Iran and China’s cyberattacks against the U.S. are increasing and worse than officials previously thought, a new report has revealed.
Iran’s hacking attacks have ramped up against U.S. entities, targeting “dozens of corporations and multiple United States agencies,” seven anonymous sources told The New York Times. These numbers exceed those previously reported.
At the same time, Chinese hackers have also increased their efforts in gathering trade secrets and sensitive military data from both contractors and companies, nine intelligence sources told the Times, which unveiled its report Monday.
Spike in hacking of US networks is said to be tied to China and Iran https://t.co/1KGJsWBemS
— Great Journalists of the World (@Gander_News_f3) February 18, 2019
An intelligence briefing relayed to the Times described that Boeing, General Electric Aviation and T-Mobile were some of various entities recently targeted in China’s espionage efforts.
National Security Agency analysts, as well as those at the security firm FireEye, identified Iran as the source behind many of the recent attacks.
FireEye’s report last month identified Iran “with moderate confidence” due to evidence of hacking targets that aligned with Iranian government interests.
The report also said the Iranian hackers were conducting phishing schemes by hacking into Domain Name System (DNS) functions of notable entities from North America and the Middle East, then making their emails appear as they would from legitimate sources. The scheme would encourage more unsuspecting users to click links and attachments that would then expose their information.
“The entities targeted by this group include Middle Eastern governments whose confidential information would be of interest to the Iranian government and have relatively little financial value,” the analysts said. “A large number of organizations have been affected by this pattern of DNS record manipulation… They include telecoms and [Internet service providers], internet infrastructure providers, government and sensitive commercial entities.”
CrowdStrike researchers observed an increase in cyber activities originating from Iran immediately after President Donald Trump withdrew from the Iran nuclear agreement in May 2018, the New York Times reported at the time.
#IEWorld | Businesses and government agencies in the United States have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump’s withdrawal from the Iran nuclear deal.https://t.co/VlVpBsmvaU
— The Indian Express (@IndianExpress) February 18, 2019
Despite China’s agreement with the U.S. in 2015 that was thought to reduce espionage, China has increased the frequency of its attacks, which have also become harder to detect. Experts say these increased attacks are sparked by China’s five-year economic plan for the nation to become a leader in artificial intelligence, among other innovations.
“Some of the recent intelligence collection has been for military purposes or preparing for some future cyber conflict, but a lot of the recent theft is driven by the demands of the five-year plan and other technology strategies,” said Adam Segal, director of the Council on Foreign Relations’ cyberspace program.
In September, the Trump Administration released a Cyber Strategy for the first time in 15 years, which identified key threats and described an aggressive response to such threats.
“We cannot ignore the costs of malicious cyber activity — economic or otherwise — directed at America’s government, businesses and private individuals,” President Trump said at the time.