Thursday, 27 October 2011

China Commands And Controls

Over 90% of C&C Centres in Beijing

Last March security firm RSA revealed one of the most spectacular data breaches in history. Not because of the methods used, which were a combo of a Trojan and some fairly elementary social engineering (though perhaps understandably, RSA felt it necessary to characterise the breach as an extremely sophisticated cyber attack). Neither because of the quantity of data compromised in that one attack. But because of the sensitivity of the data, which compromised in turn the SecurID two-factor authentication products, and hence the crown jewels, of many other corporations and organisations.

Back then, security experts claimed that "dozens of other multinational companies" were simultaneously infiltrated in much the same way. In fact the truth now emerges to have been closer to 760 or more organizations, including almost 20% of Fortune 100 companies, who had their networks hit by the same resources as were used against RSA, in a series of attacks which actually began last November. Brian Krebs has the full list here.

But even more startling is the following chart, which shows the geographic distribution of the command and control networks used to coordinate these attacks:

299 of the 329 Command & Control centres are in or around Beijing.

No comments:

Post a Comment