The New York Times is reporting that Unit 61398, the Chinese cyber-espionage unit that has stolen vast amounts of data from western governments and industry, has returned to its old tricks. Following the release of the Mandiant report in February 2103, the unit disappeared from the internet. However, they have now returned to the web, operating at 60% to 70% of the level there at which they were working before Mandiant exposed them. Quoting Crowdstrike, the NYT reports that it is “business as usual” for the Chinese hackers.
Reporting on the same story, Computerworld observes that what the Unit 61398 is doing is not technically sophisticated. And this is the real lesson to be learned from Unit 61398. The Chinese are not using advanced cybertechnology to infiltrate our systems and steal our secrets — they are using simple, but effective tools. Quoting John Pescatore, director of emerging security trends at the SANS Institute:
It’s not that the Chinese have some unbeatable way of breaking into a network. What is innovative is their targeting.
What is that targeting? This diagram shows how it works:
Simple, but effective.
At Iconix, our goal is to make this threat vector less effective. Spearphishers deceive employees into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.