aliases, security questions and answers, passwords, and other data of hundreds of millions of primarily Chinese users.

Hong Jia, a cofounder of the China-based threat intelligence firm ThreatBook and former cybersecurity expert at Microsoft, says companies and individuals in China are beginning to wake up to the threat. “Enterprises [in China] know that someday they will get targeted and a whole company can be exposed by an attack,” Hong said in an interview at the Association of Anti-Virus Asia Researchers International Conference, held in December in Danang, Vietnam.

According to a survey by auditing firm PricewaterhouseCoopers, over the past year companies in China and Hong Kong saw around 1,245 attacks each on average, compared with 241 the year before. In addition to big hacks like the iPhone incident, Chinese companies have experienced a rapidly rising number of attacks that use so-called social engineering to trick individuals into clicking links that download malware onto the user’s computer. “The threats you see in China are really, really targeted,” Ingvar Froiland, director and general manager for the security company F-Secure, said in an interview at the Danang conference. Froiland said the threats are often language-specific or event-specific—such as targeted attacks during Chinese New Year and other holidays. He added that they also may be system- and application-specific: for example, they are sometimes launched through games that may not be used widely outside China, or through file-sharing sites accessed mainly by Chinese users.

At Chinese companies, attacks are rising sharply. And Chinese hackers are launching more internal attacks through local file-sharing sites and games used mainly within the country.

Chinese authorities even discovered a “hacking village” last year. In a mostly rural area bordering Vietnam, large numbers of people were involved in cybercrime, cyberfraud, and hacking, often using the popular QQ instant messaging software run by Tencent, one of the world’s biggest Internet companies.

At the Danang conference, Liu Zhao, an antimalware analyst at Tencent, said he has been finding increasing numbers of new tricks deployed by hackers in China, including malicious files masquerading as harmless icons attached to documents sent to specific victims. Real-world parent-teacher, school-student, or business-consumer relationships—often discovered from stolen e-mails—are sometimes used for extortion, he added.

To fight targeted attacks, Hong said, analysts are working on analyzing traffic flowing from computer addresses and domain names to find the source, such as the hacking village. “We can see … what person might be behind it,” Hong said. Adding to China’s woes is that citizens often do not add protections to their mobile devices. Worldwide, “awareness of threats to mobile devices is not there yet,” Froiland said.