News broke this morning that a cyber-espionage group, historically believed to be operating in the interests of the Chinese government is believed to have hacked a UK government contractor from where security researchers found evidence that attackers stole information related to UK government departments and military technology.
Attackers used never-before-seen tools, old malware, but also employed legitimate apps found on the compromised systems in an attempt to remain undetected for as long as possible. Andy Norton, Director of Threat Intelligence at Lastline commented below.
Andy Norton, Director of Threat Intelligence at Lastline:
“Espionage by foreign governments should not come as a shock to anyone, these days. False Flags, Double bluffs and blatant denials should also be expected. These attack tools have been associated with a group that targeted foreign affairs ministries in the past. We do not know if the attack is limited to the UK at this point. The wide range of tools used suggests a requirement for many capabilities in the target network; from this, we can infer that Intellectual property was the target of the attack. Whether this would be considered a GDPR breach depends on the type of data exfiltrated, If policy strategy was the target of the attack, then no personally identifiable data would been impacted under GDPR regulation.”